1 /*
2  * CDDL HEADER START
3  *
4  * This file and its contents are supplied under the terms of the
5  * Common Development and Distribution License ("CDDL"), version 1.0.
6  * You may only use this file in accordance with the terms of version
7  * 1.0 of the CDDL.
8  *
9  * A full copy of the text of the CDDL should have accompanied this
10  * source.  A copy of the CDDL is also available via the Internet at
11  * http://www.illumos.org/license/CDDL.
12  *
13  * CDDL HEADER END
14  */
15 
16 /*
17  * Copyright (c) 2017, Datto, Inc. All rights reserved.
18  */
19 
20 #ifndef	_SYS_ZIO_CRYPT_H
21 #define	_SYS_ZIO_CRYPT_H
22 
23 #include <sys/dmu.h>
24 #include <sys/refcount.h>
25 #include <sys/crypto/api.h>
26 #include <sys/nvpair.h>
27 #include <sys/avl.h>
28 #include <sys/zio.h>
29 
30 #ifdef	__cplusplus
31 extern "C" {
32 #endif
33 
34 /* forward declarations */
35 struct zbookmark_phys;
36 
37 #define	WRAPPING_KEY_LEN	32
38 #define	WRAPPING_IV_LEN		ZIO_DATA_IV_LEN
39 #define	WRAPPING_MAC_LEN	ZIO_DATA_MAC_LEN
40 #define	MASTER_KEY_MAX_LEN	32
41 #define	SHA512_HMAC_KEYLEN	64
42 
43 #define	ZIO_CRYPT_KEY_CURRENT_VERSION	1ULL
44 
45 typedef enum zio_crypt_type {
46 	ZC_TYPE_NONE = 0,
47 	ZC_TYPE_CCM,
48 	ZC_TYPE_GCM
49 } zio_crypt_type_t;
50 
51 /* table of supported crypto algorithms, modes and keylengths. */
52 typedef struct zio_crypt_info {
53 	/* mechanism name, needed by ICP */
54 	crypto_mech_name_t ci_mechname;
55 
56 	/* cipher mode type (GCM, CCM) */
57 	zio_crypt_type_t ci_crypt_type;
58 
59 	/* length of the encryption key */
60 	size_t ci_keylen;
61 
62 	/* human-readable name of the encryption alforithm */
63 	char *ci_name;
64 } zio_crypt_info_t;
65 
66 extern zio_crypt_info_t zio_crypt_table[ZIO_CRYPT_FUNCTIONS];
67 
68 /* in memory representation of an unwrapped key that is loaded into memory */
69 typedef struct zio_crypt_key {
70 	/* encryption algorithm */
71 	uint64_t zk_crypt;
72 
73 	/* on-disk format version */
74 	uint64_t zk_version;
75 
76 	/* GUID for uniquely identifying this key. Not encrypted on disk. */
77 	uint64_t zk_guid;
78 
79 	/* buffer for master key */
80 	uint8_t zk_master_keydata[MASTER_KEY_MAX_LEN];
81 
82 	/* buffer for hmac key */
83 	uint8_t zk_hmac_keydata[SHA512_HMAC_KEYLEN];
84 
85 	/* buffer for currrent encryption key derived from master key */
86 	uint8_t zk_current_keydata[MASTER_KEY_MAX_LEN];
87 
88 	/* current 64 bit salt for deriving an encryption key */
89 	uint8_t zk_salt[ZIO_DATA_SALT_LEN];
90 
91 	/* count of how many times the current salt has been used */
92 	uint64_t zk_salt_count;
93 
94 	/* illumos crypto api current encryption key */
95 	crypto_key_t zk_current_key;
96 
97 	/* template of current encryption key for illumos crypto api */
98 	crypto_ctx_template_t zk_current_tmpl;
99 
100 	/* illumos crypto api current hmac key */
101 	crypto_key_t zk_hmac_key;
102 
103 	/* template of hmac key for illumos crypto api */
104 	crypto_ctx_template_t zk_hmac_tmpl;
105 
106 	/* lock for changing the salt and dependant values */
107 	krwlock_t zk_salt_lock;
108 } zio_crypt_key_t;
109 
110 void zio_crypt_key_destroy(zio_crypt_key_t *key);
111 int zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key);
112 int zio_crypt_key_get_salt(zio_crypt_key_t *key, uint8_t *salt_out);
113 
114 int zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
115     uint8_t *mac, uint8_t *keydata_out, uint8_t *hmac_keydata_out);
116 int zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
117     uint64_t guid, uint8_t *keydata, uint8_t *hmac_keydata, uint8_t *iv,
118     uint8_t *mac, zio_crypt_key_t *key);
119 int zio_crypt_generate_iv(uint8_t *ivbuf);
120 int zio_crypt_generate_iv_salt_dedup(zio_crypt_key_t *key, uint8_t *data,
121     uint_t datalen, uint8_t *ivbuf, uint8_t *salt);
122 
123 void zio_crypt_encode_params_bp(blkptr_t *bp, uint8_t *salt, uint8_t *iv);
124 void zio_crypt_decode_params_bp(const blkptr_t *bp, uint8_t *salt, uint8_t *iv);
125 void zio_crypt_encode_mac_bp(blkptr_t *bp, uint8_t *mac);
126 void zio_crypt_decode_mac_bp(const blkptr_t *bp, uint8_t *mac);
127 void zio_crypt_encode_mac_zil(void *data, uint8_t *mac);
128 void zio_crypt_decode_mac_zil(const void *data, uint8_t *mac);
129 void zio_crypt_copy_dnode_bonus(abd_t *src_abd, uint8_t *dst, uint_t datalen);
130 
131 int zio_crypt_do_indirect_mac_checksum(boolean_t generate, void *buf,
132     uint_t datalen, boolean_t byteswap, uint8_t *cksum);
133 int zio_crypt_do_indirect_mac_checksum_abd(boolean_t generate, abd_t *abd,
134     uint_t datalen, boolean_t byteswap, uint8_t *cksum);
135 int zio_crypt_do_hmac(zio_crypt_key_t *key, uint8_t *data, uint_t datalen,
136     uint8_t *digestbuf, uint_t digestlen);
137 int zio_crypt_do_objset_hmacs(zio_crypt_key_t *key, void *data, uint_t datalen,
138     boolean_t byteswap, uint8_t *portable_mac, uint8_t *local_mac);
139 int zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key,
140     dmu_object_type_t ot, boolean_t byteswap, uint8_t *salt, uint8_t *iv,
141     uint8_t *mac, uint_t datalen, uint8_t *plainbuf, uint8_t *cipherbuf,
142     boolean_t *no_crypt);
143 int zio_do_crypt_abd(boolean_t encrypt, zio_crypt_key_t *key,
144     dmu_object_type_t ot, boolean_t byteswap, uint8_t *salt, uint8_t *iv,
145     uint8_t *mac, uint_t datalen, abd_t *pabd, abd_t *cabd,
146     boolean_t *no_crypt);
147 
148 #ifdef	__cplusplus
149 }
150 #endif
151 
152 #endif /* _SYS_ZIO_CRYPT_H */
153