1/*
2 * CDDL HEADER START
3 *
4 * This file and its contents are supplied under the terms of the
5 * Common Development and Distribution License ("CDDL"), version 1.0.
6 * You may only use this file in accordance with the terms of version
7 * 1.0 of the CDDL.
8 *
9 * A full copy of the text of the CDDL should have accompanied this
10 * source.  A copy of the CDDL is also available via the Internet at
11 * http://www.illumos.org/license/CDDL.
12 *
13 * CDDL HEADER END
14 */
15
16/*
17 * Copyright (c) 2017, Datto, Inc. All rights reserved.
18 * Copyright 2020 Joyent, Inc.
19 */
20
21#include <string.h>
22#include <strings.h>
23#include <ctype.h>
24#include <unistd.h>
25#include <sys/zfs_context.h>
26#include <sys/fs/zfs.h>
27#include <sys/dsl_crypt.h>
28#ifdef sun
29#include <stdlib.h>
30#include <security/cryptoki.h>
31#include <cryptoutil.h> /* for pkcs11_strerror */
32#else
33#include <sys/crypto/icp.h>
34#endif
35#include <libintl.h>
36#include <termios.h>
37#include <signal.h>
38#include <errno.h>
39#include <libzfs.h>
40#include "libzfs_impl.h"
41#include "zfeature_common.h"
42
43/*
44 * User keys are used to decrypt the master encryption keys of a dataset. This
45 * indirection allows a user to change his / her access key without having to
46 * re-encrypt the entire dataset. User keys can be provided in one of several
47 * ways. Raw keys are simply given to the kernel as is. Similarly, hex keys
48 * are converted to binary and passed into the kernel. Password based keys are
49 * a bit more complicated. Passwords alone do not provide suitable entropy for
50 * encryption and may be too short or too long to be used. In order to derive
51 * a more appropriate key we use a PBKDF2 function. This function is designed
52 * to take a (relatively) long time to calculate in order to discourage
53 * attackers from guessing from a list of common passwords. PBKDF2 requires
54 * 2 additional parameters. The first is the number of iterations to run, which
55 * will ultimately determine how long it takes to derive the resulting key from
56 * the password. The second parameter is a salt that is randomly generated for
57 * each dataset. The salt is used to "tweak" PBKDF2 such that a group of
58 * attackers cannot reasonably generate a table of commonly known passwords to
59 * their output keys and expect it work for all past and future PBKDF2 users.
60 * We store the salt as a hidden property of the dataset (although it is
61 * technically ok if the salt is known to the attacker).
62 */
63
64typedef enum key_locator {
65	KEY_LOCATOR_NONE,
66	KEY_LOCATOR_PROMPT,
67	KEY_LOCATOR_URI
68} key_locator_t;
69
70#define	MIN_PASSPHRASE_LEN 8
71#define	MAX_PASSPHRASE_LEN 512
72#define	MAX_KEY_PROMPT_ATTEMPTS 3
73
74static int caught_interrupt;
75
76static int get_key_material_file(libzfs_handle_t *, const char *, const char *,
77    zfs_keyformat_t, boolean_t, uint8_t **, size_t *);
78
79static zfs_uri_handler_t uri_handlers[] = {
80	{ "file", get_key_material_file },
81	{ NULL, NULL }
82};
83
84static int
85zfs_prop_parse_keylocation(libzfs_handle_t *restrict hdl, const char *str,
86    zfs_keylocation_t *restrict locp, char **restrict schemep)
87{
88	int ret;
89
90	*locp = ZFS_KEYLOCATION_NONE;
91	*schemep = NULL;
92
93	if (strcmp("prompt", str) == 0) {
94		*locp = ZFS_KEYLOCATION_PROMPT;
95		return (0);
96	}
97
98	regmatch_t pmatch[URI_NMATCH];
99	regmatch_t *smatch = &pmatch[URI_SCHEMESUBEXP];
100
101	ret = regexec(&hdl->libzfs_urire, str, ARRAY_SIZE(pmatch), pmatch, 0);
102	switch (ret) {
103	case 0:
104		break;
105	case REG_ESPACE:
106		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Out of memory"));
107		return (ENOMEM);
108	case REG_NOMATCH:
109		goto invalid;
110	default:
111		/*
112		 * Any other errors from regexec are a programming bug,
113		 * so consider them a fatal error.
114		 */
115		(void) fprintf(stderr, "regexec failed: %d\n", ret);
116		abort();
117	}
118
119	if (smatch->rm_so == -1)
120		goto invalid;
121
122	*schemep = strndup(str + smatch->rm_so, smatch->rm_eo - smatch->rm_so);
123	if (*schemep == NULL) {
124		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Out of memory"));
125		return (ENOMEM);
126	}
127
128	*locp = ZFS_KEYLOCATION_URI;
129	return (0);
130
131invalid:
132	zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Invalid keylocation"));
133	return (EINVAL);
134}
135
136static int
137hex_key_to_raw(char *hex, int hexlen, uint8_t *out)
138{
139	int ret, i;
140	unsigned int c;
141
142	for (i = 0; i < hexlen; i += 2) {
143		if (!isxdigit(hex[i]) || !isxdigit(hex[i + 1])) {
144			ret = EINVAL;
145			goto error;
146		}
147
148		ret = sscanf(&hex[i], "%02x", &c);
149		if (ret != 1) {
150			ret = EINVAL;
151			goto error;
152		}
153
154		out[i / 2] = c;
155	}
156
157	return (0);
158
159error:
160	return (ret);
161}
162
163
164static void
165catch_signal(int sig)
166{
167	caught_interrupt = sig;
168}
169
170static char *
171get_format_prompt_string(zfs_keyformat_t format)
172{
173	switch (format) {
174	case ZFS_KEYFORMAT_RAW:
175		return ("raw key");
176	case ZFS_KEYFORMAT_HEX:
177		return ("hex key");
178	case ZFS_KEYFORMAT_PASSPHRASE:
179		return ("passphrase");
180	default:
181		/* shouldn't happen */
182		return (NULL);
183	}
184}
185
186/* do basic validation of the key material */
187static int
188validate_key(libzfs_handle_t *hdl, zfs_keyformat_t keyformat,
189    const char *key, size_t keylen)
190{
191	switch (keyformat) {
192	case ZFS_KEYFORMAT_RAW:
193		/* verify the key length is correct */
194		if (keylen < WRAPPING_KEY_LEN) {
195			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
196			    "Raw key too short (expected %u)."),
197			    WRAPPING_KEY_LEN);
198			return (EINVAL);
199		}
200
201		if (keylen > WRAPPING_KEY_LEN) {
202			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
203			    "Raw key too long (expected %u)."),
204			    WRAPPING_KEY_LEN);
205			return (EINVAL);
206		}
207		break;
