The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/contrib/openzfs/include/sys/zio_crypt.h

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10  
    1 /*
    2  * CDDL HEADER START
    3  *
    4  * This file and its contents are supplied under the terms of the
    5  * Common Development and Distribution License ("CDDL"), version 1.0.
    6  * You may only use this file in accordance with the terms of version
    7  * 1.0 of the CDDL.
    8  *
    9  * A full copy of the text of the CDDL should have accompanied this
   10  * source.  A copy of the CDDL is also available via the Internet at
   11  * http://www.illumos.org/license/CDDL.
   12  *
   13  * CDDL HEADER END
   14  */
   15 
   16 /*
   17  * Copyright (c) 2017, Datto, Inc. All rights reserved.
   18  */
   19 
   20 #ifndef _SYS_ZIO_CRYPT_H
   21 #define _SYS_ZIO_CRYPT_H
   22 
   23 #include <sys/dmu.h>
   24 #include <sys/zfs_refcount.h>
   25 #if defined(__FreeBSD__) && defined(_KERNEL)
   26 #include <sys/freebsd_crypto.h>
   27 #else
   28 #include <sys/crypto/api.h>
   29 #endif /* __FreeBSD__ */
   30 #include <sys/nvpair.h>
   31 #include <sys/avl.h>
   32 #include <sys/zio.h>
   33 
   34 /* forward declarations */
   35 struct zbookmark_phys;
   36 
   37 #define WRAPPING_KEY_LEN        32
   38 #define WRAPPING_IV_LEN         ZIO_DATA_IV_LEN
   39 #define WRAPPING_MAC_LEN        ZIO_DATA_MAC_LEN
   40 #define MASTER_KEY_MAX_LEN      32
   41 #define SHA512_HMAC_KEYLEN      64
   42 
   43 #define ZIO_CRYPT_KEY_CURRENT_VERSION   1ULL
   44 
   45 typedef enum zio_crypt_type {
   46         ZC_TYPE_NONE = 0,
   47         ZC_TYPE_CCM,
   48         ZC_TYPE_GCM
   49 } zio_crypt_type_t;
   50 
   51 /* table of supported crypto algorithms, modes and keylengths. */
   52 typedef struct zio_crypt_info {
   53         /* mechanism name, needed by ICP */
   54 #if defined(__FreeBSD__) && defined(_KERNEL)
   55         /*
   56          * I've deliberately used a different name here, to catch
   57          * ICP-using code.
   58          */
   59         const char      *ci_algname;
   60 #else
   61         crypto_mech_name_t ci_mechname;
   62 #endif
   63         /* cipher mode type (GCM, CCM) */
   64         zio_crypt_type_t ci_crypt_type;
   65 
   66         /* length of the encryption key */
   67         size_t ci_keylen;
   68 
   69         /* human-readable name of the encryption algorithm */
   70         const char *ci_name;
   71 } zio_crypt_info_t;
   72 
   73 extern const zio_crypt_info_t zio_crypt_table[ZIO_CRYPT_FUNCTIONS];
   74 
   75 /* in memory representation of an unwrapped key that is loaded into memory */
   76 typedef struct zio_crypt_key {
   77         /* encryption algorithm */
   78         uint64_t zk_crypt;
   79 
   80         /* on-disk format version */
   81         uint64_t zk_version;
   82 
   83         /* GUID for uniquely identifying this key. Not encrypted on disk. */
   84         uint64_t zk_guid;
   85 
   86         /* buffer for master key */
   87         uint8_t zk_master_keydata[MASTER_KEY_MAX_LEN];
   88 
   89         /* buffer for hmac key */
   90         uint8_t zk_hmac_keydata[SHA512_HMAC_KEYLEN];
   91 
   92         /* buffer for current encryption key derived from master key */
   93         uint8_t zk_current_keydata[MASTER_KEY_MAX_LEN];
   94 
   95         /* current 64 bit salt for deriving an encryption key */
   96         uint8_t zk_salt[ZIO_DATA_SALT_LEN];
