Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/sys/contrib/openzfs/lib/libzfs/libzfs_crypto.c
48378 views
1
// SPDX-License-Identifier: CDDL-1.0

2
/*

3
 * CDDL HEADER START

4
 *

5
 * This file and its contents are supplied under the terms of the

6
 * Common Development and Distribution License ("CDDL"), version 1.0.

7
 * You may only use this file in accordance with the terms of version

8
 * 1.0 of the CDDL.

9
 *

10
 * A full copy of the text of the CDDL should have accompanied this

11
 * source.  A copy of the CDDL is also available via the Internet at

12
 * http://www.illumos.org/license/CDDL.

13
 *

14
 * CDDL HEADER END

15
 */

16


17
/*

18
 * Copyright (c) 2017, Datto, Inc. All rights reserved.

19
 * Copyright 2020 Joyent, Inc.

20
 */

21


22
#include <sys/zfs_context.h>

23
#include <sys/fs/zfs.h>

24
#include <sys/dsl_crypt.h>

25
#include <libintl.h>

26
#include <termios.h>

27
#include <signal.h>

28
#include <errno.h>

29
#include <openssl/evp.h>

30
#if LIBFETCH_DYNAMIC

31
#include <dlfcn.h>

32
#endif

33
#if LIBFETCH_IS_FETCH

34
#include <sys/param.h>

35
#include <stdio.h>

36
#include <fetch.h>

37
#elif LIBFETCH_IS_LIBCURL

38
#include <curl/curl.h>

39
#endif

40
#include <libzfs.h>

41
#include <libzutil.h>

42
#include "libzfs_impl.h"

43
#include "zfeature_common.h"

44


45
/*

46
 * User keys are used to decrypt the master encryption keys of a dataset. This

47
 * indirection allows a user to change his / her access key without having to

48
 * re-encrypt the entire dataset. User keys can be provided in one of several

49
 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys

50
 * are converted to binary and passed into the kernel. Password based keys are

51
 * a bit more complicated. Passwords alone do not provide suitable entropy for

52
 * encryption and may be too short or too long to be used. In order to derive

53
 * a more appropriate key we use a PBKDF2 function. This function is designed

54
 * to take a (relatively) long time to calculate in order to discourage

55
 * attackers from guessing from a list of common passwords. PBKDF2 requires

56
 * 2 additional parameters. The first is the number of iterations to run, which

57
 * will ultimately determine how long it takes to derive the resulting key from

58
 * the password. The second parameter is a salt that is randomly generated for

59
 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of

60
 * attackers cannot reasonably generate a table of commonly known passwords to

61
 * their output keys and expect it work for all past and future PBKDF2 users.

62
 * We store the salt as a hidden property of the dataset (although it is

63
 * technically ok if the salt is known to the attacker).

64
 */

65


66
#define	MIN_PASSPHRASE_LEN 8

67
#define	MAX_PASSPHRASE_LEN 512

68
#define	MAX_KEY_PROMPT_ATTEMPTS 3

69


70
static int caught_interrupt;

71


72
static int get_key_material_file(libzfs_handle_t *, const char *, const char *,

73
    zfs_keyformat_t, boolean_t, uint8_t **, size_t *);

74
static int get_key_material_https(libzfs_handle_t *, const char *, const char *,

75
    zfs_keyformat_t, boolean_t, uint8_t **, size_t *);

76


77
static zfs_uri_handler_t uri_handlers[] = {

78
	{ "file", get_key_material_file },

79
	{ "https", get_key_material_https },

80
	{ "http", get_key_material_https },

81
	{ NULL, NULL }

82
};

83


84
static int

85
pkcs11_get_urandom(uint8_t *buf, size_t bytes)

86
{

87
	int rand;

88
	ssize_t bytes_read = 0;

89


90
	rand = open("/dev/urandom", O_RDONLY | O_CLOEXEC);

91


92
	if (rand < 0)

93
		return (rand);

94


95
	while (bytes_read < bytes) {

96
		ssize_t rc = read(rand, buf + bytes_read, bytes - bytes_read);

97
		if (rc < 0)

98
			break;

99
		bytes_read += rc;

100
	}

101


102
	(void) close(rand);

103


104
	return (bytes_read);

105
}

106


107
static int

108
zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str,

109
    zfs_keylocation_t *restrict locp, char **restrict schemep)

110
{

111
	*locp = ZFS_KEYLOCATION_NONE;

112
	*schemep = NULL;

113


114
	if (strcmp("prompt", str) == 0) {

115
		*locp = ZFS_KEYLOCATION_PROMPT;

116
		return (0);

117
	}

118


119
	regmatch_t pmatch[2];

120


121
	if (regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch),

122
	    pmatch, 0) == 0) {

123
		size_t scheme_len;

124


125
		if (pmatch[1].rm_so == -1) {

126
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

127
			    "Invalid URI"));

128
			return (EINVAL);

129
		}

130


131
		scheme_len = pmatch[1].rm_eo - pmatch[1].rm_so;

132


133
		*schemep = calloc(1, scheme_len + 1);

134
		if (*schemep == NULL) {

135
			int ret = errno;

136


137
			errno = 0;

138
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

139
			    "Invalid URI"));

140
			return (ret);

141
		}

142


143
		(void) memcpy(*schemep, str + pmatch[1].rm_so, scheme_len);

144
		*locp = ZFS_KEYLOCATION_URI;

145
		return (0);

146
	}

147


148
	zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation"));

149
	return (EINVAL);

150
}

151


152
static int

153
hex_key_to_raw(char *hex, int hexlen, uint8_t *out)

154
{

155
	int ret, i;

156
	unsigned int c;

157


158
	for (i = 0; i < hexlen; i += 2) {

159
		if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) {

160
			ret = EINVAL;

161
			goto error;

162
		}

163


164
		ret = sscanf(&hex[i], "%02x", &c);

165
		if (ret != 1) {

166
			ret = EINVAL;

167
			goto error;

168
		}

169


170
		out[i / 2] = c;

171
	}

172


173
	return (0);

174


175
error:

176
	return (ret);

177
}

178


179


180
static void

181
catch_signal(int sig)

182
{

183
	caught_interrupt = sig;

184
}

185


186
static const char *

187
get_format_prompt_string(zfs_keyformat_t format)

188
{

189
	switch (format) {

190
	case ZFS_KEYFORMAT_RAW:

191
		return ("raw key");

192
	case ZFS_KEYFORMAT_HEX:

193
		return ("hex key");

194
	case ZFS_KEYFORMAT_PASSPHRASE:

195
		return ("passphrase");

196
	default:

197
		/* shouldn't happen */

198
		return (NULL);

199
	}

200
}

201


202
/* do basic validation of the key material */

203
static int

204
validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat,

205
    const char *key, size_t keylen, boolean_t do_verify)

206
{

207
	switch (keyformat) {

208
	case ZFS_KEYFORMAT_RAW:

209
		/* verify the key length is correct */

210
		if (keylen < WRAPPING_KEY_LEN) {

211
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

212
			    "Raw key too short (expected %u)."),

213
			    WRAPPING_KEY_LEN);

214
			return (EINVAL);

215
		}

216


217
		if (keylen > WRAPPING_KEY_LEN) {

218
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

219
			    "Raw key too long (expected %u)."),

220
			    WRAPPING_KEY_LEN);

221
			return (EINVAL);

222
		}

223
		break;

224
	case ZFS_KEYFORMAT_HEX:

225
		/* verify the key length is correct */

226
		if (keylen < WRAPPING_KEY_LEN * 2) {

227
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

228
			    "Hex key too short (expected %u)."),

229
			    WRAPPING_KEY_LEN * 2);

230
			return (EINVAL);

231
		}

232


233
		if (keylen > WRAPPING_KEY_LEN * 2) {

234
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

235
			    "Hex key too long (expected %u)."),

236
			    WRAPPING_KEY_LEN * 2);

237
			return (EINVAL);

238
		}

239


240
		/* check for invalid hex digits */

241
		for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) {

242
			if (!isxdigit(key[i])) {

243
				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

244
				    "Invalid hex character detected."));

245
				return (EINVAL);

246
			}

247
		}

248
		break;

249
	case ZFS_KEYFORMAT_PASSPHRASE:

250
		/*

251
		 * Verify the length is within bounds when setting a new key,

252
		 * but not when loading an existing key.

