fxr.watson.org: sys/contrib/openzfs/include/sys/dsl

FreeBSD/Linux Kernel Cross Reference
sys/contrib/openzfs/include/sys/dsl_crypt.h

Version: - FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10

1 /* 2 * CDDL HEADER START 3 * 4 * This file and its contents are supplied under the terms of the 5 * Common Development and Distribution License ("CDDL"), version 1.0. 6 * You may only use this file in accordance with the terms of version 7 * 1.0 of the CDDL. 8 * 9 * A full copy of the text of the CDDL should have accompanied this 10 * source. A copy of the CDDL is also available via the Internet at 11 * http://www.illumos.org/license/CDDL. 12 * 13 * CDDL HEADER END 14 */ 15 16 /* 17 * Copyright (c) 2017, Datto, Inc. All rights reserved. 18 */ 19 20 #ifndef _SYS_DSL_CRYPT_H 21 #define _SYS_DSL_CRYPT_H 22 23 #include <sys/dmu_tx.h> 24 #include <sys/dmu.h> 25 #include <sys/zio_crypt.h> 26 #include <sys/spa.h> 27 #include <sys/dsl_dataset.h> 28 29 /* 30 * ZAP entry keys for DSL Crypto Keys stored on disk. In addition, 31 * ZFS_PROP_KEYFORMAT, ZFS_PROP_PBKDF2_SALT, and ZFS_PROP_PBKDF2_ITERS are 32 * also maintained here using their respective property names. 33 */ 34 #define DSL_CRYPTO_KEY_CRYPTO_SUITE "DSL_CRYPTO_SUITE" 35 #define DSL_CRYPTO_KEY_GUID "DSL_CRYPTO_GUID" 36 #define DSL_CRYPTO_KEY_IV "DSL_CRYPTO_IV" 37 #define DSL_CRYPTO_KEY_MAC "DSL_CRYPTO_MAC" 38 #define DSL_CRYPTO_KEY_MASTER_KEY "DSL_CRYPTO_MASTER_KEY_1" 39 #define DSL_CRYPTO_KEY_HMAC_KEY "DSL_CRYPTO_HMAC_KEY_1" 40 #define DSL_CRYPTO_KEY_ROOT_DDOBJ "DSL_CRYPTO_ROOT_DDOBJ" 41 #define DSL_CRYPTO_KEY_REFCOUNT "DSL_CRYPTO_REFCOUNT" 42 #define DSL_CRYPTO_KEY_VERSION "DSL_CRYPTO_VERSION" 43 44 /* 45 * In-memory representation of a wrapping key. One of these structs will exist 46 * for each encryption root with its key loaded. 47 */ 48 typedef struct dsl_wrapping_key { 49 /* link on spa_keystore_t:sk_wkeys */ 50 avl_node_t wk_avl_link; 51 52 /* keyformat property enum */ 53 zfs_keyformat_t wk_keyformat; 54 55 /* the pbkdf2 salt, if the keyformat is of type passphrase */ 56 uint64_t wk_salt; 57 58 /* the pbkdf2 iterations, if the keyformat is of type passphrase */ 59 uint64_t wk_iters; 60 61 /* actual wrapping key */ 62 crypto_key_t wk_key; 63 64 /* refcount of number of dsl_crypto_key_t's holding this struct */ 65 zfs_refcount_t wk_refcnt; 66 67 /* dsl directory object that owns this wrapping key */ 68 uint64_t wk_ddobj; 69 } dsl_wrapping_key_t; 70 71 /* enum of commands indicating special actions that should be run */ 72 typedef enum dcp_cmd { 73 /* key creation commands */ 74 DCP_CMD_NONE = 0, /* no specific command */ 75 DCP_CMD_RAW_RECV, /* raw receive */ 76 77 /* key changing commands */ 78 DCP_CMD_NEW_KEY, /* rewrap key as an encryption root */ 79 DCP_CMD_INHERIT, /* rewrap key with parent's wrapping key */ 80 DCP_CMD_FORCE_NEW_KEY, /* change to encryption root without rewrap */ 81 DCP_CMD_FORCE_INHERIT, /* inherit parent's key without rewrap */ 82 83 DCP_CMD_MAX 84 } dcp_cmd_t; 85 86 /* 87 * This struct is a simple wrapper around all the parameters that are usually 88 * required to setup encryption. It exists so that all of the params can be 89 * passed around the kernel together for convenience. 