1*eb633035STom Caputi /* 2*eb633035STom Caputi * CDDL HEADER START 3*eb633035STom Caputi * 4*eb633035STom Caputi * This file and its contents are supplied under the terms of the 5*eb633035STom Caputi * Common Development and Distribution License ("CDDL"), version 1.0. 6*eb633035STom Caputi * You may only use this file in accordance with the terms of version 7*eb633035STom Caputi * 1.0 of the CDDL. 8*eb633035STom Caputi * 9*eb633035STom Caputi * A full copy of the text of the CDDL should have accompanied this 10*eb633035STom Caputi * source. A copy of the CDDL is also available via the Internet at 11*eb633035STom Caputi * http://www.illumos.org/license/CDDL. 12*eb633035STom Caputi * 13*eb633035STom Caputi * CDDL HEADER END 14*eb633035STom Caputi */ 15*eb633035STom Caputi 16*eb633035STom Caputi /* 17*eb633035STom Caputi * Copyright (c) 2017, Datto, Inc. All rights reserved. 18*eb633035STom Caputi */ 19*eb633035STom Caputi 20*eb633035STom Caputi #ifndef _SYS_DSL_CRYPT_H 21*eb633035STom Caputi #define _SYS_DSL_CRYPT_H 22*eb633035STom Caputi 23*eb633035STom Caputi #include <sys/dmu_tx.h> 24*eb633035STom Caputi #include <sys/dmu.h> 25*eb633035STom Caputi #include <sys/zio_crypt.h> 26*eb633035STom Caputi #include <sys/spa.h> 27*eb633035STom Caputi #include <sys/dsl_dataset.h> 28*eb633035STom Caputi 29*eb633035STom Caputi /* 30*eb633035STom Caputi * ZAP entry keys for DSL Crypto Keys stored on disk. In addition, 31*eb633035STom Caputi * ZFS_PROP_KEYFORMAT, ZFS_PROP_PBKDF2_SALT, and ZFS_PROP_PBKDF2_ITERS are 32*eb633035STom Caputi * also maintained here using their respective property names. 33*eb633035STom Caputi */ 34*eb633035STom Caputi #define DSL_CRYPTO_KEY_CRYPTO_SUITE "DSL_CRYPTO_SUITE" 35*eb633035STom Caputi #define DSL_CRYPTO_KEY_GUID "DSL_CRYPTO_GUID" 36*eb633035STom Caputi #define DSL_CRYPTO_KEY_IV "DSL_CRYPTO_IV" 37*eb633035STom Caputi #define DSL_CRYPTO_KEY_MAC "DSL_CRYPTO_MAC" 38*eb633035STom Caputi #define DSL_CRYPTO_KEY_MASTER_KEY "DSL_CRYPTO_MASTER_KEY_1" 39*eb633035STom Caputi #define DSL_CRYPTO_KEY_HMAC_KEY "DSL_CRYPTO_HMAC_KEY_1" 40*eb633035STom Caputi #define DSL_CRYPTO_KEY_ROOT_DDOBJ "DSL_CRYPTO_ROOT_DDOBJ" 41*eb633035STom Caputi #define DSL_CRYPTO_KEY_REFCOUNT "DSL_CRYPTO_REFCOUNT" 42*eb633035STom Caputi #define DSL_CRYPTO_KEY_VERSION "DSL_CRYPTO_VERSION" 43*eb633035STom Caputi 44*eb633035STom Caputi /* 45*eb633035STom Caputi * In-memory representation of a wrapping key. One of these structs will exist 46*eb633035STom Caputi * for each encryption root with its key loaded. 47*eb633035STom Caputi */ 48*eb633035STom Caputi typedef struct dsl_wrapping_key { 49*eb633035STom Caputi /* link on spa_keystore_t:sk_wkeys */ 50*eb633035STom Caputi avl_node_t wk_avl_link; 51*eb633035STom Caputi 52*eb633035STom Caputi /* keyformat property enum */ 53*eb633035STom Caputi zfs_keyformat_t wk_keyformat; 54*eb633035STom Caputi 55*eb633035STom Caputi /* the pbkdf2 salt, if the keyformat is of type passphrase */ 56*eb633035STom Caputi uint64_t wk_salt; 57*eb633035STom Caputi 58*eb633035STom Caputi /* the pbkdf2 iterations, if the keyformat is of type passphrase */ 59*eb633035STom Caputi uint64_t wk_iters; 60*eb633035STom Caputi 61*eb633035STom Caputi /* actual wrapping key */ 62*eb633035STom Caputi crypto_key_t wk_key; 63*eb633035STom