4 * This file and its contents are supplied under the terms of the
5 * Common Development and Distribution License ("CDDL"), version 1.0.
6 * You may only use this file in accordance with the terms of version
9 * A full copy of the text of the CDDL should have accompanied this
10 * source. A copy of the CDDL is also available via the Internet at
11 * http://www.illumos.org/license/CDDL.
17 * Copyright (c) 2017, Datto, Inc. All rights reserved.
18 * Copyright 2020 Joyent, Inc.
21 #include <sys/zfs_context.h>
22 #include <sys/fs/zfs.h>
23 #include <sys/dsl_crypt.h>
28 #include <openssl/evp.h>
30 #include "libzfs_impl.h"
31 #include "zfeature_common.h"
34 * User keys are used to decrypt the master encryption keys of a dataset. This
35 * indirection allows a user to change his / her access key without having to
36 * re-encrypt the entire dataset. User keys can be provided in one of several
37 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys
38 * are converted to binary and passed into the kernel. Password based keys are
39 * a bit more complicated. Passwords alone do not provide suitable entropy for
40 * encryption and may be too short or too long to be used. In order to derive
41 * a more appropriate key we use a PBKDF2 function. This function is designed
42 * to take a (relatively) long time to calculate in order to discourage
43 * attackers from guessing from a list of common passwords. PBKDF2 requires
44 * 2 additional parameters. The first is the number of iterations to run, which
45 * will ultimately determine how long it takes to derive the resulting key from
46 * the password. The second parameter is a salt that is randomly generated for
47 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of
48 * attackers cannot reasonably generate a table of commonly known passwords to
49 * their output keys and expect it work for all past and future PBKDF2 users.
50 * We store the salt as a hidden property of the dataset (although it is
51 * technically ok if the salt is known to the attacker).
54 typedef enum key_locator {
60 #define MIN_PASSPHRASE_LEN 8
61 #define MAX_PASSPHRASE_LEN 512
62 #define MAX_KEY_PROMPT_ATTEMPTS 3
64 static int caught_interrupt;
66 static int get_key_material_file(libzfs_handle_t *, const char *, const char *,
67 zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
69 static zfs_uri_handler_t uri_handlers[] = {
70 { "file", get_key_material_file },
75 pkcs11_get_urandom(uint8_t *buf, size_t bytes)
78 ssize_t bytes_read = 0;
80 rand = open("/dev/urandom", O_RDONLY);
85 while (bytes_read < bytes) {
86 ssize_t rc = read(rand, buf + bytes_read, bytes - bytes_read);
98 zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str,
99 zfs_keylocation_t *restrict locp, char **restrict schemep)
101 *locp = ZFS_KEYLOCATION_NONE;
104 if (strcmp("prompt", str) == 0) {
105 *locp = ZFS_KEYLOCATION_PROMPT;
109 regmatch_t pmatch[2];
111 if (regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch),
115 if (pmatch[1].rm_so == -1) {
116 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
121 scheme_len = pmatch[1].rm_eo - pmatch[1].rm_so;
123 *schemep = calloc(1, scheme_len + 1);
124 if (*schemep == NULL) {
128 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
133 (void) memcpy(*schemep, str + pmatch[1].rm_so, scheme_len);
134 *locp = ZFS_KEYLOCATION_URI;
138 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation"));
143 hex_key_to_raw(char *hex, int hexlen, uint8_t *out)
148 for (i = 0; i < hexlen; i += 2) {
149 if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) {
154 ret = sscanf(&hex[i], "%02x", &c);
171 catch_signal(int sig)
173 caught_interrupt = sig;
177 get_format_prompt_string(zfs_keyformat_t format)
180 case ZFS_KEYFORMAT_RAW:
182 case ZFS_KEYFORMAT_HEX:
184 case ZFS_KEYFORMAT_PASSPHRASE:
185 return ("passphrase");
187 /* shouldn't happen */
192 /* do basic validation of the key material */
194 validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat,
195 const char *key, size_t keylen)
198 case ZFS_KEYFORMAT_RAW:
199 /* verify the key length is correct */
200 if (keylen < WRAPPING_KEY_LEN) {
201 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
202 "Raw key too short (expected %u)."),
207 if (keylen > WRAPPING_KEY_LEN) {
208 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
209 "Raw key too long (expected %u)."),
214 case ZFS_KEYFORMAT_HEX:
215 /* verify the key length is correct */
216 if (keylen < WRAPPING_KEY_LEN * 2) {
217 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
218 "Hex key too short (expected %u)."),
219 WRAPPING_KEY_LEN * 2);
223 if (keylen > WRAPPING_KEY_LEN * 2) {