   97 
   98         /* count of how many times the current salt has been used */
   99         uint64_t zk_salt_count;
  100 
  101         /* illumos crypto api current encryption key */
  102         crypto_key_t zk_current_key;
  103 
  104 #if defined(__FreeBSD__) && defined(_KERNEL)
  105         /* Session for current encryption key.  Must always be set */
  106         freebsd_crypt_session_t zk_session;
  107 #else
  108         /* template of current encryption key for illumos crypto api */
  109         crypto_ctx_template_t zk_current_tmpl;
  110 #endif
  111 
  112         /* illumos crypto api current hmac key */
  113         crypto_key_t zk_hmac_key;
  114 
  115         /* template of hmac key for illumos crypto api */
  116         crypto_ctx_template_t zk_hmac_tmpl;
  117 
  118         /* lock for changing the salt and dependent values */
  119         krwlock_t zk_salt_lock;
  120 } zio_crypt_key_t;
  121 
  122 void zio_crypt_key_destroy(zio_crypt_key_t *key);
  123 int zio_crypt_key_init(uint64_t crypt, zio_crypt_key_t *key);
  124 int zio_crypt_key_get_salt(zio_crypt_key_t *key, uint8_t *salt_out);
  125 
  126 int zio_crypt_key_wrap(crypto_key_t *cwkey, zio_crypt_key_t *key, uint8_t *iv,
  127     uint8_t *mac, uint8_t *keydata_out, uint8_t *hmac_keydata_out);
  128 int zio_crypt_key_unwrap(crypto_key_t *cwkey, uint64_t crypt, uint64_t version,
  129     uint64_t guid, uint8_t *keydata, uint8_t *hmac_keydata, uint8_t *iv,
  130     uint8_t *mac, zio_crypt_key_t *key);
  131 int zio_crypt_generate_iv(uint8_t *ivbuf);
  132 int zio_crypt_generate_iv_salt_dedup(zio_crypt_key_t *key, uint8_t *data,
  133     uint_t datalen, uint8_t *ivbuf, uint8_t *salt);
  134 
  135 void zio_crypt_encode_params_bp(blkptr_t *bp, uint8_t *salt, uint8_t *iv);
  136 void zio_crypt_decode_params_bp(const blkptr_t *bp, uint8_t *salt, uint8_t *iv);
  137 void zio_crypt_encode_mac_bp(blkptr_t *bp, uint8_t *mac);
  138 void zio_crypt_decode_mac_bp(const blkptr_t *bp, uint8_t *mac);
  139 void zio_crypt_encode_mac_zil(void *data, uint8_t *mac);
  140 void zio_crypt_decode_mac_zil(const void *data, uint8_t *mac);
  141 void zio_crypt_copy_dnode_bonus(abd_t *src_abd, uint8_t *dst, uint_t datalen);
  142 
  143 int zio_crypt_do_indirect_mac_checksum(boolean_t generate, void *buf,
  144     uint_t datalen, boolean_t byteswap, uint8_t *cksum);
  145 int zio_crypt_do_indirect_mac_checksum_abd(boolean_t generate, abd_t *abd,
  146     uint_t datalen, boolean_t byteswap, uint8_t *cksum);
  147 int zio_crypt_do_hmac(zio_crypt_key_t *key, uint8_t *data, uint_t datalen,
  148     uint8_t *digestbuf, uint_t digestlen);
  149 int zio_crypt_do_objset_hmacs(zio_crypt_key_t *key, void *data, uint_t datalen,
  150     boolean_t byteswap, uint8_t *portable_mac, uint8_t *local_mac);
  151 int zio_do_crypt_data(boolean_t encrypt, zio_crypt_key_t *key,
  152     dmu_object_type_t ot, boolean_t byteswap, uint8_t *salt, uint8_t *iv,
  153     uint8_t *mac, uint_t datalen, uint8_t *plainbuf, uint8_t *cipherbuf,
  154     boolean_t *no_crypt);
  155 int zio_do_crypt_abd(boolean_t encrypt, zio_crypt_key_t *key,
  156     dmu_object_type_t ot, boolean_t byteswap, uint8_t *salt, uint8_t *iv,
  157     uint8_t *mac, uint_t datalen, abd_t *pabd, abd_t *cabd,
  158     boolean_t *no_crypt);
  159 
  160 #endif

Cache object: 0fae46c2aaea62e466725d5dc73db42b

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.