253
		 */

254
		if (!do_verify)

255
			break;

256
		if (keylen > MAX_PASSPHRASE_LEN) {

257
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

258
			    "Passphrase too long (max %u)."),

259
			    MAX_PASSPHRASE_LEN);

260
			return (EINVAL);

261
		}

262


263
		if (keylen < MIN_PASSPHRASE_LEN) {

264
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

265
			    "Passphrase too short (min %u)."),

266
			    MIN_PASSPHRASE_LEN);

267
			return (EINVAL);

268
		}

269
		break;

270
	default:

271
		/* can't happen, checked above */

272
		break;

273
	}

274


275
	return (0);

276
}

277


278
static int

279
libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter,

280
    boolean_t new_key, const char *fsname,

281
    char **restrict res, size_t *restrict reslen)

282
{

283
	FILE *f = stdin;

284
	size_t buflen = 0;

285
	ssize_t bytes;

286
	int ret = 0;

287
	struct termios old_term, new_term;

288
	struct sigaction act, osigint, osigtstp;

289


290
	*res = NULL;

291
	*reslen = 0;

292


293
	/*

294
	 * handle SIGINT and ignore SIGSTP. This is necessary to

295
	 * restore the state of the terminal.

296
	 */

297
	caught_interrupt = 0;

298
	act.sa_flags = 0;

299
	(void) sigemptyset(&act.sa_mask);

300
	act.sa_handler = catch_signal;

301


302
	(void) sigaction(SIGINT, &act, &osigint);

303
	act.sa_handler = SIG_IGN;

304
	(void) sigaction(SIGTSTP, &act, &osigtstp);

305


306
	(void) printf("%s %s%s",

307
	    is_reenter ? "Re-enter" : "Enter",

308
	    new_key ? "new " : "",

309
	    get_format_prompt_string(keyformat));

310
	if (fsname != NULL)

311
		(void) printf(" for '%s'", fsname);

312
	(void) fputc(':', stdout);

313
	(void) fflush(stdout);

314


315
	/* disable the terminal echo for key input */

316
	(void) tcgetattr(fileno(f), &old_term);

317


318
	new_term = old_term;

319
	new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);

320


321
	ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term);

322
	if (ret != 0) {

323
		ret = errno;

324
		errno = 0;

325
		goto out;

326
	}

327


328
	bytes = getline(res, &buflen, f);

329
	if (bytes < 0) {

330
		ret = errno;

331
		errno = 0;

332
		goto out;

333
	}

334


335
	/* trim the ending newline if it exists */

336
	if (bytes > 0 && (*res)[bytes - 1] == '\n') {

337
		(*res)[bytes - 1] = '\0';

338
		bytes--;

339
	}

340


341
	*reslen = bytes;

342


343
out:

344
	/* reset the terminal */

345
	(void) tcsetattr(fileno(f), TCSAFLUSH, &old_term);

346
	(void) sigaction(SIGINT, &osigint, NULL);

347
	(void) sigaction(SIGTSTP, &osigtstp, NULL);

348


349
	/* if we caught a signal, re-throw it now */

350
	if (caught_interrupt != 0)

351
		(void) kill(getpid(), caught_interrupt);

352


353
	/* print the newline that was not echo'd */

354
	(void) printf("\n");

355


356
	return (ret);

357
}

358


359
static int

360
get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname,

361
    zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey,

362
    uint8_t **restrict outbuf, size_t *restrict len_out)

363
{

364
	char *buf = NULL, *buf2 = NULL;

365
	size_t buflen = 0, buf2len = 0;

366
	int ret = 0;

367


368
	ASSERT(isatty(fileno(stdin)));

369


370
	/* raw keys cannot be entered on the terminal */

371
	if (keyformat == ZFS_KEYFORMAT_RAW) {

372
		ret = EINVAL;

373
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

374
		    "Cannot enter raw keys on the terminal"));

375
		goto out;

376
	}

377


378
	/* prompt for the key */

379
	if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname,

380
	    &buf, &buflen)) != 0) {

381
		free(buf);

382
		buf = NULL;

383
		buflen = 0;

384
		goto out;

385
	}

386


387
	if (!confirm_key)

388
		goto out;

389


390
	if ((ret = validate_key(hdl, keyformat, buf, buflen, confirm_key)) !=

391
	    0) {

392
		free(buf);

393
		return (ret);

394
	}

395


396
	ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2,

397
	    &buf2len);

398
	if (ret != 0) {

399
		free(buf);

400
		free(buf2);

401
		buf = buf2 = NULL;

402
		buflen = buf2len = 0;

403
		goto out;

404
	}

405


406
	if (buflen != buf2len || strcmp(buf, buf2) != 0) {

407
		free(buf);

408
		buf = NULL;

409
		buflen = 0;

410


411
		ret = EINVAL;

412
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

413
		    "Provided keys do not match."));

414
	}

415


416
	free(buf2);

417


418
out:

419
	*outbuf = (uint8_t *)buf;

420
	*len_out = buflen;

421
	return (ret);

422
}

423


424
static int

425
get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat,

426
    uint8_t **buf, size_t *len_out)

427
{

428
	int ret = 0;

429
	size_t buflen = 0;

430


431
	*len_out = 0;

432


433
	/* read the key material */

434
	if (keyformat != ZFS_KEYFORMAT_RAW) {

435
		ssize_t bytes;

436


437
		bytes = getline((char **)buf, &buflen, fd);

438
		if (bytes < 0) {

439
			ret = errno;

440
			errno = 0;

441
			goto out;

442
		}

443


444
		/* trim the ending newline if it exists */

445
		if (bytes > 0 && (*buf)[bytes - 1] == '\n') {

446
			(*buf)[bytes - 1] = '\0';

447
			bytes--;

448
		}

449


450
		*len_out = bytes;

451
	} else {

452
		size_t n;

453


454
		/*

455
		 * Raw keys may have newline characters in them and so can't

456
		 * use getline(). Here we attempt to read 33 bytes so that we

457
		 * can properly check the key length (the file should only have

458
		 * 32 bytes).