224 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
225 "Hex key too long (expected %u)."),
226 WRAPPING_KEY_LEN * 2);
230 /* check for invalid hex digits */
231 for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) {
232 if (!isxdigit(key[i])) {
233 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
234 "Invalid hex character detected."));
239 case ZFS_KEYFORMAT_PASSPHRASE:
240 /* verify the length is within bounds */
241 if (keylen > MAX_PASSPHRASE_LEN) {
242 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
243 "Passphrase too long (max %u)."),
248 if (keylen < MIN_PASSPHRASE_LEN) {
249 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
250 "Passphrase too short (min %u)."),
256 /* can't happen, checked above */
264 libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter,
265 boolean_t new_key, const char *fsname,
266 char **restrict res, size_t *restrict reslen)
272 struct termios old_term, new_term;
273 struct sigaction act, osigint, osigtstp;
279 * handle SIGINT and ignore SIGSTP. This is necessary to
280 * restore the state of the terminal.
282 caught_interrupt = 0;
284 (void) sigemptyset(&act.sa_mask);
285 act.sa_handler = catch_signal;
287 (void) sigaction(SIGINT, &act, &osigint);
288 act.sa_handler = SIG_IGN;
289 (void) sigaction(SIGTSTP, &act, &osigtstp);
291 (void) printf("%s %s%s",
292 is_reenter ? "Re-enter" : "Enter",
293 new_key ? "new " : "",
294 get_format_prompt_string(keyformat));
296 (void) printf(" for '%s'", fsname);
297 (void) fputc(':', stdout);
298 (void) fflush(stdout);
300 /* disable the terminal echo for key input */
301 (void) tcgetattr(fileno(f), &old_term);
304 new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
306 ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term);
313 bytes = getline(res, &buflen, f);
320 /* trim the ending newline if it exists */
321 if (bytes > 0 && (*res)[bytes - 1] == '\n') {
322 (*res)[bytes - 1] = '\0';
329 /* reset the terminal */
330 (void) tcsetattr(fileno(f), TCSAFLUSH, &old_term);
331 (void) sigaction(SIGINT, &osigint, NULL);
332 (void) sigaction(SIGTSTP, &osigtstp, NULL);
334 /* if we caught a signal, re-throw it now */
335 if (caught_interrupt != 0)
336 (void) kill(getpid(), caught_interrupt);
338 /* print the newline that was not echo'd */
345 get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname,
346 zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey,
347 uint8_t **restrict outbuf, size_t *restrict len_out)
349 char *buf = NULL, *buf2 = NULL;
350 size_t buflen = 0, buf2len = 0;
353 ASSERT(isatty(fileno(stdin)));
355 /* raw keys cannot be entered on the terminal */
356 if (keyformat == ZFS_KEYFORMAT_RAW) {
358 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
359 "Cannot enter raw keys on the terminal"));
363 /* prompt for the key */
364 if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname,
365 &buf, &buflen)) != 0) {
375 if ((ret = validate_key(hdl, keyformat, buf, buflen)) != 0) {
380 ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2,
386 buflen = buf2len = 0;
390 if (buflen != buf2len || strcmp(buf, buf2) != 0) {
396 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
397 "Provided keys do not match."));
403 *outbuf = (uint8_t *)buf;
409 get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat,
410 uint8_t **buf, size_t *len_out)
417 /* read the key material */
418 if (keyformat != ZFS_KEYFORMAT_RAW) {
421 bytes = getline((char **)buf, &buflen, fd);
428 /* trim the ending newline if it exists */
429 if (bytes > 0 && (*buf)[bytes - 1] == '\n') {
430 (*buf)[bytes - 1] = '\0';
439 * Raw keys may have newline characters in them and so can't
440 * use getline(). Here we attempt to read 33 bytes so that we
441 * can properly check the key length (the file should only have
444 *buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t));
450 n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd);
451 if (n == 0 || ferror(fd)) {
452 /* size errors are handled by the calling function */
467 get_key_material_file(libzfs_handle_t *hdl, const char *uri,
468 const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
469 uint8_t **restrict buf, size_t *restrict len_out)
477 if ((f = fopen(uri + 7, "r")) == NULL) {
480 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
481 "Failed to open key material file"));
485 ret = get_key_material_raw(f, keyformat, buf, len_out);
493 * Attempts to fetch key material, no matter where it might live. The key
494 * material is allocated and returned in km_out. *can_retry_out will be set
495 * to B_TRUE if the user is providing the key material interactively, allowing
496 * for re-entry attempts.