208	case ZFS_KEYFORMAT_HEX:
209		/* verify the key length is correct */
210		if (keylen < WRAPPING_KEY_LEN * 2) {
211			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
212			    "Hex key too short (expected %u)."),
213			    WRAPPING_KEY_LEN * 2);
214			return (EINVAL);
215		}
216
217		if (keylen > WRAPPING_KEY_LEN * 2) {
218			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
219			    "Hex key too long (expected %u)."),
220			    WRAPPING_KEY_LEN * 2);
221			return (EINVAL);
222		}
223
224		/* check for invalid hex digits */
225		for (size_t i = 0; i < WRAPPING_KEY_LEN * 2; i++) {
226			if (!isxdigit(key[i])) {
227				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
228				    "Invalid hex character detected."));
229				return (EINVAL);
230			}
231		}
232		break;
233	case ZFS_KEYFORMAT_PASSPHRASE:
234		/* verify the length is within bounds */
235		if (keylen > MAX_PASSPHRASE_LEN) {
236			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
237			    "Passphrase too long (max %u)."),
238			    MAX_PASSPHRASE_LEN);
239			return (EINVAL);
240		}
241
242		if (keylen < MIN_PASSPHRASE_LEN) {
243			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
244			    "Passphrase too short (min %u)."),
245			    MIN_PASSPHRASE_LEN);
246			return (EINVAL);
247		}
248		break;
249	default:
250		/* can't happen, checked above */
251		break;
252	}
253
254	return (0);
255}
256
257static int
258libzfs_getpassphrase(zfs_keyformat_t keyformat, boolean_t is_reenter,
259    boolean_t new_key, const char *fsname,
260    char **restrict res, size_t *restrict reslen)
261{
262	FILE *f = stdin;
263	size_t buflen = 0;
264	ssize_t bytes;
265	int ret = 0;
266	struct termios old_term, new_term;
267	struct sigaction act, osigint, osigtstp;
268
269	*res = NULL;
270	*reslen = 0;
271
272	/*
273	 * handle SIGINT and ignore SIGSTP. This is necessary to
274	 * restore the state of the terminal.
275	 */
276	caught_interrupt = 0;
277	act.sa_flags = 0;
278	(void) sigemptyset(&act.sa_mask);
279	act.sa_handler = catch_signal;
280
281	(void) sigaction(SIGINT, &act, &osigint);
282	act.sa_handler = SIG_IGN;
283	(void) sigaction(SIGTSTP, &act, &osigtstp);
284
285	(void) printf("%s %s%s",
286	    is_reenter ? "Re-enter" : "Enter",
287	    new_key ? "new " : "",
288	    get_format_prompt_string(keyformat));
289	if (fsname != NULL)
290		(void) printf(" for '%s'", fsname);
291	(void) fputc(':', stdout);
292	(void) fflush(stdout);
293
294	/* disable the terminal echo for key input */
295	(void) tcgetattr(fileno(f), &old_term);
296
297	new_term = old_term;
298	new_term.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
299
300	ret = tcsetattr(fileno(f), TCSAFLUSH, &new_term);
301	if (ret != 0) {
302		ret = errno;
303		errno = 0;
304		goto out;
305	}
306
307	bytes = getline(res, &buflen, f);
308	if (bytes < 0) {
309		ret = errno;
310		errno = 0;
311		goto out;
312	}
313
314	/* trim the ending newline if it exists */
315	if (bytes > 0 && (*res)[bytes - 1] == '\n') {
316		(*res)[bytes - 1] = '\0';
317		bytes--;
318	}
319
320	*reslen = bytes;
321
322out:
323	/* reset the teminal */
324	(void) tcsetattr(fileno(f), TCSAFLUSH, &old_term);
325	(void) sigaction(SIGINT, &osigint, NULL);
326	(void) sigaction(SIGTSTP, &osigtstp, NULL);
327
328	/* if we caught a signal, re-throw it now */
329	if (caught_interrupt != 0)
330		(void) kill(getpid(), caught_interrupt);
331
332	/* print the newline that was not echo'd */
333	(void) printf("\n");
334
335	return (ret);
336}
337
338static int
339get_key_interactive(libzfs_handle_t *restrict hdl, const char *fsname,
340    zfs_keyformat_t keyformat, boolean_t confirm_key, boolean_t newkey,
341    uint8_t **restrict outbuf, size_t *restrict len_out)
342{
343	char *buf = NULL, *buf2 = NULL;
344	size_t buflen = 0, buf2len = 0;
345	int ret = 0;
346
347	ASSERT(isatty(fileno(stdin)));
348
349	/* raw keys cannot be entered on the terminal */
350	if (keyformat == ZFS_KEYFORMAT_RAW) {
351		ret = EINVAL;
352		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
353		    "Cannot enter raw keys on the terminal"));
354		goto out;
355	}
356
357	/* prompt for the key */
358	if ((ret = libzfs_getpassphrase(keyformat, B_FALSE, newkey, fsname,
359	    &buf, &buflen)) != 0) {
360		freezero(buf, buflen);
361		buf = NULL;
362		buflen = 0;
363		goto out;
364	}
365
366	if (!confirm_key)
367		goto out;
368
369	if ((ret = validate_key(hdl, keyformat, buf, buflen)) != 0) {
370		freezero(buf, buflen);
371		return (ret);
372	}
373
374	ret = libzfs_getpassphrase(keyformat, B_TRUE, newkey, fsname, &buf2,
375	    &buf2len);
376	if (ret != 0) {
377		freezero(buf, buflen);
378		freezero(buf2, buf2len);
379		buf = buf2 = NULL;
380		buflen = buf2len = 0;
381		goto out;
382	}
383
384	if (buflen != buf2len || strcmp(buf, buf2) != 0) {
385		freezero(buf, buflen);
386		buf = NULL;
387		buflen = 0;
388
389		ret = EINVAL;
390		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
391		    "Provided keys do not match."));
392	}
393
394	freezero(buf2, buf2len);
395
396out:
397	*outbuf = (uint8_t *)buf;
398	*len_out = buflen;
399	return (ret);
400}
401
402static int
403get_key_material_raw(FILE *fd, zfs_keyformat_t keyformat,
404    uint8_t **buf, size_t *len_out)
405{
406	int ret = 0;
407	size_t buflen = 0;
408
409	*len_out = 0;
410
411	/* read the key material */
412	if (keyformat != ZFS_KEYFORMAT_RAW) {
413		ssize_t bytes;
414
415		bytes = getline((char **)buf, &buflen, fd);
416		if (bytes < 0) {
417			ret = errno;
418			errno = 0;
419			goto out;
420		}
421
422		/* trim the ending newline if it exists */
423		if (bytes > 0 && (*buf)[bytes - 1] == '\n') {
424			(*buf)[bytes - 1] = '\0';
425			bytes--;
426		}
427
428		*len_out = bytes;
429	} else {
430		size_t n;
431
432		/*
433		 * Raw keys may have newline characters in them and so can't
434		 * use getline(). Here we attempt to read 33 bytes so that we
435		 * can properly check the key length (the file should only have
436		 * 32 bytes).