459
		 */

460
		*buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t));

461
		if (*buf == NULL) {

462
			ret = ENOMEM;

463
			goto out;

464
		}

465


466
		n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd);

467
		if (n == 0 || ferror(fd)) {

468
			/* size errors are handled by the calling function */

469
			free(*buf);

470
			*buf = NULL;

471
			ret = errno;

472
			errno = 0;

473
			goto out;

474
		}

475


476
		*len_out = n;

477
	}

478
out:

479
	return (ret);

480
}

481


482
static int

483
get_key_material_file(libzfs_handle_t *hdl, const char *uri,

484
    const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,

485
    uint8_t **restrict buf, size_t *restrict len_out)

486
{

487
	(void) fsname, (void) newkey;

488
	FILE *f = NULL;

489
	int ret = 0;

490


491
	if (strlen(uri) < 7)

492
		return (EINVAL);

493


494
	if ((f = fopen(uri + 7, "re")) == NULL) {

495
		ret = errno;

496
		errno = 0;

497
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

498
		    "Failed to open key material file: %s"), zfs_strerror(ret));

499
		return (ret);

500
	}

501


502
	ret = get_key_material_raw(f, keyformat, buf, len_out);

503


504
	(void) fclose(f);

505


506
	return (ret);

507
}

508


509
static int

510
get_key_material_https(libzfs_handle_t *hdl, const char *uri,

511
    const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,

512
    uint8_t **restrict buf, size_t *restrict len_out)

513
{

514
	(void) fsname, (void) newkey;

515
	int ret = 0;

516
	FILE *key = NULL;

517
	boolean_t is_http = strncmp(uri, "http:", strlen("http:")) == 0;

518


519
	if (strlen(uri) < (is_http ? 7 : 8)) {

520
		ret = EINVAL;

521
		goto end;

522
	}

523


524
#if LIBFETCH_DYNAMIC

525
#define	LOAD_FUNCTION(func) \

526
	__typeof__(func) *func = dlsym(hdl->libfetch, #func);

527


528
	if (hdl->libfetch == NULL)

529
		hdl->libfetch = dlopen(LIBFETCH_SONAME, RTLD_LAZY);

530


531
	if (hdl->libfetch == NULL) {

532
		hdl->libfetch = (void *)-1;

533
		char *err = dlerror();

534
		if (err)

535
			hdl->libfetch_load_error = strdup(err);

536
	}

537


538
	if (hdl->libfetch == (void *)-1) {

539
		ret = ENOSYS;

540
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

541
		    "Couldn't load %s: %s"),

542
		    LIBFETCH_SONAME, hdl->libfetch_load_error ?: "(?)");

543
		goto end;

544
	}

545


546
	boolean_t ok;

547
#if LIBFETCH_IS_FETCH

548
	LOAD_FUNCTION(fetchGetURL);

549
	char *fetchLastErrString = dlsym(hdl->libfetch, "fetchLastErrString");

550


551
	ok = fetchGetURL && fetchLastErrString;

552
#elif LIBFETCH_IS_LIBCURL

553
	LOAD_FUNCTION(curl_easy_init);

554
	LOAD_FUNCTION(curl_easy_setopt);

555
	LOAD_FUNCTION(curl_easy_perform);

556
	LOAD_FUNCTION(curl_easy_cleanup);

557
	LOAD_FUNCTION(curl_easy_strerror);

558
	LOAD_FUNCTION(curl_easy_getinfo);

559


560
	ok = curl_easy_init && curl_easy_setopt && curl_easy_perform &&

561
	    curl_easy_cleanup && curl_easy_strerror && curl_easy_getinfo;

562
#endif

563
	if (!ok) {

564
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

565
		    "keylocation=%s back-end %s missing symbols."),

566
		    is_http ? "http://" : "https://", LIBFETCH_SONAME);

567
		ret = ENOSYS;

568
		goto end;

569
	}

570
#endif

571


572
#if LIBFETCH_IS_FETCH

573
	key = fetchGetURL(uri, "");

574
	if (key == NULL) {

575
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

576
		    "Couldn't GET %s: %s"),

577
		    uri, fetchLastErrString);

578
		ret = ENETDOWN;

579
	}

580
#elif LIBFETCH_IS_LIBCURL

581
	CURL *curl = curl_easy_init();

582
	if (curl == NULL) {

583
		ret = ENOTSUP;

584
		goto end;

585
	}

586


587
	int kfd;

588
#ifdef O_TMPFILE

589
	kfd = open(getenv("TMPDIR") ?: "/tmp",

590
	    O_RDWR | O_TMPFILE | O_EXCL | O_CLOEXEC, 0600);

591
	if (kfd != -1)

592
		goto kfdok;

593
#endif

594


595
	char *path;

596
	if (asprintf(&path,

597
	    "%s/libzfs-XXXXXXXX.https", getenv("TMPDIR") ?: "/tmp") == -1) {

598
		ret = ENOMEM;

599
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "%s"),

600
		    zfs_strerror(ret));

601
		goto end;

602
	}

603


604
	kfd = mkostemps(path, strlen(".https"), O_CLOEXEC);

605
	if (kfd == -1) {

606
		ret = errno;

607
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

608
		    "Couldn't create temporary file %s: %s"),

609
		    path, zfs_strerror(ret));

610
		free(path);

611
		goto end;

612
	}

613
	(void) unlink(path);

614
	free(path);

615


616
kfdok:

617
	if ((key = fdopen(kfd, "r+")) == NULL) {

618
		ret = errno;

619
		(void) close(kfd);

620
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

621
		    "Couldn't reopen temporary file: %s"), zfs_strerror(ret));

622
		goto end;

623
	}

624


625
	char errbuf[CURL_ERROR_SIZE] = "";

626
	char *cainfo = getenv("SSL_CA_CERT_FILE"); /* matches fetch(3) */

627
	char *capath = getenv("SSL_CA_CERT_PATH"); /* matches fetch(3) */

628
	char *clcert = getenv("SSL_CLIENT_CERT_FILE"); /* matches fetch(3) */

629
	char *clkey  = getenv("SSL_CLIENT_KEY_FILE"); /* matches fetch(3) */

630
	(void) curl_easy_setopt(curl, CURLOPT_URL, uri);

631
	(void) curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);

632
	(void) curl_easy_setopt(curl, CURLOPT_TIMEOUT_MS, 30000L);

633
	(void) curl_easy_setopt(curl, CURLOPT_WRITEDATA, key);

634
	(void) curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, errbuf);

635
	if (cainfo != NULL)

636
		(void) curl_easy_setopt(curl, CURLOPT_CAINFO, cainfo);

637
	if (capath != NULL)

638
		(void) curl_easy_setopt(curl, CURLOPT_CAPATH, capath);

639
	if (clcert != NULL)

640
		(void) curl_easy_setopt(curl, CURLOPT_SSLCERT, clcert);

641
	if (clkey != NULL)

642
		(void) curl_easy_setopt(curl, CURLOPT_SSLKEY, clkey);

643


644
	CURLcode res = curl_easy_perform(curl);

645


646
	if (res != CURLE_OK) {

647
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

648
		    "Failed to connect to %s: %s"),

649
		    uri, strlen(errbuf) ? errbuf : curl_easy_strerror(res));

650
		ret = ENETDOWN;

651
	} else {

652
		long resp = 200;

653
		(void) curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &resp);

654


655
		if (resp < 200 || resp >= 300) {

656
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

657
			    "Couldn't GET %s: %ld"),

658
			    uri, resp);

659
			ret = ENOENT;

660
		} else

661
			rewind(key);

662
	}

663


664
	curl_easy_cleanup(curl);

665
#else

666
	zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

667
	    "No keylocation=%s back-end."), is_http ? "http://" : "https://");

668
	ret = ENOSYS;

669
#endif

670


671
end:

672
	if (ret == 0)

673
		ret = get_key_material_raw(key, keyformat, buf, len_out);

674


675
	if (key != NULL)

676
		fclose(key);

677


678
	return (ret);

679
}

680


681
/*

682
 * Attempts to fetch key material, no matter where it might live. The key

683
 * material is allocated and returned in km_out. *can_retry_out will be set

684
 * to B_TRUE if the user is providing the key material interactively, allowing

685
 * for re-entry attempts.