499 get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey,
500 zfs_keyformat_t keyformat, char *keylocation, const char *fsname,
501 uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out)
504 zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE;
507 char *uri_scheme = NULL;
508 zfs_uri_handler_t *handler = NULL;
509 boolean_t can_retry = B_FALSE;
511 /* verify and parse the keylocation */
512 ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc,
517 /* open the appropriate file descriptor */
519 case ZFS_KEYLOCATION_PROMPT:
520 if (isatty(fileno(stdin))) {
522 ret = get_key_interactive(hdl, fsname, keyformat,
523 do_verify, newkey, &km, &kmlen);
525 /* fetch the key material into the buffer */
526 ret = get_key_material_raw(stdin, keyformat, &km,
534 case ZFS_KEYLOCATION_URI:
537 for (handler = uri_handlers; handler->zuh_scheme != NULL;
539 if (strcmp(handler->zuh_scheme, uri_scheme) != 0)
542 if ((ret = handler->zuh_handler(hdl, keylocation,
543 fsname, keyformat, newkey, &km, &kmlen)) != 0)
549 if (ret == ENOTSUP) {
550 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
551 "URI scheme is not supported"));
558 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
559 "Invalid keylocation."));
563 if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen)) != 0)
568 if (can_retry_out != NULL)
569 *can_retry_out = can_retry;
580 if (can_retry_out != NULL)
581 *can_retry_out = can_retry;
588 derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
589 uint8_t *key_material, size_t key_material_len, uint64_t salt,
597 key = zfs_alloc(hdl, WRAPPING_KEY_LEN);
602 case ZFS_KEYFORMAT_RAW:
603 bcopy(key_material, key, WRAPPING_KEY_LEN);
605 case ZFS_KEYFORMAT_HEX:
606 ret = hex_key_to_raw((char *)key_material,
607 WRAPPING_KEY_LEN * 2, key);
609 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
610 "Invalid hex key provided."));
614 case ZFS_KEYFORMAT_PASSPHRASE:
617 ret = PKCS5_PBKDF2_HMAC_SHA1((char *)key_material,
618 strlen((char *)key_material), ((uint8_t *)&salt),
619 sizeof (uint64_t), iters, WRAPPING_KEY_LEN, key);
622 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
623 "Failed to generate key from passphrase."));
643 encryption_feature_is_enabled(zpool_handle_t *zph)
646 uint64_t feat_refcount;
648 /* check that features can be enabled */
649 if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL)
650 < SPA_VERSION_FEATURES)
653 /* check for crypto feature */
654 features = zpool_get_features(zph);
655 if (!features || nvlist_lookup_uint64(features,
656 spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid,
657 &feat_refcount) != 0)
664 populate_create_encryption_params_nvlists(libzfs_handle_t *hdl,
665 zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat,
666 char *keylocation, nvlist_t *props, uint8_t **wkeydata, uint_t *wkeylen)
669 uint64_t iters = 0, salt = 0;
670 uint8_t *key_material = NULL;
671 size_t key_material_len = 0;
672 uint8_t *key_data = NULL;
673 const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL;
675 /* get key material from keyformat and keylocation */
676 ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation,
677 fsname, &key_material, &key_material_len, NULL);
681 /* passphrase formats require a salt and pbkdf2 iters property */
682 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
683 /* always generate a new salt */
684 ret = pkcs11_get_urandom((uint8_t *)&salt, sizeof (uint64_t));
685 if (ret != sizeof (uint64_t)) {
686 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
687 "Failed to generate salt."));
691 ret = nvlist_add_uint64(props,
692 zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt);
694 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
695 "Failed to add salt to properties."));
700 * If not otherwise specified, use the default number of
701 * pbkdf2 iterations. If specified, we have already checked
702 * that the given value is greater than MIN_PBKDF2_ITERATIONS
703 * during zfs_valid_proplist().