437		 */
438		*buf = malloc((WRAPPING_KEY_LEN + 1) * sizeof (uint8_t));
439		if (*buf == NULL) {
440			ret = ENOMEM;
441			goto out;
442		}
443
444		n = fread(*buf, 1, WRAPPING_KEY_LEN + 1, fd);
445		if (n == 0 || ferror(fd)) {
446			/* size errors are handled by the calling function */
447			free(*buf);
448			*buf = NULL;
449			ret = errno;
450			errno = 0;
451			goto out;
452		}
453
454		*len_out = n;
455	}
456
457out:
458	return (ret);
459}
460
461static int
462get_key_material_file(libzfs_handle_t *hdl, const char *uri,
463    const char *fsname, zfs_keyformat_t keyformat, boolean_t newkey,
464    uint8_t **restrict buf, size_t *restrict len_out)
465{
466	const char *path;
467	FILE *f = NULL;
468	int ret = 0;
469
470	/*
471	 * get_key_material() should guarantee we're only called for a file
472	 * URI.
473	 */
474	VERIFY0(strncmp(uri, "file://", 7));
475	path = uri + 7;
476
477	if ((f = fopen(path, "r")) == NULL) {
478		ret = errno;
479		errno = 0;
480		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
481		    "Failed to open key material file"));
482		return (ret);
483	}
484
485	ret = get_key_material_raw(f, keyformat, buf, len_out);
486
487	(void) fclose(f);
488
489	return (ret);
490}
491
492/*
493 * Attempts to fetch key material, no matter where it might live. The key
494 * material is allocated and returned in km_out. *can_retry_out will be set
495 * to B_TRUE if the user is providing the key material interactively, allowing
496 * for re-entry attempts.
497 */
498static int
499get_key_material(libzfs_handle_t *hdl, boolean_t do_verify, boolean_t newkey,
500    zfs_keyformat_t keyformat, char *keylocation, const char *fsname,
501    uint8_t **km_out, size_t *kmlen_out, boolean_t *can_retry_out)
502{
503	int ret;
504	zfs_keylocation_t keyloc = ZFS_KEYLOCATION_NONE;
505	uint8_t *km = NULL;
506	size_t kmlen = 0;
507	char *scheme = NULL;
508	zfs_uri_handler_t *handler = NULL;
509	boolean_t can_retry = B_FALSE;
510
511	/* verify and parse the keylocation */
512	ret = zfs_prop_parse_keylocation(hdl, keylocation, &keyloc, &scheme);
513	if (ret != 0)
514		goto error;
515
516	/* open the appropriate file descriptor */
517	switch (keyloc) {
518	case ZFS_KEYLOCATION_PROMPT:
519		if (isatty(fileno(stdin))) {
520			can_retry = B_TRUE;
521
522			ret = get_key_interactive(hdl, fsname, keyformat,
523			    do_verify, newkey, &km, &kmlen);
524		} else {
525			/* fetch the key material into the buffer */
526			ret = get_key_material_raw(stdin, keyformat, &km,
527			    &kmlen);
528		}
529		if (ret != 0)
530			goto error;
531		break;
532	case ZFS_KEYLOCATION_URI:
533		for (handler = uri_handlers; handler->zuh_scheme != NULL;
534		    handler++) {
535			if (strcmp(handler->zuh_scheme, scheme) != 0)
536				continue;
537			if ((ret = handler->zuh_handler(hdl, keylocation,
538			    fsname, keyformat, newkey, &km, &kmlen)) != 0)
539				goto error;
540		}
541		ret = ENOTSUP;
542		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
543		    "URI scheme is not supported"));
544		break;
545	default:
546		ret = EINVAL;
547		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
548		    "Invalid keylocation."));
549		goto error;
550	}
551
552	if ((ret = validate_key(hdl, keyformat, (const char *)km, kmlen)) != 0)
553		goto error;
554
555	*km_out = km;
556	*kmlen_out = kmlen;
557	if (can_retry_out != NULL)
558		*can_retry_out = can_retry;
559
560	free(scheme);
561	return (0);
562
563error:
564	freezero(km, kmlen);
565	free(scheme);
566
567	*km_out = NULL;
568	*kmlen_out = 0;
569
570	return (ret);
571}
572
573/* This needs to be fixed to be compatible with other platforms */
574
575static int
576pbkdf2(uint8_t *passphrase, size_t passphraselen, uint8_t *salt,
577    size_t saltlen, uint64_t iterations, uint8_t *output,
578    size_t outputlen)
579{
580	int ret = 0;
581	CK_SESSION_HANDLE session;
582	char *tmpkeydata = NULL;
583	size_t tmpkeydatalen = 0;
584	CK_OBJECT_HANDLE obj;
585
586	/* initialize output */
587	(void) memset(output, 0, outputlen);
588
589	ret = SUNW_C_GetMechSession(CKM_PKCS5_PBKD2, &session);
590	if (ret) {
591		(void) fprintf(stderr, "failed to connect to pkcs5: %s\n",
592		    pkcs11_strerror(ret));
593		return (ret);
594	}
595
596	ret = pkcs11_PasswdToPBKD2Object(session, (char *)passphrase,
597	    passphraselen, salt, saltlen, iterations, CKK_AES, outputlen, 0,
598	    &obj);
599
600	if (ret == CKR_OK)
601		ret = pkcs11_ObjectToKey(session, obj, (void **)&tmpkeydata,
602		    &tmpkeydatalen, B_TRUE);
603
604	(void) C_CloseSession(session);
605	if (ret) {
606		(void) fprintf(stderr, "unable to generate key: %s\n",
607		    pkcs11_strerror(ret));
608		return (ret);
609	}
610
611	/*
612	 * Because it allocates an area for the passphrase, we copy it out
613	 * then zero the original
614	 */
615	(void) memcpy(output, tmpkeydata, tmpkeydatalen);
616	(void) memset(tmpkeydata, 0, tmpkeydatalen);
617	free(tmpkeydata);
618
619	return (ret);
620}
621
622/* ARGSUSED */
623static int
624derive_key(libzfs_handle_t *hdl, zfs_keyformat_t format, uint64_t iters,
625    uint8_t *key_material, size_t key_material_len, uint64_t salt,
626    uint8_t **key_out)
627{
628	int ret;
629	uint8_t *key;
630
631	*key_out = NULL;
632
633	key = zfs_alloc(hdl, WRAPPING_KEY_LEN);
634	if (!key)
635		return (ENOMEM);
636
637	switch (format) {
638	case ZFS_KEYFORMAT_RAW:
639		bcopy(key_material, key, WRAPPING_KEY_LEN);
640		break;
641	case ZFS_KEYFORMAT_HEX:
642		ret = hex_key_to_raw((char *)key_material,
643		    WRAPPING_KEY_LEN * 2, key);
644		if (ret != 0) {
645			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
