1eb633035STom Caputi /* 2eb633035STom Caputi * CDDL HEADER START 3eb633035STom Caputi * 4eb633035STom Caputi * This file and its contents are supplied under the terms of the 5eb633035STom Caputi * Common Development and Distribution License ("CDDL"), version 1.0. 6eb633035STom Caputi * You may only use this file in accordance with the terms of version 7eb633035STom Caputi * 1.0 of the CDDL. 8eb633035STom Caputi * 9eb633035STom Caputi * A full copy of the text of the CDDL should have accompanied this 10eb633035STom Caputi * source. A copy of the CDDL is also available via the Internet at 11eb633035STom Caputi * http://www.illumos.org/license/CDDL. 12eb633035STom Caputi * 13eb633035STom Caputi * CDDL HEADER END 14eb633035STom Caputi */ 15eb633035STom Caputi 16eb633035STom Caputi /* 17eb633035STom Caputi * Copyright (c) 2017, Datto, Inc. All rights reserved. 18eb633035STom Caputi */ 19eb633035STom Caputi 20eb633035STom Caputi #ifndef _SYS_DSL_CRYPT_H 21eb633035STom Caputi #define _SYS_DSL_CRYPT_H 22eb633035STom Caputi 23eb633035STom Caputi #include <sys/dmu_tx.h> 24eb633035STom Caputi #include <sys/dmu.h> 25eb633035STom Caputi #include <sys/zio_crypt.h> 26eb633035STom Caputi #include <sys/spa.h> 27eb633035STom Caputi #include <sys/dsl_dataset.h> 28eb633035STom Caputi 29eb633035STom Caputi /* 30eb633035STom Caputi * ZAP entry keys for DSL Crypto Keys stored on disk. In addition, 31eb633035STom Caputi * ZFS_PROP_KEYFORMAT, ZFS_PROP_PBKDF2_SALT, and ZFS_PROP_PBKDF2_ITERS are 32eb633035STom Caputi * also maintained here using their respective property names. 33eb633035STom Caputi */ 34eb633035STom Caputi #define DSL_CRYPTO_KEY_CRYPTO_SUITE "DSL_CRYPTO_SUITE" 35eb633035STom Caputi #define DSL_CRYPTO_KEY_GUID "DSL_CRYPTO_GUID" 36eb633035STom Caputi #define DSL_CRYPTO_KEY_IV "DSL_CRYPTO_IV" 37eb633035STom Caputi #define DSL_CRYPTO_KEY_MAC "DSL_CRYPTO_MAC" 38eb633035STom Caputi #define DSL_CRYPTO_KEY_MASTER_KEY "DSL_CRYPTO_MASTER_KEY_1" 39eb633035STom Caputi #define DSL_CRYPTO_KEY_HMAC_KEY "DSL_CRYPTO_HMAC_KEY_1" 40eb633035STom Caputi #define DSL_CRYPTO_KEY_ROOT_DDOBJ "DSL_CRYPTO_ROOT_DDOBJ" 41eb633035STom Caputi #define DSL_CRYPTO_KEY_REFCOUNT "DSL_CRYPTO_REFCOUNT" 42eb633035STom Caputi #define DSL_CRYPTO_KEY_VERSION "DSL_CRYPTO_VERSION" 43eb633035STom Caputi 44eb633035STom Caputi /* 45eb633035STom Caputi * In-memory representation of a wrapping key. One of these structs will exist 46eb633035STom Caputi * for each encryption root with its key loaded. 47eb633035STom Caputi */ 48eb633035STom Caputi typedef struct dsl_wrapping_key { 49eb633035STom Caputi /* link on spa_keystore_t:sk_wkeys */ 50eb633035STom Caputi avl_node_t wk_avl_link; 51eb633035STom Caputi 52eb633035STom Caputi /* keyformat property enum */ 53eb633035STom Caputi zfs_keyformat_t wk_keyformat; 54eb633035STom Caputi 55eb633035STom Caputi /* the pbkdf2 salt, if the keyformat is of type passphrase */ 56eb633035STom Caputi uint64_t wk_salt; 57eb633035STom Caputi 58eb633035STom Caputi /* the pbkdf2 iterations, if the keyformat is of type passphrase */ 59eb633035STom Caputi uint64_t wk_iters; 60eb633035STom Caputi 61eb633035STom Caputi /* actual wrapping key */ 62eb633035STom Caputi crypto_key_t wk_key; 63eb633035STom Caputi 64eb633035STom Caputi /* refcount of holders of this key */ 65eb633035STom Caputi