705 ret = nvlist_lookup_uint64(props,
706 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
708 iters = DEFAULT_PBKDF2_ITERATIONS;
709 ret = nvlist_add_uint64(props,
710 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters);
713 } else if (ret != 0) {
714 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
715 "Failed to get pbkdf2 iterations."));
719 /* check that pbkdf2iters was not specified by the user */
720 ret = nvlist_lookup_uint64(props,
721 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
724 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
725 "Cannot specify pbkdf2iters with a non-passphrase "
731 /* derive a key from the key material */
732 ret = derive_key(hdl, keyformat, iters, key_material, key_material_len,
739 *wkeydata = key_data;
740 *wkeylen = WRAPPING_KEY_LEN;
744 if (key_material != NULL)
746 if (key_data != NULL)
755 proplist_has_encryption_props(nvlist_t *props)
761 ret = nvlist_lookup_uint64(props,
762 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval);
763 if (ret == 0 && intval != ZIO_CRYPT_OFF)
766 ret = nvlist_lookup_string(props,
767 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval);
768 if (ret == 0 && strcmp(strval, "none") != 0)
771 ret = nvlist_lookup_uint64(props,
772 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval);
776 ret = nvlist_lookup_uint64(props,
777 zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval);
785 zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot,
789 char prop_encroot[MAXNAMELEN];
791 /* if the dataset isn't encrypted, just return */
792 if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) {
793 *is_encroot = B_FALSE;
799 ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot,
800 sizeof (prop_encroot), NULL, NULL, 0, B_TRUE);
802 *is_encroot = B_FALSE;
808 *is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0;
810 strcpy(buf, prop_encroot);
816 zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props,
817 nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out,
822 uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT;
823 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
824 char *keylocation = NULL;
825 zfs_handle_t *pzhp = NULL;
826 uint8_t *wkeydata = NULL;
828 boolean_t local_crypt = B_TRUE;
830 (void) snprintf(errbuf, sizeof (errbuf),
831 dgettext(TEXT_DOMAIN, "Encryption create error"));
833 /* lookup crypt from props */
834 ret = nvlist_lookup_uint64(props,
835 zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt);
837 local_crypt = B_FALSE;
839 /* lookup key location and format from props */
840 (void) nvlist_lookup_uint64(props,
841 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
842 (void) nvlist_lookup_string(props,
843 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
845 if (parent_name != NULL) {
846 /* get a reference to parent dataset */
847 pzhp = make_dataset_handle(hdl, parent_name);
850 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
851 "Failed to lookup parent."));
855 /* Lookup parent's crypt */
856 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
858 /* Params require the encryption feature */
859 if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) {
860 if (proplist_has_encryption_props(props)) {
862 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
863 "Encryption feature not enabled."));
872 * special case for root dataset where encryption feature
873 * feature won't be on disk yet
875 if (!nvlist_exists(pool_props, "feature@encryption")) {
876 if (proplist_has_encryption_props(props)) {
878 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
879 "Encryption feature not enabled."));
887 pcrypt = ZIO_CRYPT_OFF;
890 /* Get the inherited encryption property if we don't have it locally */
895 * At this point crypt should be the actual encryption value. If
896 * encryption is off just verify that no encryption properties have
897 * been specified and return.
899 if (crypt == ZIO_CRYPT_OFF) {
900 if (proplist_has_encryption_props(props)) {
902 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
903 "Encryption must be turned on to set encryption "
913 * If we have a parent crypt it is valid to specify encryption alone.
914 * This will result in a child that is encrypted with the chosen
915 * encryption suite that will also inherit the parent's key. If
916 * the parent is not encrypted we need an encryption suite provided.
918 if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL &&
919 keyformat == ZFS_KEYFORMAT_NONE) {
921 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
922 "Keyformat required for new encryption root."));
927 * Specifying a keylocation implies this will be a new encryption root.
928 * Check that a keyformat is also specified.