646			    "Invalid hex key provided."));
647			goto error;
648		}
649		break;
650	case ZFS_KEYFORMAT_PASSPHRASE:
651		salt = LE_64(salt);
652		ret = pbkdf2(key_material, strlen((char *)key_material),
653		    ((uint8_t *)&salt), sizeof (uint64_t), iters,
654		    key, WRAPPING_KEY_LEN);
655		if (ret != 0) {
656			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
657			    "Failed to generate key from passphrase."));
658			goto error;
659		}
660		break;
661	default:
662		ret = EINVAL;
663		goto error;
664	}
665
666	*key_out = key;
667	return (0);
668
669error:
670	free(key);
671
672	*key_out = NULL;
673	return (ret);
674}
675
676static boolean_t
677encryption_feature_is_enabled(zpool_handle_t *zph)
678{
679	nvlist_t *features;
680	uint64_t feat_refcount;
681
682	/* check that features can be enabled */
683	if (zpool_get_prop_int(zph, ZPOOL_PROP_VERSION, NULL)
684	    < SPA_VERSION_FEATURES)
685		return (B_FALSE);
686
687	/* check for crypto feature */
688	features = zpool_get_features(zph);
689	if (!features || nvlist_lookup_uint64(features,
690	    spa_feature_table[SPA_FEATURE_ENCRYPTION].fi_guid,
691	    &feat_refcount) != 0)
692		return (B_FALSE);
693
694	return (B_TRUE);
695}
696
697static int
698populate_create_encryption_params_nvlists(libzfs_handle_t *hdl,
699    zfs_handle_t *zhp, boolean_t newkey, zfs_keyformat_t keyformat,
700    char *keylocation, nvlist_t *props, uint8_t **wkeydata, uint_t *wkeylen)
701{
702	int ret;
703	uint64_t iters = 0, salt = 0;
704	uint8_t *key_material = NULL;
705	size_t key_material_len = 0;
706	uint8_t *key_data = NULL;
707	const char *fsname = (zhp) ? zfs_get_name(zhp) : NULL;
708
709	/* get key material from keyformat and keylocation */
710	ret = get_key_material(hdl, B_TRUE, newkey, keyformat, keylocation,
711	    fsname, &key_material, &key_material_len, NULL);
712	if (ret != 0)
713		goto error;
714
715	/* passphrase formats require a salt and pbkdf2 iters property */
716	if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
717#ifdef sun
718		arc4random_buf(&salt, sizeof (salt));
719#else
720		random_init();
721
722		ret = random_get_bytes((uint8_t *)&salt, sizeof (uint64_t));
723		if (ret != 0) {
724			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
725			    "Failed to generate salt."));
726			goto error;
727		}
728
729		random_fini();
730#endif
731
732		ret = nvlist_add_uint64(props,
733		    zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), salt);
734		if (ret != 0) {
735			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
736			    "Failed to add salt to properties."));
737			goto error;
738		}
739
740		/*
741		 * If not otherwise specified, use the default number of
742		 * pbkdf2 iterations. If specified, we have already checked
743		 * that the given value is greater than MIN_PBKDF2_ITERATIONS
744		 * during zfs_valid_proplist().
745		 */
746		ret = nvlist_lookup_uint64(props,
747		    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
748		if (ret == ENOENT) {
749			iters = DEFAULT_PBKDF2_ITERATIONS;
750			ret = nvlist_add_uint64(props,
751			    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), iters);
752			if (ret != 0)
753				goto error;
754		} else if (ret != 0) {
755			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
756			    "Failed to get pbkdf2 iterations."));
757			goto error;
758		}
759	} else {
760		/* check that pbkdf2iters was not specified by the user */
761		ret = nvlist_lookup_uint64(props,
762		    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &iters);
763		if (ret == 0) {
764			ret = EINVAL;
765			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
766			    "Cannot specify pbkdf2iters with a non-passphrase "
767			    "keyformat."));
768			goto error;
769		}
770	}
771
772	/* derive a key from the key material */
773	ret = derive_key(hdl, (zfs_keyformat_t)keyformat, iters, key_material,
774	    key_material_len, salt, &key_data);
775	if (ret != 0)
776		goto error;
777
778	free(key_material);
779
780	*wkeydata = key_data;
781	*wkeylen = WRAPPING_KEY_LEN;
782	return (0);
783
784error:
785	if (key_material != NULL)
786		free(key_material);
787	if (key_data != NULL)
788		free(key_data);
789
790	*wkeydata = NULL;
791	*wkeylen = 0;
792	return (ret);
793}
794
795static boolean_t
796proplist_has_encryption_props(nvlist_t *props)
797{
798	int ret;
799	uint64_t intval;
800	char *strval;
801
802	ret = nvlist_lookup_uint64(props,
803	    zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &intval);
804	if (ret == 0 && intval != ZIO_CRYPT_OFF)
805		return (B_TRUE);
806
807	ret = nvlist_lookup_string(props,
808	    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &strval);
809	if (ret == 0 && strcmp(strval, "none") != 0)
810		return (B_TRUE);
811
812	ret = nvlist_lookup_uint64(props,
813	    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &intval);
814	if (ret == 0)
815		return (B_TRUE);
816
817	ret = nvlist_lookup_uint64(props,
818	    zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS), &intval);
819	if (ret == 0)
820		return (B_TRUE);
821
822	return (B_FALSE);
823}
824
825int
826zfs_crypto_get_encryption_root(zfs_handle_t *zhp, boolean_t *is_encroot,
827    char *buf)
828{
829	int ret;
830	char prop_encroot[MAXNAMELEN];
831
832	/* if the dataset isn't encrypted, just return */
833	if (zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION) == ZIO_CRYPT_OFF) {
834		*is_encroot = B_FALSE;
835		if (buf != NULL)
836			buf[0] = '\0';
837		return (0);
838	}
839
840	ret = zfs_prop_get(zhp, ZFS_PROP_ENCRYPTION_ROOT, prop_encroot,
841	    sizeof (prop_encroot), NULL, NULL, 0, B_TRUE);
842	if (ret != 0) {