686
 */

687
static int

688
get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey,

689
    zfs_keyformat_t keyformat, const char *keylocation, const char *fsname,

690
    uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out)

691
{

692
	int ret;

693
	zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE;

694
	uint8_t *km = NULL;

695
	size_t kmlen = 0;

696
	char *uri_scheme = NULL;

697
	zfs_uri_handler_t *handler = NULL;

698
	boolean_t can_retry = B_FALSE;

699


700
	/* verify and parse the keylocation */

701
	ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc,

702
	    &uri_scheme);

703
	if (ret != 0)

704
		goto error;

705


706
	/* open the appropriate file descriptor */

707
	switch (keyloc) {

708
	case ZFS_KEYLOCATION_PROMPT:

709
		if (isatty(fileno(stdin))) {

710
			can_retry = keyformat != ZFS_KEYFORMAT_RAW;

711
			ret = get_key_interactive(hdl, fsname, keyformat,

712
			    do_verify, newkey, &km, &kmlen);

713
		} else {

714
			/* fetch the key material into the buffer */

715
			ret = get_key_material_raw(stdin, keyformat, &km,

716
			    &kmlen);

717
		}

718


719
		if (ret != 0)

720
			goto error;

721


722
		break;

723
	case ZFS_KEYLOCATION_URI:

724
		ret = ENOTSUP;

725


726
		for (handler = uri_handlers; handler->zuh_scheme != NULL;

727
		    handler++) {

728
			if (strcmp(handler->zuh_scheme, uri_scheme) != 0)

729
				continue;

730


731
			if ((ret = handler->zuh_handler(hdl, keylocation,

732
			    fsname, keyformat, newkey, &km, &kmlen)) != 0)

733
				goto error;

734


735
			break;

736
		}

737


738
		if (ret == ENOTSUP) {

739
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

740
			    "URI scheme is not supported"));

741
			goto error;

742
		}

743


744
		break;

745
	default:

746
		ret = EINVAL;

747
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

748
		    "Invalid keylocation."));

749
		goto error;

750
	}

751


752
	if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen,

753
	    do_verify)) != 0)

754
		goto error;

755


756
	*km_out = km;

757
	*kmlen_out = kmlen;

758
	if (can_retry_out != NULL)

759
		*can_retry_out = can_retry;

760


761
	free(uri_scheme);

762
	return (0);

763


764
error:

765
	free(km);

766


767
	*km_out = NULL;

768
	*kmlen_out = 0;

769


770
	if (can_retry_out != NULL)

771
		*can_retry_out = can_retry;

772


773
	free(uri_scheme);

774
	return (ret);

775
}

776


777
static int

778
derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,

779
    uint8_t *key_material, uint64_t salt,

780
    uint8_t **key_out)

781
{

782
	int ret;

783
	uint8_t *key;

784


785
	*key_out = NULL;

786


787
	key = zfs_alloc(hdl, WRAPPING_KEY_LEN);

788


789
	switch (format) {

790
	case ZFS_KEYFORMAT_RAW:

791
		memcpy(key, key_material, WRAPPING_KEY_LEN);

792
		break;

793
	case ZFS_KEYFORMAT_HEX:

794
		ret = hex_key_to_raw((char *)key_material,

795
		    WRAPPING_KEY_LEN * 2, key);

796
		if (ret != 0) {

797
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

798
			    "Invalid hex key provided."));

799
			goto error;

800
		}

801
		break;

802
	case ZFS_KEYFORMAT_PASSPHRASE:

803
		salt = LE_64(salt);

804


805
		ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material,

806
		    strlen((char *)key_material), ((uint8_t *)&salt),

807
		    sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key);

808
		if (ret != 1) {

809
			ret = EIO;

810
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

811
			    "Failed to generate key from passphrase."));

812
			goto error;

813
		}

814
		break;

815
	default:

816
		ret = EINVAL;

817
		goto error;

818
	}

819


820
	*key_out = key;

821
	return (0);

822


823
error:

824
	free(key);

825


826
	*key_out = NULL;

827
	return (ret);

828
}

829


830
static boolean_t

831
encryption_feature_is_enabled(zpool_handle_t *zph)

832
{

833
	nvlist_t *features;

834
	uint64_t feat_refcount;

835


836
	/* check that features can be enabled */

837
	if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL)

838
	    < SPA_VERSION_FEATURES)

839
		return (B_FALSE);

840


841
	/* check for crypto feature */

842
	features = zpool_get_features(zph);

843
	if (!features || nvlist_lookup_uint64(features,

844
	    spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid,

845
	    &feat_refcount) != 0)

846
		return (B_FALSE);

847


848
	return (B_TRUE);

849
}

850


851
static int

852
populate_create_encryption_params_nvlists(libzfs_handle_t *hdl,

853
    zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat,

854
    const char *keylocation, nvlist_t *props, uint8_t **wkeydata,

855
    uint_t *wkeylen)

856
{

857
	int ret;

858
	uint64_t iters = 0, salt = 0;

859
	uint8_t *key_material = NULL;

860
	size_t key_material_len = 0;

861
	uint8_t *key_data = NULL;

862
	const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL;

863


864
	/* get key material from keyformat and keylocation */

865
	ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation,

866
	    fsname, &key_material, &key_material_len, NULL);

867
	if (ret != 0)

868
		goto error;

869


870
	/* passphrase formats require a salt and pbkdf2 iters property */

871
	if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {

872
		/* always generate a new salt */

873
		ret = pkcs11_get_urandom((uint8_t *)&salt, sizeof (uint64_t));

874
		if (ret != sizeof (uint64_t)) {

875
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

876
			    "Failed to generate salt."));

877
			goto error;

878
		}

879


880
		ret = nvlist_add_uint64(props,

881
		    zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt);

882
		if (ret != 0) {

883
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

884
			    "Failed to add salt to properties."));

885
			goto error;

886
		}

887


888
		/*

889
		 * If not otherwise specified, use the default number of

890
		 * pbkdf2 iterations. If specified, we have already checked

891
		 * that the given value is greater than MIN_PBKDF2_ITERATIONS

892
		 * during zfs_valid_proplist().