Caputi 64*eb633035STom Caputi /* refcount of holders of this key */ 65*eb633035STom Caputi zfs_refcount_t wk_refcnt; 66*eb633035STom Caputi 67*eb633035STom Caputi /* dsl directory object that owns this wrapping key */ 68*eb633035STom Caputi uint64_t wk_ddobj; 69*eb633035STom Caputi } dsl_wrapping_key_t; 70*eb633035STom Caputi 71*eb633035STom Caputi /* enum of commands indicating special actions that should be run */ 72*eb633035STom Caputi typedef enum dcp_cmd { 73*eb633035STom Caputi /* key creation commands */ 74*eb633035STom Caputi DCP_CMD_NONE = 0, /* no specific command */ 75*eb633035STom Caputi DCP_CMD_RAW_RECV, /* raw receive */ 76*eb633035STom Caputi 77*eb633035STom Caputi /* key changing commands */ 78*eb633035STom Caputi DCP_CMD_NEW_KEY, /* rewrap key as an encryption root */ 79*eb633035STom Caputi DCP_CMD_INHERIT, /* rewrap key with parent's wrapping key */ 80*eb633035STom Caputi DCP_CMD_FORCE_NEW_KEY, /* change to encryption root without rewrap */ 81*eb633035STom Caputi DCP_CMD_FORCE_INHERIT, /* inherit parent's key without rewrap */ 82*eb633035STom Caputi 83*eb633035STom Caputi DCP_CMD_MAX 84*eb633035STom Caputi } dcp_cmd_t; 85*eb633035STom Caputi 86*eb633035STom Caputi /* 87*eb633035STom Caputi * This struct is a simple wrapper around all the parameters that are usually 88*eb633035STom Caputi * required to setup encryption. It exists so that all of the params can be 89*eb633035STom Caputi * passed around the kernel together for convenience. 90*eb633035STom Caputi */ 91*eb633035STom Caputi typedef struct dsl_crypto_params { 92*eb633035STom Caputi /* command indicating intended action */ 93*eb633035STom Caputi dcp_cmd_t cp_cmd; 94*eb633035STom Caputi 95*eb633035STom Caputi /* the encryption algorithm */ 96*eb633035STom Caputi enum zio_encrypt cp_crypt; 97*eb633035STom Caputi 98*eb633035STom Caputi /* keylocation property string */ 99*eb633035STom Caputi char *cp_keylocation; 100*eb633035STom Caputi 101*eb633035STom Caputi /* the wrapping key */ 102*eb633035STom Caputi dsl_wrapping_key_t *cp_wkey; 103*eb633035STom Caputi } dsl_crypto_params_t; 104*eb633035STom Caputi 105*eb633035STom Caputi /* 106*eb633035STom Caputi * In-memory representation of a DSL Crypto Key object. One of these structs 107*eb633035STom Caputi * (and corresponding on-disk ZAP object) will exist for each encrypted 108*eb633035STom Caputi * clone family that is mounted or otherwise reading protected data. 109*eb633035STom Caputi */ 110*eb633035STom Caputi typedef struct dsl_crypto_key { 111*eb633035STom Caputi /* link on spa_keystore_t:sk_dsl_keys */ 112*eb633035STom Caputi avl_node_t dck_avl_link; 113*eb633035STom Caputi 114*eb633035STom Caputi /* refcount of dsl_key_mapping_t's holding this key */ 115*eb633035STom Caputi zfs_refcount_t dck_holds; 116*eb633035STom Caputi 117*eb633035STom Caputi /* master key used to derive encryption keys */ 118*eb633035STom Caputi zio_crypt_key_t dck_key; 119*eb633035STom Caputi 120*eb633035STom Caputi /* wrapping key for syncing this structure to disk */ 121*eb633035STom Caputi dsl_wrapping_key_t *dck_wkey; 122*eb633035STom Caputi 123*eb633035STom Caputi /* on-disk object id */ 124*eb633035STom Caputi uint64_t dck_obj; 125*eb633035STom Caputi } dsl_crypto_key_t; 126*eb633035STom Caputi 127*eb633035STom Caputi /* 128*eb633035STom Caputi * In-memory mapping of a dataset object id to a DSL Crypto Key. This is used 129*eb633035STom Caputi * to look up the corresponding dsl_crypto_key_t from the zio layer for 130*eb633035STom Caputi * performing data encryption and decryption. 