843		*is_encroot = B_FALSE;
844		if (buf != NULL)
845			buf[0] = '\0';
846		return (ret);
847	}
848
849	*is_encroot = strcmp(prop_encroot, zfs_get_name(zhp)) == 0;
850	if (buf != NULL)
851		(void) strcpy(buf, prop_encroot);
852
853	return (0);
854}
855
856int
857zfs_crypto_create(libzfs_handle_t *hdl, char *parent_name, nvlist_t *props,
858    nvlist_t *pool_props, boolean_t stdin_available, uint8_t **wkeydata_out,
859    uint_t *wkeylen_out)
860{
861	int ret;
862	uint64_t crypt = ZIO_CRYPT_INHERIT, pcrypt = ZIO_CRYPT_INHERIT;
863	uint64_t keyformat = ZFS_KEYFORMAT_NONE;
864	char *keylocation = NULL;
865	zfs_handle_t *pzhp = NULL;
866	uint8_t *wkeydata = NULL;
867	uint_t wkeylen = 0;
868	boolean_t local_crypt = B_TRUE;
869
870	/* lookup crypt from props */
871	ret = nvlist_lookup_uint64(props,
872	    zfs_prop_to_name(ZFS_PROP_ENCRYPTION), &crypt);
873	if (ret != 0)
874		local_crypt = B_FALSE;
875
876	/* lookup key location and format from props */
877	(void) nvlist_lookup_uint64(props,
878	    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
879	(void) nvlist_lookup_string(props,
880	    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
881
882	if (parent_name != NULL) {
883		/* get a reference to parent dataset */
884		pzhp = make_dataset_handle(hdl, parent_name);
885		if (pzhp == NULL) {
886			ret = ENOENT;
887			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
888			    "Failed to lookup parent."));
889			goto out;
890		}
891
892		/* Lookup parent's crypt */
893		pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
894
895		/* Params require the encryption feature */
896		if (!encryption_feature_is_enabled(pzhp->zpool_hdl)) {
897			if (proplist_has_encryption_props(props)) {
898				ret = EINVAL;
899				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
900				    "Encryption feature not enabled."));
901				goto out;
902			}
903
904			ret = 0;
905			goto out;
906		}
907	} else {
908		/*
909		 * special case for root dataset where encryption feature
910		 * feature won't be on disk yet
911		 */
912		if (!nvlist_exists(pool_props, "feature@encryption")) {
913			if (proplist_has_encryption_props(props)) {
914				ret = EINVAL;
915				zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
916				    "Encryption feature not enabled."));
917				goto out;
918			}
919
920			ret = 0;
921			goto out;
922		}
923
924		pcrypt = ZIO_CRYPT_OFF;
925	}
926
927	/* Get the inherited encryption property if we don't have it locally */
928	if (!local_crypt)
929		crypt = pcrypt;
930
931	/*
932	 * At this point crypt should be the actual encryption value. If
933	 * encryption is off just verify that no encryption properties have
934	 * been specified and return.
935	 */
936	if (crypt == ZIO_CRYPT_OFF) {
937		if (proplist_has_encryption_props(props)) {
938			ret = EINVAL;
939			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
940			    "Encryption must be turned on to set encryption "
941			    "properties."));
942			goto out;
943		}
944
945		ret = 0;
946		goto out;
947	}
948
949	/*
950	 * If we have a parent crypt it is valid to specify encryption alone.
951	 * This will result in a child that is encrypted with the chosen
952	 * encryption suite that will also inherit the parent's key. If
953	 * the parent is not encrypted we need an encryption suite provided.
954	 */
955	if (pcrypt == ZIO_CRYPT_OFF && keylocation == NULL &&
956	    keyformat == ZFS_KEYFORMAT_NONE) {
957		ret = EINVAL;
958		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
959		    "Keyformat required for new encryption root."));
960		goto out;
961	}
962
963	/*
964	 * Specifying a keylocation implies this will be a new encryption root.
965	 * Check that a keyformat is also specified.
966	 */
967	if (keylocation != NULL && keyformat == ZFS_KEYFORMAT_NONE) {
968		ret = EINVAL;
969		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
970		    "Keyformat required for new encryption root."));
971		goto out;
972	}
973
974	/* default to prompt if no keylocation is specified */
975	if (keyformat != ZFS_KEYFORMAT_NONE && keylocation == NULL) {
976		keylocation = "prompt";
977		ret = nvlist_add_string(props,
978		    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), keylocation);
979		if (ret != 0)
980			goto out;
981	}
982
983	/*
984	 * If a local key is provided, this dataset will be a new
985	 * encryption root. Populate the encryption params.
986	 */
987	if (keylocation != NULL) {
988		/*
989		 * 'zfs recv -o keylocation=prompt' won't work because stdin
990		 * is being used by the send stream, so we disallow it.
991		 */
992		if (!stdin_available && strcmp(keylocation, "prompt") == 0) {
993			ret = EINVAL;
994			zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "Cannot use "
995			    "'prompt' keylocation because stdin is in use."));
996			goto out;
997		}
998
999		ret = populate_create_encryption_params_nvlists(hdl, NULL,
1000		    B_FALSE, keyformat, keylocation, props, &wkeydata,
1001		    &wkeylen);
1002		if (ret != 0)
1003			goto out;
1004	}
1005
1006	if (pzhp != NULL)
1007		zfs_close(pzhp);
1008
1009	*wkeydata_out = wkeydata;
1010	*wkeylen_out = wkeylen;
1011	return (0);
1012
1013out:
1014	if (pzhp != NULL)
1015		zfs_close(pzhp);
1016	if (wkeydata != NULL)
1017		free(wkeydata);
1018
1019	*wkeydata_out = NULL;
1020	*wkeylen_out = 0;
1021	return (ret);
1022}
1023
1024int
1025zfs_crypto_clone_check(libzfs_handle_t *hdl, zfs_handle_t *origin_zhp,
1026    char *parent_name, nvlist_t *props)
1027{
1028	/*
1029	 * No encryption properties should be specified. They will all be
1030	 * inherited from the origin dataset.