90 */ 91 typedef struct dsl_crypto_params { 92 /* command indicating intended action */ 93 dcp_cmd_t cp_cmd; 94 95 /* the encryption algorithm */ 96 enum zio_encrypt cp_crypt; 97 98 /* keylocation property string */ 99 char *cp_keylocation; 100 101 /* the wrapping key */ 102 dsl_wrapping_key_t *cp_wkey; 103 } dsl_crypto_params_t; 104 105 /* 106 * In-memory representation of a DSL Crypto Key object. One of these structs 107 * (and corresponding on-disk ZAP object) will exist for each encrypted 108 * clone family that is mounted or otherwise reading protected data. 109 */ 110 typedef struct dsl_crypto_key { 111 /* link on spa_keystore_t:sk_dsl_keys */ 112 avl_node_t dck_avl_link; 113 114 /* refcount of holders of this key */ 115 zfs_refcount_t dck_holds; 116 117 /* master key used to derive encryption keys */ 118 zio_crypt_key_t dck_key; 119 120 /* wrapping key for syncing this structure to disk */ 121 dsl_wrapping_key_t *dck_wkey; 122 123 /* on-disk object id */ 124 uint64_t dck_obj; 125 } dsl_crypto_key_t; 126 127 /* 128 * In-memory mapping of a dataset object id to a DSL Crypto Key. This is used 129 * to look up the corresponding dsl_crypto_key_t from the zio layer for 130 * performing data encryption and decryption. 131 */ 132 typedef struct dsl_key_mapping { 133 /* link on spa_keystore_t:sk_key_mappings */ 134 avl_node_t km_avl_link; 135 136 /* refcount of how many users are depending on this mapping */ 137 zfs_refcount_t km_refcnt; 138 139 /* dataset this crypto key belongs to (index) */ 140 uint64_t km_dsobj; 141 142 /* crypto key (value) of this record */ 143 dsl_crypto_key_t *km_key; 144 } dsl_key_mapping_t; 145 146 /* in memory structure for holding all wrapping and dsl keys */ 147 typedef struct spa_keystore { 148 /* lock for protecting sk_dsl_keys */ 149 krwlock_t sk_dk_lock; 150 151 /* tree of all dsl_crypto_key_t's */ 152 avl_tree_t sk_dsl_keys; 153 154 /* lock for protecting sk_key_mappings */ 155 krwlock_t sk_km_lock; 156 157 /* tree of all dsl_key_mapping_t's, indexed by dsobj */ 158 avl_tree_t sk_key_mappings; 159 160 /* lock for protecting the wrapping keys tree */ 161 krwlock_t sk_wkeys_lock; 162 163 /* tree of all dsl_wrapping_key_t's, indexed by ddobj */ 164 avl_tree_t sk_wkeys; 165 } spa_keystore_t; 166 167 int dsl_crypto_params_create_nvlist(dcp_cmd_t cmd, nvlist_t *props, 168 nvlist_t *crypto_args, dsl_crypto_params_t **dcp_out); 169 void dsl_crypto_params_free(dsl_crypto_params_t *dcp, boolean_t unload); 170 void dsl_dataset_crypt_stats(struct dsl_dataset *ds, nvlist_t *nv); 171 int dsl_crypto_can_set_keylocation(const char *dsname, const char *keylocation); 172 boolean_t dsl_dir_incompatible_encryption_version(dsl_dir_t *dd); 173 174 void spa_keystore_init(spa_keystore_t *sk); 175 void spa_keystore_fini(spa_keystore_t *sk); 176 177 void