zfs_refcount_t wk_refcnt; 66eb633035STom Caputi 67eb633035STom Caputi /* dsl directory object that owns this wrapping key */ 68eb633035STom Caputi uint64_t wk_ddobj; 69eb633035STom Caputi } dsl_wrapping_key_t; 70eb633035STom Caputi 71eb633035STom Caputi /* enum of commands indicating special actions that should be run */ 72eb633035STom Caputi typedef enum dcp_cmd { 73eb633035STom Caputi /* key creation commands */ 74eb633035STom Caputi DCP_CMD_NONE = 0, /* no specific command */ 75eb633035STom Caputi DCP_CMD_RAW_RECV, /* raw receive */ 76eb633035STom Caputi 77eb633035STom Caputi /* key changing commands */ 78eb633035STom Caputi DCP_CMD_NEW_KEY, /* rewrap key as an encryption root */ 79eb633035STom Caputi DCP_CMD_INHERIT, /* rewrap key with parent's wrapping key */ 80eb633035STom Caputi DCP_CMD_FORCE_NEW_KEY, /* change to encryption root without rewrap */ 81eb633035STom Caputi DCP_CMD_FORCE_INHERIT, /* inherit parent's key without rewrap */ 82eb633035STom Caputi 83eb633035STom Caputi DCP_CMD_MAX 84eb633035STom Caputi } dcp_cmd_t; 85eb633035STom Caputi 86eb633035STom Caputi /* 87eb633035STom Caputi * This struct is a simple wrapper around all the parameters that are usually 88eb633035STom Caputi * required to setup encryption. It exists so that all of the params can be 89eb633035STom Caputi * passed around the kernel together for convenience. 90eb633035STom Caputi */ 91eb633035STom Caputi typedef struct dsl_crypto_params { 92eb633035STom Caputi /* command indicating intended action */ 93eb633035STom Caputi dcp_cmd_t cp_cmd; 94eb633035STom Caputi 95eb633035STom Caputi /* the encryption algorithm */ 96eb633035STom Caputi enum zio_encrypt cp_crypt; 97eb633035STom Caputi 98eb633035STom Caputi /* keylocation property string */ 99eb633035STom Caputi char *cp_keylocation; 100eb633035STom Caputi 101eb633035STom Caputi /* the wrapping key */ 102eb633035STom Caputi dsl_wrapping_key_t *cp_wkey; 103eb633035STom Caputi } dsl_crypto_params_t; 104eb633035STom Caputi 105eb633035STom Caputi /* 106eb633035STom Caputi * In-memory representation of a DSL Crypto Key object. One of these structs 107eb633035STom Caputi * (and corresponding on-disk ZAP object) will exist for each encrypted 108eb633035STom Caputi * clone family that is mounted or otherwise reading protected data. 109eb633035STom Caputi */ 110eb633035STom Caputi typedef struct dsl_crypto_key { 111eb633035STom Caputi /* link on spa_keystore_t:sk_dsl_keys */ 112eb633035STom Caputi avl_node_t dck_avl_link; 113eb633035STom Caputi 114eb633035STom Caputi /* refcount of dsl_key_mapping_t's holding this key */ 115eb633035STom Caputi zfs_refcount_t dck_holds; 116eb633035STom Caputi 117eb633035STom Caputi /* master key used to derive encryption keys */ 118eb633035STom Caputi zio_crypt_key_t dck_key; 119eb633035STom Caputi 120eb633035STom Caputi /* wrapping key for syncing this structure to disk */ 121eb633035STom Caputi dsl_wrapping_key_t *dck_wkey; 122eb633035STom Caputi 123eb633035STom Caputi /* on-disk object id */ 124eb633035STom Caputi uint64_t dck_obj; 125eb633035STom Caputi } dsl_crypto_key_t; 126eb633035STom Caputi 127eb633035STom Caputi /* 128eb633035STom Caputi * In-memory mapping of a dataset object id to a DSL Crypto Key. This is used 129eb633035STom Caputi * to look up the corresponding dsl_crypto_key_t from the zio layer for 130eb633035STom Caputi * performing data encryption and decryption. 