930 if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) {
932 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
933 "Keyformat required for new encryption root."));
937 /* default to prompt if no keylocation is specified */
938 if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) {
939 keylocation = "prompt";
940 ret = nvlist_add_string(props,
941 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation);
947 * If a local key is provided, this dataset will be a new
948 * encryption root. Populate the encryption params.
950 if (keylocation != NULL) {
952 * 'zfs recv -o keylocation=prompt' won't work because stdin
953 * is being used by the send stream, so we disallow it.
955 if (!stdin_available && strcmp(keylocation, "prompt") == 0) {
957 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use "
958 "'prompt' keylocation because stdin is in use."));
962 ret = populate_create_encryption_params_nvlists(hdl, NULL,
963 B_FALSE, keyformat, keylocation, props, &wkeydata,
972 *wkeydata_out = wkeydata;
973 *wkeylen_out = wkeylen;
979 if (wkeydata != NULL)
982 *wkeydata_out = NULL;
988 zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp,
989 char *parent_name, nvlist_t *props)
993 (void) snprintf(errbuf, sizeof (errbuf),
994 dgettext(TEXT_DOMAIN, "Encryption clone error"));
997 * No encryption properties should be specified. They will all be
998 * inherited from the origin dataset.
1000 if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) ||
1001 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) ||
1002 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) ||
1003 nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) {
1004 zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1005 "Encryption properties must inherit from origin dataset."));
1012 typedef struct loadkeys_cbdata {
1013 uint64_t cb_numfailed;
1014 uint64_t cb_numattempted;
1018 load_keys_cb(zfs_handle_t *zhp, void *arg)
1021 boolean_t is_encroot;
1022 loadkey_cbdata_t *cb = arg;
1023 uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1025 /* only attempt to load keys for encryption roots */
1026 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1027 if (ret != 0 || !is_encroot)
1030 /* don't attempt to load already loaded keys */
1031 if (keystatus == ZFS_KEYSTATUS_AVAILABLE)
1034 /* Attempt to load the key. Record status in cb. */
1035 cb->cb_numattempted++;
1037 ret = zfs_crypto_load_key(zhp, B_FALSE, NULL);
1042 (void) zfs_iter_filesystems(zhp, load_keys_cb, cb);
1045 /* always return 0, since this function is best effort */
1050 * This function is best effort. It attempts to load all the keys for the given
1051 * filesystem and all of its children.
1054 zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, char *fsname)
1057 zfs_handle_t *zhp = NULL;
1058 loadkey_cbdata_t cb = { 0 };
1060 zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
1066 ret = load_keys_cb(zfs_handle_dup(zhp), &cb);
1070 (void) printf(gettext("%llu / %llu keys successfully loaded\n"),
1071 (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed),
1072 (u_longlong_t)cb.cb_numattempted);
1074 if (cb.cb_numfailed != 0) {
1089 zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop, char *alt_keylocation)
1091 int ret, attempts = 0;
1093 uint64_t keystatus, iters = 0, salt = 0;
1094 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1095 char prop_keylocation[MAXNAMELEN];
1096 char prop_encroot[MAXNAMELEN];
1097 char *keylocation = NULL;
1098 uint8_t *key_material = NULL, *key_data = NULL;
1099 size_t key_material_len;
1100 boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE;
1102 (void) snprintf(errbuf, sizeof (errbuf),
1103 dgettext(TEXT_DOMAIN, "Key load error"));
1105 /* check that encryption is enabled for the pool */
1106 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1107 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1108 "Encryption feature not enabled."));
1113 /* Fetch the keyformat. Check that the dataset is encrypted. */
1114 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1115 if (keyformat == ZFS_KEYFORMAT_NONE) {
1116 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1117 "'%s' is not encrypted."), zfs_get_name(zhp));
1123 * Fetch the key location. Check that we are working with an
1126 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1128 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1129 "Failed to get encryption root for '%s'."),
1132 } else if (!is_encroot) {
1133 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1134 "Keys must be loaded for encryption root of '%s' (%s)."),
1135 zfs_get_name(zhp), prop_encroot);
1141 * if the caller has elected to override the keylocation property
1144 if (alt_keylocation != NULL) {
1145 keylocation = alt_keylocation;