131*eb633035STom Caputi */ 132*eb633035STom Caputi typedef struct dsl_key_mapping { 133*eb633035STom Caputi /* link on spa_keystore_t:sk_key_mappings */ 134*eb633035STom Caputi avl_node_t km_avl_link; 135*eb633035STom Caputi 136*eb633035STom Caputi /* refcount of how many users are depending on this mapping */ 137*eb633035STom Caputi zfs_refcount_t km_refcnt; 138*eb633035STom Caputi 139*eb633035STom Caputi /* dataset this crypto key belongs to (index) */ 140*eb633035STom Caputi uint64_t km_dsobj; 141*eb633035STom Caputi 142*eb633035STom Caputi /* crypto key (value) of this record */ 143*eb633035STom Caputi dsl_crypto_key_t *km_key; 144*eb633035STom Caputi } dsl_key_mapping_t; 145*eb633035STom Caputi 146*eb633035STom Caputi /* in memory structure for holding all wrapping and dsl keys */ 147*eb633035STom Caputi typedef struct spa_keystore { 148*eb633035STom Caputi /* lock for protecting sk_dsl_keys */ 149*eb633035STom Caputi krwlock_t sk_dk_lock; 150*eb633035STom Caputi 151*eb633035STom Caputi /* tree of all dsl_crypto_key_t's */ 152*eb633035STom Caputi avl_tree_t sk_dsl_keys; 153*eb633035STom Caputi 154*eb633035STom Caputi /* lock for protecting sk_key_mappings */ 155*eb633035STom Caputi krwlock_t sk_km_lock; 156*eb633035STom Caputi 157*eb633035STom Caputi /* tree of all dsl_key_mapping_t's, indexed by dsobj */ 158*eb633035STom Caputi avl_tree_t sk_key_mappings; 159*eb633035STom Caputi 160*eb633035STom Caputi /* lock for protecting the wrapping keys tree */ 161*eb633035STom Caputi krwlock_t sk_wkeys_lock; 162*eb633035STom Caputi 163*eb633035STom Caputi /* tree of all dsl_wrapping_key_t's, indexed by ddobj */ 164*eb633035STom Caputi avl_tree_t sk_wkeys; 165*eb633035STom Caputi } spa_keystore_t; 166*eb633035STom Caputi 167*eb633035STom Caputi int dsl_crypto_params_create_nvlist(dcp_cmd_t cmd, nvlist_t *props, 168*eb633035STom Caputi nvlist_t *crypto_args, dsl_crypto_params_t **dcp_out); 169*eb633035STom Caputi void dsl_crypto_params_free(dsl_crypto_params_t *dcp, boolean_t unload); 170*eb633035STom Caputi void dsl_dataset_crypt_stats(struct dsl_dataset *ds, nvlist_t *nv); 171*eb633035STom Caputi int dsl_crypto_can_set_keylocation(const char *dsname, const char *keylocation); 172*eb633035STom Caputi boolean_t dsl_dir_incompatible_encryption_version(dsl_dir_t *dd); 173*eb633035STom Caputi 174*eb633035STom Caputi void spa_keystore_init(spa_keystore_t *sk); 175*eb633035STom Caputi void spa_keystore_fini(spa_keystore_t *sk); 176*eb633035STom Caputi 177*eb633035STom Caputi void spa_keystore_dsl_key_rele(spa_t *spa, dsl_crypto_key_t *dck, void *tag); 178*eb633035STom Caputi int spa_keystore_load_wkey_impl(spa_t *spa, dsl_wrapping_key_t *wkey); 179*eb633035STom Caputi int spa_keystore_load_wkey(const char *dsname, dsl_crypto_params_t *dcp, 180*eb633035STom Caputi boolean_t noop); 181*eb633035STom Caputi int spa_keystore_unload_wkey_impl(spa_t *spa, uint64_t ddobj); 182*eb633035STom Caputi int spa_keystore_unload_wkey(const char *dsname); 183*eb633035STom Caputi 184*eb633035STom