1031	 */
1032	if (nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYFORMAT)) ||
1033	    nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_KEYLOCATION)) ||
1034	    nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_ENCRYPTION)) ||
1035	    nvlist_exists(props, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS))) {
1036		zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,
1037		    "Encryption properties must inherit from origin dataset."));
1038		return (EINVAL);
1039	}
1040
1041	return (0);
1042}
1043
1044typedef struct loadkeys_cbdata {
1045	uint64_t cb_numfailed;
1046	uint64_t cb_numattempted;
1047} loadkey_cbdata_t;
1048
1049static int
1050load_keys_cb(zfs_handle_t *zhp, void *arg)
1051{
1052	int ret;
1053	boolean_t is_encroot;
1054	loadkey_cbdata_t *cb = arg;
1055	uint64_t keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1056
1057	/* only attempt to load keys for encryption roots */
1058	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1059	if (ret != 0 || !is_encroot)
1060		goto out;
1061
1062	/* don't attempt to load already loaded keys */
1063	if (keystatus == ZFS_KEYSTATUS_AVAILABLE)
1064		goto out;
1065
1066	/* Attempt to load the key. Record status in cb. */
1067	cb->cb_numattempted++;
1068
1069	ret = zfs_crypto_load_key(zhp, B_FALSE, NULL);
1070	if (ret)
1071		cb->cb_numfailed++;
1072
1073out:
1074	(void) zfs_iter_filesystems(zhp, load_keys_cb, cb);
1075	zfs_close(zhp);
1076
1077	/* always return 0, since this function is best effort */
1078	return (0);
1079}
1080
1081/*
1082 * This function is best effort. It attempts to load all the keys for the given
1083 * filesystem and all of its children.
1084 */
1085int
1086zfs_crypto_attempt_load_keys(libzfs_handle_t *hdl, char *fsname)
1087{
1088	int ret;
1089	zfs_handle_t *zhp = NULL;
1090	loadkey_cbdata_t cb = { 0 };
1091
1092	zhp = zfs_open(hdl, fsname, ZFS_TYPE_FILESYSTEM | ZFS_TYPE_VOLUME);
1093	if (zhp == NULL) {
1094		ret = ENOENT;
1095		goto error;
1096	}
1097
1098	ret = load_keys_cb(zfs_handle_dup(zhp), &cb);
1099	if (ret)
1100		goto error;
1101
1102	(void) printf(gettext("%llu / %llu keys successfully loaded\n"),
1103	    (u_longlong_t)(cb.cb_numattempted - cb.cb_numfailed),
1104	    (u_longlong_t)cb.cb_numattempted);
1105
1106	if (cb.cb_numfailed != 0) {
1107		ret = -1;
1108		goto error;
1109	}
1110
1111	zfs_close(zhp);
1112	return (0);
1113
1114error:
1115	if (zhp != NULL)
1116		zfs_close(zhp);
1117	return (ret);
1118}
1119
1120int
1121zfs_crypto_load_key(zfs_handle_t *zhp, boolean_t noop, char *alt_keylocation)
1122{
1123	int ret, attempts = 0;
1124	char errbuf[1024];
1125	uint64_t keystatus, iters = 0, salt = 0;
1126	uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1127	char prop_keylocation[MAXNAMELEN];
1128	char prop_encroot[MAXNAMELEN];
1129	char *keylocation = NULL;
1130	uint8_t *key_material = NULL, *key_data = NULL;
1131	size_t key_material_len;
1132	boolean_t is_encroot, can_retry = B_FALSE, correctible = B_FALSE;
1133
1134	(void) snprintf(errbuf, sizeof (errbuf),
1135	    dgettext(TEXT_DOMAIN, "Key load error"));
1136
1137	/* check that encryption is enabled for the pool */
1138	if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1139		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1140		    "Encryption feature not enabled."));
1141		ret = EINVAL;
1142		goto error;
1143	}
1144
1145	/* Fetch the keyformat. Check that the dataset is encrypted. */
1146	keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1147	if (keyformat == ZFS_KEYFORMAT_NONE) {
1148		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1149		    "'%s' is not encrypted."), zfs_get_name(zhp));
1150		ret = EINVAL;
1151		goto error;
1152	}
1153
1154	/*
1155	 * Fetch the key location. Check that we are working with an
1156	 * encryption root.
1157	 */
1158	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1159	if (ret != 0) {
1160		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1161		    "Failed to get encryption root for '%s'."),
1162		    zfs_get_name(zhp));
1163		goto error;
1164	} else if (!is_encroot) {
1165		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1166		    "Keys must be loaded for encryption root of '%s' (%s)."),
1167		    zfs_get_name(zhp), prop_encroot);
1168		ret = EINVAL;
1169		goto error;
1170	}
1171
1172	/*
1173	 * if the caller has elected to override the keylocation property
1174	 * use that instead
1175	 */
1176	if (alt_keylocation != NULL) {
1177		keylocation = alt_keylocation;
1178	} else {
1179		ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION, prop_keylocation,
1180		    sizeof (prop_keylocation), NULL, NULL, 0, B_TRUE);
1181		if (ret != 0) {
1182			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1183			    "Failed to get keylocation for '%s'."),
1184			    zfs_get_name(zhp));
1185			goto error;
1186		}
1187
1188		keylocation = prop_keylocation;
1189	}
1190
1191	/* check that the key is unloaded unless this is a noop */
1192	if (!noop) {
1193		keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1194		if (keystatus == ZFS_KEYSTATUS_AVAILABLE) {
1195			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1196			    "Key already loaded for '%s'."), zfs_get_name(zhp));
1197			ret = EEXIST;
1198			goto error;
1199		}
1200	}
1201
1202	/* passphrase formats require a salt and pbkdf2_iters property */
1203	if (keyformat == ZFS_KEYFORMAT_PASSPHRASE) {
1204		salt = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_SALT);
1205		iters = zfs_prop_get_int(zhp, ZFS_PROP_PBKDF2_ITERS);
1206	}
1207
1208try_again:
1209	/* fetching and deriving the key are correctible errors. set the flag */
1210	correctible = B_TRUE;
1211
1212	/* get key material from key format and location */
1213	ret = get_key_material(zhp->zfs_hdl, B_FALSE, B_FALSE, keyformat,
1214	    keylocation, zfs_get_name(zhp), &key_material, &key_material_len,
1215	    &can_retry);
1216	if (ret != 0)
1217		goto error;
1218
1219	/* derive a key from the key material */
1220	ret = derive_key(zhp->zfs_hdl, keyformat, iters, key_material,
1221	    key_material_len, salt, &key_data);
1222	if (ret != 0)
1223		goto error;
1224
1225	correctible = B_FALSE;
1226
1227	/* pass the wrapping key and noop flag to the ioctl */
1228	ret = lzc_load_key(zhp->zfs_name, noop, key_data, WRAPPING_KEY_LEN);
1229	if (ret != 0) {
1230		switch (ret) {
1231		case EINVAL:
1232			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1233			    "Invalid parameters provided for %s."),
1234			    zfs_get_name(zhp));
1235			break;
1236		case EEXIST:
1237			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1238			    "Key already loaded for '%s'."), zfs_get_name(zhp));
1239			break;
1240		case EBUSY:
1241			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1242			    "'%s' is busy."), zfs_get_name(zhp));
1243			break;
1244		case EACCES:
1245			correctible = B_TRUE;
1246			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1247			    "Incorrect key provided for '%s'."),