893
		 */

894
		ret = nvlist_lookup_uint64(props,

895
		    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);

896
		if (ret == ENOENT) {

897
			iters = DEFAULT_PBKDF2_ITERATIONS;

898
			ret = nvlist_add_uint64(props,

899
			    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters);

900
			if (ret != 0)

901
				goto error;

902
		} else if (ret != 0) {

903
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

904
			    "Failed to get pbkdf2 iterations."));

905
			goto error;

906
		}

907
	} else {

908
		/* check that pbkdf2iters was not specified by the user */

909
		ret = nvlist_lookup_uint64(props,

910
		    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);

911
		if (ret == 0) {

912
			ret = EINVAL;

913
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

914
			    "Cannot specify pbkdf2iters with a non-passphrase "

915
			    "keyformat."));

916
			goto error;

917
		}

918
	}

919


920
	/* derive a key from the key material */

921
	ret = derive_key(hdl, keyformat, iters, key_material, salt, &key_data);

922
	if (ret != 0)

923
		goto error;

924


925
	free(key_material);

926


927
	*wkeydata = key_data;

928
	*wkeylen = WRAPPING_KEY_LEN;

929
	return (0);

930


931
error:

932
	if (key_material != NULL)

933
		free(key_material);

934
	if (key_data != NULL)

935
		free(key_data);

936


937
	*wkeydata = NULL;

938
	*wkeylen = 0;

939
	return (ret);

940
}

941


942
static boolean_t

943
proplist_has_encryption_props(nvlist_t *props)

944
{

945
	int ret;

946
	uint64_t intval;

947
	const char *strval;

948


949
	ret = nvlist_lookup_uint64(props,

950
	    zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval);

951
	if (ret == 0 && intval != ZIO_CRYPT_OFF)

952
		return (B_TRUE);

953


954
	ret = nvlist_lookup_string(props,

955
	    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval);

956
	if (ret == 0 && strcmp(strval, "none") != 0)

957
		return (B_TRUE);

958


959
	ret = nvlist_lookup_uint64(props,

960
	    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval);

961
	if (ret == 0)

962
		return (B_TRUE);

963


964
	ret = nvlist_lookup_uint64(props,

965
	    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval);

966
	if (ret == 0)

967
		return (B_TRUE);

968


969
	return (B_FALSE);

970
}

971


972
int

973
zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot,

974
    char *buf)

975
{

976
	int ret;

977
	char prop_encroot[MAXNAMELEN];

978


979
	/* if the dataset isn't encrypted, just return */

980
	if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) {

981
		*is_encroot = B_FALSE;

982
		if (buf != NULL)

983
			buf[0] = '\0';

984
		return (0);

985
	}

986


987
	ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot,

988
	    sizeof (prop_encroot), NULL, NULL, 0, B_TRUE);

989
	if (ret != 0) {

990
		*is_encroot = B_FALSE;

991
		if (buf != NULL)

992
			buf[0] = '\0';

993
		return (ret);

994
	}

995


996
	*is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0;

997
	if (buf != NULL)

998
		strcpy(buf, prop_encroot);

999


1000
	return (0);

1001
}

1002


1003
int

1004
zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props,

1005
    nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out,

1006
    uint_t *wkeylen_out)

1007
{

1008
	int ret;

1009
	char errbuf[ERRBUFLEN];

1010
	uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT;

1011
	uint64_t keyformat = ZFS_KEYFORMAT_NONE;

1012
	const char *keylocation = NULL;

1013
	zfs_handle_t *pzhp = NULL;

1014
	uint8_t *wkeydata = NULL;

1015
	uint_t wkeylen = 0;

1016
	boolean_t local_crypt = B_TRUE;

1017


1018
	(void) snprintf(errbuf, sizeof (errbuf),

1019
	    dgettext(TEXT_DOMAIN, "Encryption create error"));

1020


1021
	/* lookup crypt from props */

1022
	ret = nvlist_lookup_uint64(props,

1023
	    zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt);

1024
	if (ret != 0)

1025
		local_crypt = B_FALSE;

1026


1027
	/* lookup key location and format from props */

1028
	(void) nvlist_lookup_uint64(props,

1029
	    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);

1030
	(void) nvlist_lookup_string(props,

1031
	    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);

1032


1033
	if (parent_name != NULL) {

1034
		/* get a reference to parent dataset */

1035
		pzhp = make_dataset_handle(hdl, parent_name);

1036
		if (pzhp == NULL) {

1037
			ret = ENOENT;

1038
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

1039
			    "Failed to lookup parent."));

1040
			goto out;

1041
		}

1042


1043
		/* Lookup parent's crypt */

1044
		pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);

1045


1046
		/* Params require the encryption feature */

1047
		if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) {

1048
			if (proplist_has_encryption_props(props)) {

1049
				ret = EINVAL;

1050
				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

1051
				    "Encryption feature not enabled."));

1052
				goto out;

1053
			}

1054


1055
			ret = 0;

1056
			goto out;

1057
		}

1058
	} else {

1059
		/*

1060
		 * special case for root dataset where encryption feature

1061
		 * feature won't be on disk yet

1062
		 */

1063
		if (!nvlist_exists(pool_props, "feature@encryption")) {

1064
			if (proplist_has_encryption_props(props)) {

1065
				ret = EINVAL;

1066
				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

1067
				    "Encryption feature not enabled."));

1068
				goto out;

1069
			}

1070


1071
			ret = 0;

1072
			goto out;

1073
		}

1074


1075
		pcrypt = ZIO_CRYPT_OFF;

1076
	}

1077


1078
	/* Get the inherited encryption property if we don't have it locally */

1079
	if (!local_crypt)

1080
		crypt = pcrypt;

1081


1082
	/*

1083
	 * At this point crypt should be the actual encryption value. If

1084
	 * encryption is off just verify that no encryption properties have

1085
	 * been specified and return.

1086
	 */

1087
	if (crypt == ZIO_CRYPT_OFF) {

1088
		if (proplist_has_encryption_props(props)) {

1089
			ret = EINVAL;

1090
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

1091
			    "Encryption must be turned on to set encryption "

1092
			    "properties."));

1093
			goto out;

1094
		}

1095


1096
		ret = 0;

1097
		goto out;

1098
	}

1099


1100
	/*

1101
	 * If we have a parent crypt it is valid to specify encryption alone.

1102
	 * This will result in a child that is encrypted with the chosen

1103
	 * encryption suite that will also inherit the parent's key. If

1104
	 * the parent is not encrypted we need an encryption suite provided.

1105
	 */

1106
	if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL &&

1107
	    keyformat == ZFS_KEYFORMAT_NONE) {

1108
		ret = EINVAL;

1109
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

1110
		    "Keyformat required for new encryption root."));

1111
		goto out;

1112
	}

1113


1114
	/*

1115
	 * Specifying a keylocation implies this will be a new encryption root.

1116
	 * Check that a keyformat is also specified.

1117
	 */

1118
	if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) {

1119
		ret = EINVAL;

1120
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

1121
		    "Keyformat required for new encryption root."));

1122
		goto out;

1123
	}

1124


1125
	/* default to prompt if no keylocation is specified */

1126
	if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) {

1127
		keylocation = (char *)"prompt";

1128
		ret = nvlist_add_string(props,

1129
		    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation);

1130
		if (ret != 0)

1131
			goto out;

1132
	}

1133


1134
	/*

1135
	 * If a local key is provided, this dataset will be a new

1136
	 * encryption root. Populate the encryption params.

1137
	 */

1138
	if (keylocation != NULL) {

1139
		/*

1140
		 * 'zfs recv -o keylocation=prompt' won't work because stdin

1141
		 * is being used by the send stream, so we disallow it.