1147 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation,
1148 sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE);
1150 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1151 "Failed to get keylocation for '%s'."),
1156 keylocation = prop_keylocation;
1159 /* check that the key is unloaded unless this is a noop */
1161 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1162 if (keystatus == ZFS_KEYSTATUS_AVAILABLE) {
1163 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1164 "Key already loaded for '%s'."), zfs_get_name(zhp));
1170 /* passphrase formats require a salt and pbkdf2_iters property */
1171 if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
1172 salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT);
1173 iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS);
1177 /* fetching and deriving the key are correctable errors. set the flag */
1178 correctible = B_TRUE;
1180 /* get key material from key format and location */
1181 ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat,
1182 keylocation, zfs_get_name(zhp), &key_material, &key_material_len,
1187 /* derive a key from the key material */
1188 ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material,
1189 key_material_len, salt, &key_data);
1193 correctible = B_FALSE;
1195 /* pass the wrapping key and noop flag to the ioctl */
1196 ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN);
1200 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1201 "Permission denied."));
1204 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1205 "Invalid parameters provided for dataset %s."),
1209 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1210 "Key already loaded for '%s'."), zfs_get_name(zhp));
1213 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1214 "'%s' is busy."), zfs_get_name(zhp));
1217 correctible = B_TRUE;
1218 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1219 "Incorrect key provided for '%s'."),
1232 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1233 if (key_material != NULL) {
1235 key_material = NULL;
1237 if (key_data != NULL) {
1243 * Here we decide if it is ok to allow the user to retry entering their
1244 * key. The can_retry flag will be set if the user is entering their
1245 * key from an interactive prompt. The correctable flag will only be
1246 * set if an error that occurred could be corrected by retrying. Both
1247 * flags are needed to allow the user to attempt key entry again
1250 if (can_retry && correctible && attempts < MAX_KEY_PROMPT_ATTEMPTS)
1257 zfs_crypto_unload_key(zfs_handle_t *zhp)
1261 char prop_encroot[MAXNAMELEN];
1262 uint64_t keystatus, keyformat;
1263 boolean_t is_encroot;
1265 (void) snprintf(errbuf, sizeof (errbuf),
1266 dgettext(TEXT_DOMAIN, "Key unload error"));
1268 /* check that encryption is enabled for the pool */
1269 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1270 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1271 "Encryption feature not enabled."));
1276 /* Fetch the keyformat. Check that the dataset is encrypted. */
1277 keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1278 if (keyformat == ZFS_KEYFORMAT_NONE) {
1279 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1280 "'%s' is not encrypted."), zfs_get_name(zhp));
1286 * Fetch the key location. Check that we are working with an
1289 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1291 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1292 "Failed to get encryption root for '%s'."),
1295 } else if (!is_encroot) {
1296 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1297 "Keys must be unloaded for encryption root of '%s' (%s)."),
1298 zfs_get_name(zhp), prop_encroot);
1303 /* check that the key is loaded */
1304 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1305 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1306 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1307 "Key already unloaded for '%s'."), zfs_get_name(zhp));
1312 /* call the ioctl */
1313 ret = lzc_unload_key(zhp->zfs_name);
1318 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1319 "Permission denied."));
1322 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1323 "Key already unloaded for '%s'."),
1327 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1328 "'%s' is busy."), zfs_get_name(zhp));
1331 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1337 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1342 zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props,
1343 nvlist_t **props_out, char *errbuf)
1346 nvpair_t *elem = NULL;
1348 nvlist_t *new_props = NULL;
1350 new_props = fnvlist_alloc();
1353 * loop through all provided properties, we should only have
1354 * keyformat, keylocation and pbkdf2iters. The actual validation of
1355 * values is done by zfs_valid_proplist().