1248			    zfs_get_name(zhp));
1249			break;
1250		}
1251		goto error;
1252	}
1253
1254	free(key_material);
1255	free(key_data);
1256
1257	return (0);
1258
1259error:
1260	(void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1261	if (key_material != NULL) {
1262		free(key_material);
1263		key_material = NULL;
1264	}
1265	if (key_data != NULL) {
1266		free(key_data);
1267		key_data  = NULL;
1268	}
1269
1270	/*
1271	 * Here we decide if it is ok to allow the user to retry entering their
1272	 * key. The can_retry flag will be set if the user is entering their
1273	 * key from an interactive prompt. The correctible flag will only be
1274	 * set if an error that occured could be corrected by retrying. Both
1275	 * flags are needed to allow the user to attempt key entry again
1276	 */
1277	if (can_retry && correctible && attempts <= MAX_KEY_PROMPT_ATTEMPTS) {
1278		attempts++;
1279		goto try_again;
1280	}
1281
1282	return (ret);
1283}
1284
1285int
1286zfs_crypto_unload_key(zfs_handle_t *zhp)
1287{
1288	int ret;
1289	char errbuf[1024];
1290	char prop_encroot[MAXNAMELEN];
1291	uint64_t keystatus, keyformat;
1292	boolean_t is_encroot;
1293
1294	(void) snprintf(errbuf, sizeof (errbuf),
1295	    dgettext(TEXT_DOMAIN, "Key unload error"));
1296
1297	/* check that encryption is enabled for the pool */
1298	if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1299		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1300		    "Encryption feature not enabled."));
1301		ret = EINVAL;
1302		goto error;
1303	}
1304
1305	/* Fetch the keyformat. Check that the dataset is encrypted. */
1306	keyformat = zfs_prop_get_int(zhp, ZFS_PROP_KEYFORMAT);
1307	if (keyformat == ZFS_KEYFORMAT_NONE) {
1308		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1309		    "'%s' is not encrypted."), zfs_get_name(zhp));
1310		ret = EINVAL;
1311		goto error;
1312	}
1313
1314	/*
1315	 * Fetch the key location. Check that we are working with an
1316	 * encryption root.
1317	 */
1318	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, prop_encroot);
1319	if (ret != 0) {
1320		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1321		    "Failed to get encryption root for '%s'."),
1322		    zfs_get_name(zhp));
1323		goto error;
1324	} else if (!is_encroot) {
1325		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1326		    "Keys must be unloaded for encryption root of '%s' (%s)."),
1327		    zfs_get_name(zhp), prop_encroot);
1328		ret = EINVAL;
1329		goto error;
1330	}
1331
1332	/* check that the key is loaded */
1333	keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1334	if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1335		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1336		    "Key already unloaded for '%s'."), zfs_get_name(zhp));
1337		ret = EACCES;
1338		goto error;
1339	}
1340
1341	/* call the ioctl */
1342	ret = lzc_unload_key(zhp->zfs_name);
1343
1344	if (ret != 0) {
1345		switch (ret) {
1346		case EACCES:
1347			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1348			    "Key already unloaded for '%s'."),
1349			    zfs_get_name(zhp));
1350			break;
1351		case EBUSY:
1352			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1353			    "'%s' is busy."), zfs_get_name(zhp));
1354			break;
1355		}
1356		(void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1357	}
1358
1359	return (ret);
1360
1361error:
1362	(void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1363	return (ret);
1364}
1365
1366static int
1367zfs_crypto_verify_rewrap_nvlist(zfs_handle_t *zhp, nvlist_t *props,
1368    nvlist_t **props_out, char *errbuf)
1369{
1370	int ret;
1371	nvpair_t *elem = NULL;
1372	zfs_prop_t prop;
1373	nvlist_t *new_props = NULL;
1374
1375	new_props = fnvlist_alloc();
1376
1377	/*
1378	 * loop through all provided properties, we should only have
1379	 * keyformat, keylocation and pbkdf2iters. The actual validation of
1380	 * values is done by zfs_valid_proplist().
1381	 */
1382	while ((elem = nvlist_next_nvpair(props, elem)) != NULL) {
1383		const char *propname = nvpair_name(elem);
1384		prop = zfs_name_to_prop(propname);
1385
1386		switch (prop) {
1387		case ZFS_PROP_PBKDF2_ITERS:
1388		case ZFS_PROP_KEYFORMAT:
1389		case ZFS_PROP_KEYLOCATION:
1390			break;
1391		default:
1392			ret = EINVAL;
1393			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1394			    "Only keyformat, keylocation and pbkdf2iters may "
1395			    "be set with this command."));
1396			goto error;
1397		}
1398	}
1399
1400	new_props = zfs_valid_proplist(zhp->zfs_hdl, zhp->zfs_type, props,
1401	    zfs_prop_get_int(zhp, ZFS_PROP_ZONED), NULL, zhp->zpool_hdl,
1402	    B_TRUE, errbuf);
1403	if (new_props == NULL)
1404		goto error;
1405
1406	*props_out = new_props;
1407	return (0);
1408
1409error:
1410	nvlist_free(new_props);
1411	*props_out = NULL;
1412	return (ret);
1413}
1414
1415int
1416zfs_crypto_rewrap(zfs_handle_t *zhp, nvlist_t *raw_props, boolean_t inheritkey)
1417{
1418	int ret;
1419	char errbuf[1024];
1420	boolean_t is_encroot;
1421	nvlist_t *props = NULL;
1422	uint8_t *wkeydata = NULL;
1423	uint_t wkeylen = 0;
1424	dcp_cmd_t cmd = (inheritkey) ? DCP_CMD_INHERIT : DCP_CMD_NEW_KEY;
1425	uint64_t crypt, pcrypt, keystatus, pkeystatus;
1426	uint64_t keyformat = ZFS_KEYFORMAT_NONE;
1427	zfs_handle_t *pzhp = NULL;
1428	char *keylocation = NULL;
1429	char origin_name[MAXNAMELEN];
1430	char prop_keylocation[MAXNAMELEN];
1431	char parent_name[ZFS_MAX_DATASET_NAME_LEN];
1432
1433	(void) snprintf(errbuf, sizeof (errbuf),
1434	    dgettext(TEXT_DOMAIN, "Key change error"));
1435
1436	/* check that encryption is enabled for the pool */
1437	if (!encryption_feature_is_enabled(zhp->zpool_hdl)) {
1438		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1439		    "Encryption feature not enabled."));
1440		ret = EINVAL;
1441		goto error;
1442	}
1443
1444	/* get crypt from dataset */
1445	crypt = zfs_prop_get_int(zhp, ZFS_PROP_ENCRYPTION);
1446	if (crypt == ZIO_CRYPT_OFF) {
1447		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1448		    "Dataset not encrypted."));
1449		ret = EINVAL;
1450		goto error;
1451	}
1452
1453	/* get the encryption root of the dataset */
1454	ret = zfs_crypto_get_encryption_root(zhp, &is_encroot, NULL);
1455	if (ret != 0) {
1456		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1457		    "Failed to get encryption root for '%s'."),
1458		    zfs_get_name(zhp));
1459		goto error;
1460	}
1461
1462	/* Clones use their origin's key and cannot rewrap it */
1463	ret = zfs_prop_get(zhp, ZFS_PROP_ORIGIN, origin_name,
1464	    sizeof (origin_name), NULL, NULL, 0, B_TRUE);
1465	if (ret == 0 && strcmp(origin_name, "") != 0) {
1466		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1467		    "Keys cannot be changed on clones."));
1468		ret = EINVAL;
1469		goto error;
1470	}
1471
1472	/*
1473	 * If the user wants to use the inheritkey variant of this function
1474	 * we don't need to collect any crypto arguments.