1142
		 */

1143
		if (!stdin_available && strcmp(keylocation, "prompt") == 0) {

1144
			ret = EINVAL;

1145
			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use "

1146
			    "'prompt' keylocation because stdin is in use."));

1147
			goto out;

1148
		}

1149


1150
		ret = populate_create_encryption_params_nvlists(hdl, NULL,

1151
		    B_TRUE, keyformat, keylocation, props, &wkeydata,

1152
		    &wkeylen);

1153
		if (ret != 0)

1154
			goto out;

1155
	}

1156


1157
	if (pzhp != NULL)

1158
		zfs_close(pzhp);

1159


1160
	*wkeydata_out = wkeydata;

1161
	*wkeylen_out = wkeylen;

1162
	return (0);

1163


1164
out:

1165
	if (pzhp != NULL)

1166
		zfs_close(pzhp);

1167
	if (wkeydata != NULL)

1168
		free(wkeydata);

1169


1170
	*wkeydata_out = NULL;

1171
	*wkeylen_out = 0;

1172
	return (ret);

1173
}

1174


1175
int

1176
zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp,

1177
    char *parent_name, nvlist_t *props)

1178
{

1179
	(void) origin_zhp, (void) parent_name;

1180
	char errbuf[ERRBUFLEN];

1181


1182
	(void) snprintf(errbuf, sizeof (errbuf),

1183
	    dgettext(TEXT_DOMAIN, "Encryption clone error"));

1184


1185
	/*

1186
	 * No encryption properties should be specified. They will all be

1187
	 * inherited from the origin dataset.

1188
	 */

1189
	if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) ||

1190
	    nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) ||

1191
	    nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) ||

1192
	    nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) {

1193
		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

1194
		    "Encryption properties must inherit from origin dataset."));

1195
		return (EINVAL);

1196
	}

1197


1198
	return (0);

1199
}

1200


1201
typedef struct loadkeys_cbdata {

1202
	uint64_t cb_numfailed;

1203
	uint64_t cb_numattempted;

1204
} loadkey_cbdata_t;

1205


1206
static int

1207
load_keys_cb(zfs_handle_t *zhp, void *arg)

1208
{

1209
	int ret;

1210
	boolean_t is_encroot;

1211
	loadkey_cbdata_t *cb = arg;

1212
	uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);

1213


1214
	/* only attempt to load keys for encryption roots */

1215
	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);

1216
	if (ret != 0 || !is_encroot)

1217
		goto out;

1218


1219
	/* don't attempt to load already loaded keys */

1220
	if (keystatus == ZFS_KEYSTATUS_AVAILABLE)

1221
		goto out;

1222


1223
	/* Attempt to load the key. Record status in cb. */

1224
	cb->cb_numattempted++;

1225


1226
	ret = zfs_crypto_load_key(zhp, B_FALSE, NULL);

1227
	if (ret)

1228
		cb->cb_numfailed++;

1229


1230
out:

1231
	(void) zfs_iter_filesystems_v2(zhp, 0, load_keys_cb, cb);

1232
	zfs_close(zhp);

1233


1234
	/* always return 0, since this function is best effort */

1235
	return (0);

1236
}

1237


1238
/*

1239
 * This function is best effort. It attempts to load all the keys for the given

1240
 * filesystem and all of its children.

1241
 */

1242
int

1243
zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, const char *fsname)

1244
{

1245
	int ret;

1246
	zfs_handle_t *zhp = NULL;

1247
	loadkey_cbdata_t cb = { 0 };

1248


1249
	zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);

1250
	if (zhp == NULL) {

1251
		ret = ENOENT;

1252
		goto error;

1253
	}

1254


1255
	ret = load_keys_cb(zfs_handle_dup(zhp), &cb);

1256
	if (ret)

1257
		goto error;

1258


1259
	(void) printf(gettext("%llu / %llu keys successfully loaded\n"),

1260
	    (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed),

1261
	    (u_longlong_t)cb.cb_numattempted);

1262


1263
	if (cb.cb_numfailed != 0) {

1264
		ret = -1;

1265
		goto error;

1266
	}

1267


1268
	zfs_close(zhp);

1269
	return (0);

1270


1271
error:

1272
	if (zhp != NULL)

1273
		zfs_close(zhp);

1274
	return (ret);

1275
}

1276


1277
int

1278
zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop,

1279
    const char *alt_keylocation)

1280
{

1281
	int ret, attempts = 0;

1282
	char errbuf[ERRBUFLEN];

1283
	uint64_t keystatus, iters = 0, salt = 0;

1284
	uint64_t keyformat = ZFS_KEYFORMAT_NONE;

1285
	char prop_keylocation[MAXNAMELEN];

1286
	char prop_encroot[MAXNAMELEN];

1287
	const char *keylocation = NULL;

1288
	uint8_t *key_material = NULL, *key_data = NULL;

1289
	size_t key_material_len;

1290
	boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE;

1291


1292
	(void) snprintf(errbuf, sizeof (errbuf),

1293
	    dgettext(TEXT_DOMAIN, "Key load error"));

1294


1295
	/* check that encryption is enabled for the pool */

1296
	if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {

1297
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1298
		    "Encryption feature not enabled."));

1299
		ret = EINVAL;

1300
		goto error;

1301
	}

1302


1303
	/* Fetch the keyformat. Check that the dataset is encrypted. */

1304
	keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);

1305
	if (keyformat == ZFS_KEYFORMAT_NONE) {

1306
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1307
		    "'%s' is not encrypted."), zfs_get_name(zhp));

1308
		ret = EINVAL;

1309
		goto error;

1310
	}

1311


1312
	/*

1313
	 * Fetch the key location. Check that we are working with an

1314
	 * encryption root.

1315
	 */

1316
	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);

1317
	if (ret != 0) {

1318
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1319
		    "Failed to get encryption root for '%s'."),

1320
		    zfs_get_name(zhp));

1321
		goto error;

1322
	} else if (!is_encroot) {

1323
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1324
		    "Keys must be loaded for encryption root of '%s' (%s)."),

1325
		    zfs_get_name(zhp), prop_encroot);

1326
		ret = EINVAL;

1327
		goto error;

1328
	}

1329


1330
	/*

1331
	 * if the caller has elected to override the keylocation property

1332
	 * use that instead

1333
	 */

1334
	if (alt_keylocation != NULL) {

1335
		keylocation = alt_keylocation;

1336
	} else {

1337
		ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation,

1338
		    sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE);

1339
		if (ret != 0) {

1340
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1341
			    "Failed to get keylocation for '%s'."),

1342
			    zfs_get_name(zhp));

1343
			goto error;

1344
		}

1345


1346
		keylocation = prop_keylocation;

1347
	}

1348


1349
	/* check that the key is unloaded unless this is a noop */

1350
	if (!noop) {

1351
		keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);

1352
		if (keystatus == ZFS_KEYSTATUS_AVAILABLE) {

1353
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1354
			    "Key already loaded for '%s'."), zfs_get_name(zhp));

1355
			ret = EEXIST;

1356
			goto error;

1357
		}

1358
	}

1359


1360
	/* passphrase formats require a salt and pbkdf2_iters property */

1361
	if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {

1362
		salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT);

1363
		iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS);

1364
	}

1365


1366
try_again:

1367
	/* fetching and deriving the key are correctable errors. set the flag */

1368
	correctible = B_TRUE;