131eb633035STom Caputi */ 132eb633035STom Caputi typedef struct dsl_key_mapping { 133eb633035STom Caputi /* link on spa_keystore_t:sk_key_mappings */ 134eb633035STom Caputi avl_node_t km_avl_link; 135eb633035STom Caputi 136eb633035STom Caputi /* refcount of how many users are depending on this mapping */ 137eb633035STom Caputi zfs_refcount_t km_refcnt; 138eb633035STom Caputi 139eb633035STom Caputi /* dataset this crypto key belongs to (index) */ 140eb633035STom Caputi uint64_t km_dsobj; 141eb633035STom Caputi 142eb633035STom Caputi /* crypto key (value) of this record */ 143eb633035STom Caputi dsl_crypto_key_t *km_key; 144eb633035STom Caputi } dsl_key_mapping_t; 145eb633035STom Caputi 146eb633035STom Caputi /* in memory structure for holding all wrapping and dsl keys */ 147eb633035STom Caputi typedef struct spa_keystore { 148eb633035STom Caputi /* lock for protecting sk_dsl_keys */ 149eb633035STom Caputi krwlock_t sk_dk_lock; 150eb633035STom Caputi 151eb633035STom Caputi /* tree of all dsl_crypto_key_t's */ 152eb633035STom Caputi avl_tree_t sk_dsl_keys; 153eb633035STom Caputi 154eb633035STom Caputi /* lock for protecting sk_key_mappings */ 155eb633035STom Caputi krwlock_t sk_km_lock; 156eb633035STom Caputi 157eb633035STom Caputi /* tree of all dsl_key_mapping_t's, indexed by dsobj */ 158eb633035STom Caputi avl_tree_t sk_key_mappings; 159eb633035STom Caputi 160eb633035STom Caputi /* lock for protecting the wrapping keys tree */ 161eb633035STom Caputi krwlock_t sk_wkeys_lock; 162eb633035STom Caputi 163eb633035STom Caputi /* tree of all dsl_wrapping_key_t's, indexed by ddobj */ 164eb633035STom Caputi avl_tree_t sk_wkeys; 165eb633035STom Caputi } spa_keystore_t; 166eb633035STom Caputi 167*d8f839f9SJason King typedef struct spa_keystore_change_key_args { 168*d8f839f9SJason King const char *skcka_dsname; 169*d8f839f9SJason King dsl_crypto_params_t *skcka_cp; 170*d8f839f9SJason King } spa_keystore_change_key_args_t; 171*d8f839f9SJason King 172eb633035STom Caputi int dsl_crypto_params_create_nvlist(dcp_cmd_t cmd, nvlist_t *props, 173eb633035STom Caputi nvlist_t *crypto_args, dsl_crypto_params_t **dcp_out); 174eb633035STom Caputi void dsl_crypto_params_free(dsl_crypto_params_t *dcp, boolean_t unload); 175eb633035STom Caputi void dsl_dataset_crypt_stats(struct dsl_dataset *ds, nvlist_t *nv); 176eb633035STom Caputi int dsl_crypto_can_set_keylocation(const char *dsname, const char *keylocation); 177eb633035STom Caputi boolean_t dsl_dir_incompatible_encryption_version(dsl_dir_t *dd); 178eb633035STom Caputi 179eb633035STom Caputi void spa_keystore_init(spa_keystore_t *sk); 180eb633035STom Caputi void spa_keystore_fini(spa_keystore_t *sk); 181eb633035STom Caputi 182eb633035STom Caputi void spa_keystore_dsl_key_rele(spa_t *spa, dsl_crypto_key_t *dck, void *tag); 183eb633035STom Caputi int spa_keystore_load_wkey_impl(spa_t *spa, dsl_wrapping_key_t *wkey); 184eb633035STom Caputi int spa_keystore_load_wkey(const char *dsname, dsl_crypto_params_t *dcp, 185eb633035STom Caputi boolean_t noop); 186eb633035STom Caputi int spa_keystore_unload_wkey_impl(spa_t *spa, uint64_t ddobj); 187eb633035STom Caputi int spa_keystore_unload_wkey(const char *dsname); 188eb633035STom Caputi 189eb633035STom