1475	 */
1476	if (!inheritkey) {
1477		/* validate the provided properties */
1478		ret = zfs_crypto_verify_rewrap_nvlist(zhp, raw_props, &props,
1479		    errbuf);
1480		if (ret != 0)
1481			goto error;
1482
1483		/*
1484		 * Load keyformat and keylocation from the nvlist. Fetch from
1485		 * the dataset properties if not specified.
1486		 */
1487		(void) nvlist_lookup_uint64(props,
1488		    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), &keyformat);
1489		(void) nvlist_lookup_string(props,
1490		    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), &keylocation);
1491
1492		if (is_encroot) {
1493			/*
1494			 * If this is already an ecryption root, just keep
1495			 * any properties not set by the user.
1496			 */
1497			if (keyformat == ZFS_KEYFORMAT_NONE) {
1498				keyformat = zfs_prop_get_int(zhp,
1499				    ZFS_PROP_KEYFORMAT);
1500				ret = nvlist_add_uint64(props,
1501				    zfs_prop_to_name(ZFS_PROP_KEYFORMAT),
1502				    keyformat);
1503			}
1504
1505			if (keylocation == NULL) {
1506				ret = zfs_prop_get(zhp, ZFS_PROP_KEYLOCATION,
1507				    prop_keylocation, sizeof (prop_keylocation),
1508				    NULL, NULL, 0, B_TRUE);
1509				if (ret != 0) {
1510					zfs_error_aux(zhp->zfs_hdl,
1511					    dgettext(TEXT_DOMAIN, "Failed to "
1512					    "get existing keylocation "
1513					    "property."));
1514					goto error;
1515				}
1516
1517				keylocation = prop_keylocation;
1518			}
1519		} else {
1520			/* need a new key for non-encryption roots */
1521			if (keyformat == ZFS_KEYFORMAT_NONE) {
1522				ret = EINVAL;
1523				zfs_error_aux(zhp->zfs_hdl,
1524				    dgettext(TEXT_DOMAIN, "Keyformat required "
1525				    "for new encryption root."));
1526				goto error;
1527			}
1528
1529			/* default to prompt if no keylocation is specified */
1530			if (keylocation == NULL) {
1531				keylocation = "prompt";
1532				ret = nvlist_add_string(props,
1533				    zfs_prop_to_name(ZFS_PROP_KEYLOCATION),
1534				    keylocation);
1535				if (ret != 0)
1536					goto error;
1537			}
1538		}
1539
1540		/* fetch the new wrapping key and associated properties */
1541		ret = populate_create_encryption_params_nvlists(zhp->zfs_hdl,
1542		    zhp, B_TRUE, keyformat, keylocation, props, &wkeydata,
1543		    &wkeylen);
1544		if (ret != 0)
1545			goto error;
1546	} else {
1547		/* check that zhp is an encryption root */
1548		if (!is_encroot) {
1549			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1550			    "Key inheriting can only be performed on "
1551			    "encryption roots."));
1552			ret = EINVAL;
1553			goto error;
1554		}
1555
1556		/* get the parent's name */
1557		ret = zfs_parent_name(zhp, parent_name, sizeof (parent_name));
1558		if (ret != 0) {
1559			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1560			    "Root dataset cannot inherit key."));
1561			ret = EINVAL;
1562			goto error;
1563		}
1564
1565		/* get a handle to the parent */
1566		pzhp = make_dataset_handle(zhp->zfs_hdl, parent_name);
1567		if (pzhp == NULL) {
1568			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1569			    "Failed to lookup parent."));
1570			ret = ENOENT;
1571			goto error;
1572		}
1573
1574		/* parent must be encrypted */
1575		pcrypt = zfs_prop_get_int(pzhp, ZFS_PROP_ENCRYPTION);
1576		if (pcrypt == ZIO_CRYPT_OFF) {
1577			zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1578			    "Parent must be encrypted."));
1579			ret = EINVAL;
1580			goto error;
1581		}
1582
1583		/* check that the parent's key is loaded */
1584		pkeystatus = zfs_prop_get_int(pzhp, ZFS_PROP_KEYSTATUS);
1585		if (pkeystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1586			zfs_error_aux(pzhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1587			    "Parent key must be loaded."));
1588			ret = EACCES;
1589			goto error;
1590		}
1591	}
1592
1593	/* check that the key is loaded */
1594	keystatus = zfs_prop_get_int(zhp, ZFS_PROP_KEYSTATUS);
1595	if (keystatus == ZFS_KEYSTATUS_UNAVAILABLE) {
1596		zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1597		    "Key must be loaded."));
1598		ret = EACCES;
1599		goto error;
1600	}
1601
1602	/* call the ioctl */
1603	ret = lzc_change_key(zhp->zfs_name, cmd, props, wkeydata, wkeylen);
1604	if (ret != 0) {
1605		switch (ret) {
1606		case EINVAL:
1607			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1608			    "Invalid properties for key change."));
1609			break;
1610		case EACCES:
1611			zfs_error_aux(zhp->zfs_hdl, dgettext(TEXT_DOMAIN,
1612			    "Key is not currently loaded."));
1613			break;
1614		}
1615		(void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1616	}
1617
1618	if (pzhp != NULL)
1619		zfs_close(pzhp);
1620	if (props != NULL)
1621		nvlist_free(props);
1622	if (wkeydata != NULL)
1623		free(wkeydata);
1624
1625	return (ret);
1626
1627error:
1628	if (pzhp != NULL)
1629		zfs_close(pzhp);
1630	if (props != NULL)
1631		nvlist_free(props);
1632	if (wkeydata != NULL)
1633		free(wkeydata);
1634
1635	(void) zfs_error(zhp->zfs_hdl, EZFS_CRYPTOFAILED, errbuf);
1636	return (ret);
1637}
1638