1369


1370
	/* get key material from key format and location */

1371
	ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat,

1372
	    keylocation, zfs_get_name(zhp), &key_material, &key_material_len,

1373
	    &can_retry);

1374
	if (ret != 0)

1375
		goto error;

1376


1377
	/* derive a key from the key material */

1378
	ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material, salt,

1379
	    &key_data);

1380
	if (ret != 0)

1381
		goto error;

1382


1383
	correctible = B_FALSE;

1384


1385
	/* pass the wrapping key and noop flag to the ioctl */

1386
	ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN);

1387
	if (ret != 0) {

1388
		switch (ret) {

1389
		case EPERM:

1390
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1391
			    "Permission denied."));

1392
			break;

1393
		case EINVAL:

1394
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1395
			    "Invalid parameters provided for dataset %s."),

1396
			    zfs_get_name(zhp));

1397
			break;

1398
		case EEXIST:

1399
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1400
			    "Key already loaded for '%s'."), zfs_get_name(zhp));

1401
			break;

1402
		case EBUSY:

1403
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1404
			    "'%s' is busy."), zfs_get_name(zhp));

1405
			break;

1406
		case EACCES:

1407
			correctible = B_TRUE;

1408
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1409
			    "Incorrect key provided for '%s'."),

1410
			    zfs_get_name(zhp));

1411
			break;

1412
		case ZFS_ERR_CRYPTO_NOTSUP:

1413
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1414
			    "'%s' uses an unsupported encryption suite."),

1415
			    zfs_get_name(zhp));

1416
			break;

1417
		}

1418
		goto error;

1419
	}

1420


1421
	free(key_material);

1422
	free(key_data);

1423


1424
	return (0);

1425


1426
error:

1427
	zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);

1428
	if (key_material != NULL) {

1429
		free(key_material);

1430
		key_material = NULL;

1431
	}

1432
	if (key_data != NULL) {

1433
		free(key_data);

1434
		key_data = NULL;

1435
	}

1436


1437
	/*

1438
	 * Here we decide if it is ok to allow the user to retry entering their

1439
	 * key. The can_retry flag will be set if the user is entering their

1440
	 * key from an interactive prompt. The correctable flag will only be

1441
	 * set if an error that occurred could be corrected by retrying. Both

1442
	 * flags are needed to allow the user to attempt key entry again

1443
	 */

1444
	attempts++;

1445
	if (can_retry && correctible && attempts < MAX_KEY_PROMPT_ATTEMPTS)

1446
		goto try_again;

1447


1448
	return (ret);

1449
}

1450


1451
int

1452
zfs_crypto_unload_key(zfs_handle_t *zhp)

1453
{

1454
	int ret;

1455
	char errbuf[ERRBUFLEN];

1456
	char prop_encroot[MAXNAMELEN];

1457
	uint64_t keystatus, keyformat;

1458
	boolean_t is_encroot;

1459


1460
	(void) snprintf(errbuf, sizeof (errbuf),

1461
	    dgettext(TEXT_DOMAIN, "Key unload error"));

1462


1463
	/* check that encryption is enabled for the pool */

1464
	if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {

1465
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1466
		    "Encryption feature not enabled."));

1467
		ret = EINVAL;

1468
		goto error;

1469
	}

1470


1471
	/* Fetch the keyformat. Check that the dataset is encrypted. */

1472
	keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);

1473
	if (keyformat == ZFS_KEYFORMAT_NONE) {

1474
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1475
		    "'%s' is not encrypted."), zfs_get_name(zhp));

1476
		ret = EINVAL;

1477
		goto error;

1478
	}

1479


1480
	/*

1481
	 * Fetch the key location. Check that we are working with an

1482
	 * encryption root.

1483
	 */

1484
	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);

1485
	if (ret != 0) {

1486
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1487
		    "Failed to get encryption root for '%s'."),

1488
		    zfs_get_name(zhp));

1489
		goto error;

1490
	} else if (!is_encroot) {

1491
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1492
		    "Keys must be unloaded for encryption root of '%s' (%s)."),

1493
		    zfs_get_name(zhp), prop_encroot);

1494
		ret = EINVAL;

1495
		goto error;

1496
	}

1497


1498
	/* check that the key is loaded */

1499
	keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);

1500
	if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {

1501
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1502
		    "Key already unloaded for '%s'."), zfs_get_name(zhp));

1503
		ret = EACCES;

1504
		goto error;

1505
	}

1506


1507
	/* call the ioctl */

1508
	ret = lzc_unload_key(zhp->zfs_name);

1509


1510
	if (ret != 0) {

1511
		switch (ret) {

1512
		case EPERM:

1513
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1514
			    "Permission denied."));

1515
			break;

1516
		case EACCES:

1517
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1518
			    "Key already unloaded for '%s'."),

1519
			    zfs_get_name(zhp));

1520
			break;

1521
		case EBUSY:

1522
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1523
			    "'%s' is busy."), zfs_get_name(zhp));

1524
			break;

1525
		}

1526
		zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);

1527
	}

1528


1529
	return (ret);

1530


1531
error:

1532
	zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);

1533
	return (ret);

1534
}

1535


1536
static int

1537
zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props,

1538
    nvlist_t **props_out, char *errbuf)

1539
{

1540
	int ret;

1541
	nvpair_t *elem = NULL;

1542
	zfs_prop_t prop;

1543
	nvlist_t *new_props = NULL;

1544


1545
	new_props = fnvlist_alloc();

1546


1547
	/*

1548
	 * loop through all provided properties, we should only have

1549
	 * keyformat, keylocation and pbkdf2iters. The actual validation of

1550
	 * values is done by zfs_valid_proplist().

1551
	 */

1552
	while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {

1553
		const char *propname = nvpair_name(elem);

1554
		prop = zfs_name_to_prop(propname);

1555


1556
		switch (prop) {

1557
		case ZFS_PROP_PBKDF2_ITERS:

1558
		case ZFS_PROP_KEYFORMAT:

1559
		case ZFS_PROP_KEYLOCATION:

1560
			break;

1561
		default:

1562
			ret = EINVAL;

1563
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1564
			    "Only keyformat, keylocation and pbkdf2iters may "

1565
			    "be set with this command."));

1566
			goto error;

1567
		}

1568
	}

1569


1570
	new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props,

1571
	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl,

1572
	    B_TRUE, errbuf);

1573
	if (new_props == NULL) {

1574
		ret = EINVAL;

1575
		goto error;

1576
	}

1577


1578
	*props_out = new_props;

1579
	return (0);

1580


1581
error:

1582
	nvlist_free(new_props);

1583
	*props_out = NULL;

1584
	return (ret);

1585
}

1586


1587
int

1588
zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey)

1589
{

1590
	int ret;

1591
	char errbuf[ERRBUFLEN];

1592
	boolean_t is_encroot;

1593
	nvlist_t *props = NULL;

1594
	uint8_t *wkeydata = NULL;

1595
	uint_t wkeylen = 0;

1596
	dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY;

1597
	uint64_t crypt, pcrypt, keystatus, pkeystatus;

1598
	uint64_t keyformat = ZFS_KEYFORMAT_NONE;

1599
	zfs_handle_t *pzhp = NULL;

1600
	const char *keylocation = NULL;

1601
	char origin_name[MAXNAMELEN];

1602
	char prop_keylocation[MAXNAMELEN];

1603
	char parent_name[ZFS_MAX_DATASET_NAME_LEN];

