4 * This file and its contents are supplied under the terms of the
5 * Common Development and Distribution License ("CDDL"), version 1.0.
6 * You may only use this file in accordance with the terms of version
9 * A full copy of the text of the CDDL should have accompanied this
10 * source. A copy of the CDDL is also available via the Internet at
11 * http://www.illumos.org/license/CDDL.
17 * Copyright (c) 2017, Datto, Inc. All rights reserved.
20 #ifndef _SYS_ZIO_CRYPT_H
21 #define _SYS_ZIO_CRYPT_H
24 #include <sys/refcount.h>
25 #include <sys/crypto/api.h>
26 #include <sys/nvpair.h>
30 /* forward declarations */
31 struct zbookmark_phys;
33 #define WRAPPING_KEY_LEN 32
34 #define WRAPPING_IV_LEN ZIO_DATA_IV_LEN
35 #define WRAPPING_MAC_LEN ZIO_DATA_MAC_LEN
36 #define MASTER_KEY_MAX_LEN 32
37 #define SHA512_HMAC_KEYLEN 64
39 #define ZIO_CRYPT_KEY_CURRENT_VERSION 1ULL
41 typedef enum zio_crypt_type {
47 /* table of supported crypto algorithms, modes and keylengths. */
48 typedef struct zio_crypt_info {
49 /* mechanism name, needed by ICP */
50 crypto_mech_name_t ci_mechname;
52 /* cipher mode type (GCM, CCM) */
53 zio_crypt_type_t ci_crypt_type;
55 /* length of the encryption key */
58 /* human-readable name of the encryption alforithm */
62 extern zio_crypt_info_t zio_crypt_table[ZIO_CRYPT_FUNCTIONS];
64 /* in memory representation of an unwrapped key that is loaded into memory */
65 typedef struct zio_crypt_key {
66 /* encryption algorithm */
69 /* on-disk format version */
72 /* GUID for uniquely identifying this key. Not encrypted on disk. */
75 /* buffer for master key */
76 uint8_t zk_master_keydata[MASTER_KEY_MAX_LEN];
78 /* buffer for hmac key */
79 uint8_t zk_hmac_keydata[SHA512_HMAC_KEYLEN];
81 /* buffer for currrent encryption key derived from master key */
82 uint8_t zk_current_keydata[MASTER_KEY_MAX_LEN];
84 /* current 64 bit salt for deriving an encryption key */
85 uint8_t zk_salt[ZIO_DATA_SALT_LEN];
87 /* count of how many times the current salt has been used */
88 uint64_t zk_salt_count;
90 /* illumos crypto api current encryption key */
91 crypto_key_t zk_current_key;
93 /* template of current encryption key for illumos crypto api */
94 crypto_ctx_template_t zk_current_tmpl;
96 /* illumos crypto api current hmac key */
97 crypto_key_t zk_hmac_key;
99 /* template of hmac key for illumos crypto api */
100 crypto_ctx_template_t zk_hmac_tmpl;
102 /* lock for changing the salt and dependant values */
103 krwlock_t zk_salt_lock;
106 void zio_crypt_key_destroy(zio_crypt_key_t *key);
107 int zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key);
108 int zio_crypt_key_get_salt(zio_crypt_key_t *key, uint8_t *salt_out);
110 int zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
111 uint8_t *mac, uint8_t *keydata_out, uint8_t *hmac_keydata_out);
112 int zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
113 uint64_t guid, uint8_t *keydata, uint8_t *hmac_keydata, uint8_t *iv,
114 uint8_t *mac, zio_crypt_key_t *key);
115 int zio_crypt_generate_iv(uint8_t *ivbuf);
116 int zio_crypt_generate_iv_salt_dedup(zio_crypt_key_t *key, uint8_t *data,
117 uint_t datalen, uint8_t *ivbuf, uint8_t *salt);
119 void zio_crypt_encode_params_bp(blkptr_t *bp, uint8_t *salt, uint8_t *iv);
120 void zio_crypt_decode_params_bp(const blkptr_t *bp, uint8_t *salt, uint8_t *iv);
121 void zio_crypt_encode_mac_bp(blkptr_t *bp, uint8_t *mac);
122 void zio_crypt_decode_mac_bp(const blkptr_t *bp, uint8_t *mac);
123 void zio_crypt_encode_mac_zil(void *data, uint8_t *mac);
124 void zio_crypt_decode_mac_zil(const void *data, uint8_t *mac);
125 void zio_crypt_copy_dnode_bonus(abd_t *src_abd, uint8_t *dst, uint_t datalen);
127 int zio_crypt_do_indirect_mac_checksum(boolean_t generate, void *buf,
128 uint_t datalen, boolean_t byteswap, uint8_t *cksum);
129 int zio_crypt_do_indirect_mac_checksum_abd(boolean_t generate, abd_t *abd,
130 uint_t datalen, boolean_t byteswap, uint8_t *cksum);
131 int zio_crypt_do_hmac(zio_crypt_key_t *key, uint8_t *data, uint_t datalen,
132 uint8_t *digestbuf, uint_t digestlen);
133 int zio_crypt_do_objset_hmacs(zio_crypt_key_t *key, void *data, uint_t datalen,
134 boolean_t byteswap, uint8_t *portable_mac, uint8_t *local_mac);
135 int zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key,
136 dmu_object_type_t ot, boolean_t byteswap, uint8_t *salt, uint8_t *iv,
137 uint8_t *mac, uint_t datalen, uint8_t *plainbuf, uint8_t *cipherbuf,
138 boolean_t *no_crypt);
139 int zio_do_crypt_abd(boolean_t encrypt, zio_crypt_key_t *key,
140 dmu_object_type_t ot, boolean_t byteswap, uint8_t *salt, uint8_t *iv,
141 uint8_t *mac, uint_t datalen, abd_t *pabd, abd_t *cabd,
142 boolean_t *no_crypt);