Caputi int spa_keystore_create_mapping(spa_t *spa, struct dsl_dataset *ds, void *tag, 190eb633035STom Caputi dsl_key_mapping_t **km_out); 191eb633035STom Caputi int spa_keystore_remove_mapping(spa_t *spa, uint64_t dsobj, void *tag); 192eb633035STom Caputi void key_mapping_add_ref(dsl_key_mapping_t *km, void *tag); 193eb633035STom Caputi void key_mapping_rele(spa_t *spa, dsl_key_mapping_t *km, void *tag); 194eb633035STom Caputi int spa_keystore_lookup_key(spa_t *spa, uint64_t dsobj, void *tag, 195eb633035STom Caputi dsl_crypto_key_t **dck_out); 196eb633035STom Caputi 197eb633035STom Caputi int dsl_crypto_populate_key_nvlist(struct dsl_dataset *ds, 198eb633035STom Caputi uint64_t from_ivset_guid, nvlist_t **nvl_out); 199eb633035STom Caputi int dsl_crypto_recv_raw_key_check(struct dsl_dataset *ds, 200eb633035STom Caputi nvlist_t *nvl, dmu_tx_t *tx); 201eb633035STom Caputi void dsl_crypto_recv_raw_key_sync(struct dsl_dataset *ds, 202eb633035STom Caputi nvlist_t *nvl, dmu_tx_t *tx); 203eb633035STom Caputi int dsl_crypto_recv_raw(const char *poolname, uint64_t dsobj, uint64_t fromobj, 204eb633035STom Caputi dmu_objset_type_t ostype, nvlist_t *nvl, boolean_t do_key); 205eb633035STom Caputi 206eb633035STom Caputi int spa_keystore_change_key(const char *dsname, dsl_crypto_params_t *dcp); 207*d8f839f9SJason King int spa_keystore_change_key_check(void *arg, dmu_tx_t *tx); 208*d8f839f9SJason King void spa_keystore_change_key_sync(void *arg, dmu_tx_t *tx); 209eb633035STom Caputi int dsl_dir_rename_crypt_check(dsl_dir_t *dd, dsl_dir_t *newparent); 210eb633035STom Caputi int dsl_dataset_promote_crypt_check(dsl_dir_t *target, dsl_dir_t *origin); 211eb633035STom Caputi void dsl_dataset_promote_crypt_sync(dsl_dir_t *target, dsl_dir_t *origin, 212eb633035STom Caputi dmu_tx_t *tx); 213eb633035STom Caputi int dmu_objset_create_crypt_check(dsl_dir_t *parentdd, 214eb633035STom Caputi dsl_crypto_params_t *dcp, boolean_t *will_encrypt); 215eb633035STom Caputi void dsl_dataset_create_crypt_sync(uint64_t dsobj, dsl_dir_t *dd, 216eb633035STom Caputi struct dsl_dataset *origin, dsl_crypto_params_t *dcp, dmu_tx_t *tx); 217eb633035STom Caputi uint64_t dsl_crypto_key_create_sync(uint64_t crypt, dsl_wrapping_key_t *wkey, 218eb633035STom Caputi dmu_tx_t *tx); 219eb633035STom Caputi uint64_t dsl_crypto_key_clone_sync(dsl_dir_t *origindd, dmu_tx_t *tx); 220eb633035STom Caputi void dsl_crypto_key_destroy_sync(uint64_t dckobj, dmu_tx_t *tx); 221eb633035STom Caputi 222eb633035STom Caputi int spa_crypt_get_salt(spa_t *spa, uint64_t dsobj, uint8_t *salt); 223eb633035STom Caputi int spa_do_crypt_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, 224eb633035STom Caputi abd_t *abd, uint_t datalen, uint8_t *mac); 225eb633035STom Caputi int spa_do_crypt_objset_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, 226eb633035STom Caputi abd_t *abd, uint_t datalen, boolean_t byteswap); 227eb633035STom Caputi int spa_do_crypt_abd(boolean_t encrypt, spa_t *spa, const zbookmark_phys_t *zb, 228eb633035STom Caputi dmu_object_type_t ot, boolean_t dedup, boolean_t bswap, uint8_t *salt, 229eb633035STom Caputi uint8_t *iv, uint8_t *mac, uint_t datalen, abd_t *pabd, abd_t *cabd, 230eb633035STom Caputi boolean_t *no_crypt); 231eb633035STom Caputi 232eb633035STom Caputi #endif /* _SYS_DSL_CRYPT_H */ 233