1604


1605
	(void) snprintf(errbuf, sizeof (errbuf),

1606
	    dgettext(TEXT_DOMAIN, "Key change error"));

1607


1608
	/* check that encryption is enabled for the pool */

1609
	if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {

1610
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1611
		    "Encryption feature not enabled."));

1612
		ret = EINVAL;

1613
		goto error;

1614
	}

1615


1616
	/* get crypt from dataset */

1617
	crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);

1618
	if (crypt == ZIO_CRYPT_OFF) {

1619
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1620
		    "Dataset not encrypted."));

1621
		ret = EINVAL;

1622
		goto error;

1623
	}

1624


1625
	/* get the encryption root of the dataset */

1626
	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);

1627
	if (ret != 0) {

1628
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1629
		    "Failed to get encryption root for '%s'."),

1630
		    zfs_get_name(zhp));

1631
		goto error;

1632
	}

1633


1634
	/* Clones use their origin's key and cannot rewrap it */

1635
	ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name,

1636
	    sizeof (origin_name), NULL, NULL, 0, B_TRUE);

1637
	if (ret == 0 && strcmp(origin_name, "") != 0) {

1638
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1639
		    "Keys cannot be changed on clones."));

1640
		ret = EINVAL;

1641
		goto error;

1642
	}

1643


1644
	/*

1645
	 * If the user wants to use the inheritkey variant of this function

1646
	 * we don't need to collect any crypto arguments.

1647
	 */

1648
	if (!inheritkey) {

1649
		/* validate the provided properties */

1650
		ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props,

1651
		    errbuf);

1652
		if (ret != 0)

1653
			goto error;

1654


1655
		/*

1656
		 * Load keyformat and keylocation from the nvlist. Fetch from

1657
		 * the dataset properties if not specified.

1658
		 */

1659
		(void) nvlist_lookup_uint64(props,

1660
		    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);

1661
		(void) nvlist_lookup_string(props,

1662
		    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);

1663


1664
		if (is_encroot) {

1665
			/*

1666
			 * If this is already an encryption root, just keep

1667
			 * any properties not set by the user.

1668
			 */

1669
			if (keyformat == ZFS_KEYFORMAT_NONE) {

1670
				keyformat = zfs_prop_get_int(zhp,

1671
				    ZFS_PROP_KEYFORMAT);

1672
				ret = nvlist_add_uint64(props,

1673
				    zfs_prop_to_name(ZFS_PROP_KEYFORMAT),

1674
				    keyformat);

1675
				if (ret != 0) {

1676
					zfs_error_aux(zhp->zfs_hdl,

1677
					    dgettext(TEXT_DOMAIN, "Failed to "

1678
					    "get existing keyformat "

1679
					    "property."));

1680
					goto error;

1681
				}

1682
			}

1683


1684
			if (keylocation == NULL) {

1685
				ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,

1686
				    prop_keylocation, sizeof (prop_keylocation),

1687
				    NULL, NULL, 0, B_TRUE);

1688
				if (ret != 0) {

1689
					zfs_error_aux(zhp->zfs_hdl,

1690
					    dgettext(TEXT_DOMAIN, "Failed to "

1691
					    "get existing keylocation "

1692
					    "property."));

1693
					goto error;

1694
				}

1695


1696
				keylocation = prop_keylocation;

1697
			}

1698
		} else {

1699
			/* need a new key for non-encryption roots */

1700
			if (keyformat == ZFS_KEYFORMAT_NONE) {

1701
				ret = EINVAL;

1702
				zfs_error_aux(zhp->zfs_hdl,

1703
				    dgettext(TEXT_DOMAIN, "Keyformat required "

1704
				    "for new encryption root."));

1705
				goto error;

1706
			}

1707


1708
			/* default to prompt if no keylocation is specified */

1709
			if (keylocation == NULL) {

1710
				keylocation = "prompt";

1711
				ret = nvlist_add_string(props,

1712
				    zfs_prop_to_name(ZFS_PROP_KEYLOCATION),

1713
				    keylocation);

1714
				if (ret != 0)

1715
					goto error;

1716
			}

1717
		}

1718


1719
		/* fetch the new wrapping key and associated properties */

1720
		ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl,

1721
		    zhp, B_TRUE, keyformat, keylocation, props, &wkeydata,

1722
		    &wkeylen);

1723
		if (ret != 0)

1724
			goto error;

1725
	} else {

1726
		/* check that zhp is an encryption root */

1727
		if (!is_encroot) {

1728
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1729
			    "Key inheritting can only be performed on "

1730
			    "encryption roots."));

1731
			ret = EINVAL;

1732
			goto error;

1733
		}

1734


1735
		/* get the parent's name */

1736
		ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name));

1737
		if (ret != 0) {

1738
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1739
			    "Root dataset cannot inherit key."));

1740
			ret = EINVAL;

1741
			goto error;

1742
		}

1743


1744
		/* get a handle to the parent */

1745
		pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name);

1746
		if (pzhp == NULL) {

1747
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1748
			    "Failed to lookup parent."));

1749
			ret = ENOENT;

1750
			goto error;

1751
		}

1752


1753
		/* parent must be encrypted */

1754
		pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);

1755
		if (pcrypt == ZIO_CRYPT_OFF) {

1756
			zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1757
			    "Parent must be encrypted."));

1758
			ret = EINVAL;

1759
			goto error;

1760
		}

1761


1762
		/* check that the parent's key is loaded */

1763
		pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS);

1764
		if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) {

1765
			zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1766
			    "Parent key must be loaded."));

1767
			ret = EACCES;

1768
			goto error;

1769
		}

1770
	}

1771


1772
	/* check that the key is loaded */

1773
	keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);

1774
	if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {

1775
		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1776
		    "Key must be loaded."));

1777
		ret = EACCES;

1778
		goto error;

1779
	}

1780


1781
	/* call the ioctl */

1782
	ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen);

1783
	if (ret != 0) {

1784
		switch (ret) {

1785
		case EPERM:

1786
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1787
			    "Permission denied."));

1788
			break;

1789
		case EINVAL:

1790
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1791
			    "Invalid properties for key change."));

1792
			break;

1793
		case EACCES:

1794
			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,

1795
			    "Key is not currently loaded."));

1796
			break;

1797
		}

1798
		zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);

1799
	}

1800


1801
	if (pzhp != NULL)

1802
		zfs_close(pzhp);

1803
	if (props != NULL)

1804
		nvlist_free(props);

1805
	if (wkeydata != NULL)

1806
		free(wkeydata);

1807


1808
	return (ret);

1809


1810
error:

1811
	if (pzhp != NULL)

1812
		zfs_close(pzhp);

1813
	if (props != NULL)

1814
		nvlist_free(props);

1815
	if (wkeydata != NULL)

1816
		free(wkeydata);

1817


1818
	zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);

1819
	return (ret);

1820
}

1821


1822
boolean_t

1823
zfs_is_encrypted(zfs_handle_t *zhp)

1824
{

1825
	uint8_t flags = zhp->zfs_dmustats.dds_flags;

1826


1827
	if (flags & DDS_FLAG_HAS_ENCRYPTED)

1828
		return ((flags & DDS_FLAG_ENCRYPTED) != 0);

1829


1830
	return (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) != ZIO_CRYPT_OFF);

1831
}

1832


1833