spa_keystore_dsl_key_rele(spa_t *spa, dsl_crypto_key_t *dck, 178 const void *tag); 179 int spa_keystore_load_wkey_impl(spa_t *spa, dsl_wrapping_key_t *wkey); 180 int spa_keystore_load_wkey(const char *dsname, dsl_crypto_params_t *dcp, 181 boolean_t noop); 182 int spa_keystore_unload_wkey_impl(spa_t *spa, uint64_t ddobj); 183 int spa_keystore_unload_wkey(const char *dsname); 184 185 int spa_keystore_create_mapping(spa_t *spa, struct dsl_dataset *ds, 186 const void *tag, dsl_key_mapping_t **km_out); 187 int spa_keystore_remove_mapping(spa_t *spa, uint64_t dsobj, const void *tag); 188 void key_mapping_add_ref(dsl_key_mapping_t *km, const void *tag); 189 void key_mapping_rele(spa_t *spa, dsl_key_mapping_t *km, const void *tag); 190 int spa_keystore_lookup_key(spa_t *spa, uint64_t dsobj, const void *tag, 191 dsl_crypto_key_t **dck_out); 192 193 int dsl_crypto_populate_key_nvlist(struct objset *os, 194 uint64_t from_ivset_guid, nvlist_t **nvl_out); 195 int dsl_crypto_recv_raw_key_check(struct dsl_dataset *ds, 196 nvlist_t *nvl, dmu_tx_t *tx); 197 void dsl_crypto_recv_raw_key_sync(struct dsl_dataset *ds, 198 nvlist_t *nvl, dmu_tx_t *tx); 199 int dsl_crypto_recv_raw(const char *poolname, uint64_t dsobj, uint64_t fromobj, 200 dmu_objset_type_t ostype, nvlist_t *nvl, boolean_t do_key); 201 202 int spa_keystore_change_key(const char *dsname, dsl_crypto_params_t *dcp); 203 int dsl_dir_rename_crypt_check(dsl_dir_t *dd, dsl_dir_t *newparent); 204 int dsl_dataset_promote_crypt_check(dsl_dir_t *target, dsl_dir_t *origin); 205 void dsl_dataset_promote_crypt_sync(dsl_dir_t *target, dsl_dir_t *origin, 206 dmu_tx_t *tx); 207 int dmu_objset_create_crypt_check(dsl_dir_t *parentdd, 208 dsl_crypto_params_t *dcp, boolean_t *will_encrypt); 209 void dsl_dataset_create_crypt_sync(uint64_t dsobj, dsl_dir_t *dd, 210 struct dsl_dataset *origin, dsl_crypto_params_t *dcp, dmu_tx_t *tx); 211 uint64_t dsl_crypto_key_create_sync(uint64_t crypt, dsl_wrapping_key_t *wkey, 212 dmu_tx_t *tx); 213 uint64_t dsl_crypto_key_clone_sync(dsl_dir_t *origindd, dmu_tx_t *tx); 214 void dsl_crypto_key_destroy_sync(uint64_t dckobj, dmu_tx_t *tx); 215 216 int spa_crypt_get_salt(spa_t *spa, uint64_t dsobj, uint8_t *salt); 217 int spa_do_crypt_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, 218 abd_t *abd, uint_t datalen, uint8_t *mac); 219 int spa_do_crypt_objset_mac_abd(boolean_t generate, spa_t *spa, uint64_t dsobj, 220 abd_t *abd, uint_t datalen, boolean_t byteswap); 221 int spa_do_crypt_abd(boolean_t encrypt, spa_t *spa, const zbookmark_phys_t *zb, 222 dmu_object_type_t ot, boolean_t dedup, boolean_t bswap, uint8_t *salt, 223 uint8_t *iv, uint8_t *mac, uint_t datalen, abd_t *pabd, abd_t *cabd, 224 boolean_t *no_crypt); 225 zfs_keystatus_t dsl_dataset_get_keystatus(dsl_dir_t *dd); 226 227 #endif

Cache object: be0afd3d119af19b1f1c3a9ec0416f12

FreeBSD/Linux Kernel Cross Reference sys/contrib/openzfs/include/sys/dsl_crypt.h

FreeBSD/Linux Kernel Cross Reference
sys/contrib/openzfs/include/sys/dsl_crypt.h