1357 while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
1358 const char *propname = nvpair_name(elem);
1359 prop = zfs_name_to_prop(propname);
1362 case ZFS_PROP_PBKDF2_ITERS:
1363 case ZFS_PROP_KEYFORMAT:
1364 case ZFS_PROP_KEYLOCATION:
1368 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1369 "Only keyformat, keylocation and pbkdf2iters may "
1370 "be set with this command."));
1375 new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props,
1376 zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl,
1378 if (new_props == NULL) {
1383 *props_out = new_props;
1387 nvlist_free(new_props);
1393 zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey)
1397 boolean_t is_encroot;
1398 nvlist_t *props = NULL;
1399 uint8_t *wkeydata = NULL;
1401 dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY;
1402 uint64_t crypt, pcrypt, keystatus, pkeystatus;
1403 uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1404 zfs_handle_t *pzhp = NULL;
1405 char *keylocation = NULL;
1406 char origin_name[MAXNAMELEN];
1407 char prop_keylocation[MAXNAMELEN];
1408 char parent_name[ZFS_MAX_DATASET_NAME_LEN];
1410 (void) snprintf(errbuf, sizeof (errbuf),
1411 dgettext(TEXT_DOMAIN, "Key change error"));
1413 /* check that encryption is enabled for the pool */
1414 if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1415 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1416 "Encryption feature not enabled."));
1421 /* get crypt from dataset */
1422 crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
1423 if (crypt == ZIO_CRYPT_OFF) {
1424 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1425 "Dataset not encrypted."));
1430 /* get the encryption root of the dataset */
1431 ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1433 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1434 "Failed to get encryption root for '%s'."),
1439 /* Clones use their origin's key and cannot rewrap it */
1440 ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name,
1441 sizeof (origin_name), NULL, NULL, 0, B_TRUE);
1442 if (ret == 0 && strcmp(origin_name, "") != 0) {
1443 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1444 "Keys cannot be changed on clones."));
1450 * If the user wants to use the inheritkey variant of this function
1451 * we don't need to collect any crypto arguments.
1454 /* validate the provided properties */
1455 ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props,
1461 * Load keyformat and keylocation from the nvlist. Fetch from
1462 * the dataset properties if not specified.
1464 (void) nvlist_lookup_uint64(props,
1465 zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1466 (void) nvlist_lookup_string(props,
1467 zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1471 * If this is already an encryption root, just keep
1472 * any properties not set by the user.
1474 if (keyformat == ZFS_KEYFORMAT_NONE) {
1475 keyformat = zfs_prop_get_int(zhp,
1476 ZFS_PROP_KEYFORMAT);
1477 ret = nvlist_add_uint64(props,
1478 zfs_prop_to_name(ZFS_PROP_KEYFORMAT),
1481 zfs_error_aux(zhp->zfs_hdl,
1482 dgettext(TEXT_DOMAIN, "Failed to "
1483 "get existing keyformat "
1489 if (keylocation == NULL) {
1490 ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
1491 prop_keylocation, sizeof (prop_keylocation),
1492 NULL, NULL, 0, B_TRUE);
1494 zfs_error_aux(zhp->zfs_hdl,
1495 dgettext(TEXT_DOMAIN, "Failed to "
1496 "get existing keylocation "
1501 keylocation = prop_keylocation;
1504 /* need a new key for non-encryption roots */
1505 if (keyformat == ZFS_KEYFORMAT_NONE) {
1507 zfs_error_aux(zhp->zfs_hdl,
1508 dgettext(TEXT_DOMAIN, "Keyformat required "
1509 "for new encryption root."));
1513 /* default to prompt if no keylocation is specified */
1514 if (keylocation == NULL) {
1515 keylocation = "prompt";
1516 ret = nvlist_add_string(props,
1517 zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
1524 /* fetch the new wrapping key and associated properties */
1525 ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl,
1526 zhp, B_TRUE, keyformat, keylocation, props, &wkeydata,
1531 /* check that zhp is an encryption root */
1533 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1534 "Key inheritting can only be performed on "
1535 "encryption roots."));
1540 /* get the parent's name */
1541 ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name));
1543 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1544 "Root dataset cannot inherit key."));
1549 /* get a handle to the parent */
1550 pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name);
1552 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1553 "Failed to lookup parent."));
1558 /* parent must be encrypted */
1559 pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1560 if (pcrypt == ZIO_CRYPT_OFF) {
1561 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1562 "Parent must be encrypted."));
1567 /* check that the parent's key is loaded */
1568 pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS);
1569 if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1570 zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1571 "Parent key must be loaded."));
1577 /* check that the key is loaded */
1578 keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1579 if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1580 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1581 "Key must be loaded."));
1586 /* call the ioctl */
1587 ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen);
1591 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1592 "Permission denied."));
1595 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1596 "Invalid properties for key change."));
1599 zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1600 "Key is not currently loaded."));
1603 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1610 if (wkeydata != NULL)
1620 if (wkeydata != NULL)
1623 zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);