Caputi int spa_keystore_create_mapping(spa_t *spa, struct dsl_dataset *ds, void *tag, 185*eb633035STom Caputi dsl_key_mapping_t **km_out); 186*eb633035STom Caputi int spa_keystore_remove_mapping(spa_t *spa, uint64_t dsobj, void *tag); 187*eb633035STom Caputi void key_mapping_add_ref(dsl_key_mapping_t *km, void *tag); 188*eb633035STom Caputi void key_mapping_rele(spa_t *spa, dsl_key_mapping_t *km, void *tag); 189*eb633035STom Caputi int spa_keystore_lookup_key(spa_t *spa, uint64_t dsobj, void *tag, 190*eb633035STom Caputi dsl_crypto_key_t **dck_out); 191*eb633035STom Caputi 192*eb633035STom Caputi int dsl_crypto_populate_key_nvlist(struct dsl_dataset *ds, 193*eb633035STom Caputi uint64_t from_ivset_guid, nvlist_t **nvl_out); 194*eb633035STom Caputi int dsl_crypto_recv_raw_key_check(struct dsl_dataset *ds, 195*eb633035STom Caputi nvlist_t *nvl, dmu_tx_t *tx); 196*eb633035STom Caputi void dsl_crypto_recv_raw_key_sync(struct dsl_dataset *ds, 197*eb633035STom Caputi nvlist_t *nvl, dmu_tx_t *tx); 198*eb633035STom Caputi int dsl_crypto_recv_raw(const char *poolname, uint64_t dsobj, uint64_t fromobj, 199*eb633035STom Caputi dmu_objset_type_t ostype, nvlist_t *nvl, boolean_t do_key); 200*eb633035STom Caputi 201*eb633035STom Caputi int spa_keystore_change_key(const char *dsname, dsl_crypto_params_t *dcp); 202*eb633035STom Caputi int dsl_dir_rename_crypt_check(dsl_dir_t *dd, dsl_dir_t *newparent); 203*eb633035STom Caputi int dsl_dataset_promote_crypt_check(dsl_dir_t *target, dsl_dir_t *origin); 204*eb633035STom Caputi void dsl_dataset_promote_crypt_sync(dsl_dir_t *target, dsl_dir_t *origin, 205*eb633035STom Caputi dmu_tx_t *tx); 206*eb633035STom Caputi int dmu_objset_create_crypt_check(dsl_dir_t *parentdd, 207*eb633035STom Caputi dsl_crypto_params_t *dcp, boolean_t *will_encrypt); 208*eb633035STom Caputi void dsl_dataset_create_crypt_sync(uint64_t dsobj, dsl_dir_t *dd, 209*eb633035STom Caputi struct dsl_dataset *origin, dsl_crypto_params_t *dcp, dmu_tx_t *tx); 210*eb633035STom Caputi uint64_t dsl_crypto_key_create_sync(uint64_t crypt, dsl_wrapping_key_t *wkey, 211*eb633035STom Caputi dmu_tx_t *tx); 212*eb633035STom Caputi int dmu_objset_clone_crypt_check(dsl_dir_t *parentdd, dsl_dir_t *origindd); 213*eb633035STom Caputi uint64_t dsl_crypto_key_clone_sync(dsl_dir_t *origindd, dmu_tx_t *tx); 214*eb633035STom Caputi void dsl_crypto_key_destroy_sync(uint64_t dckobj, dmu_tx_t *tx); 215*eb633035STom Caputi 216*eb633035STom Caputi int spa_crypt_get_salt(spa_t *spa, uint64_t dsobj, uint8_t *salt); 217*eb633035STom Caputi int spa_do_crypt_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, 218*eb633035STom Caputi abd_t *abd, uint_t datalen, uint8_t *mac); 219*eb633035STom Caputi int spa_do_crypt_objset_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, 220*eb633035STom Caputi abd_t *abd, uint_t datalen, boolean_t byteswap); 221*eb633035STom Caputi int spa_do_crypt_abd(boolean_t encrypt, spa_t *spa, const zbookmark_phys_t *zb, 222*eb633035STom Caputi dmu_object_type_t ot, boolean_t dedup, boolean_t bswap, uint8_t *salt, 223*eb633035STom Caputi uint8_t *iv, uint8_t *mac, uint_t datalen, abd_t *pabd, abd_t *cabd, 224*eb633035STom Caputi boolean_t *no_crypt); 225*eb633035STom Caputi 226*eb633035STom Caputi #endif /* _SYS_DSL_CRYPT_H */ 227