2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved. 2N/A * the keysource property 2N/A * Validate the PKCS#11 URI by parsing it out, 2N/A * and checking that an object is specified. 2N/A * Every other part of the PKCS#11 URI is optional. 2N/A /* If we are at the end of the key property, there is a problem */ 2N/A * The name needs to be that of the dataset we are creating. 2N/A * Using zc_value is wrong when doing a clone because it shows 2N/A * the name of the origin snapshot. However it is correct when 2N/A * doing a zfs recv, use zc_value upto the @ which is the 2N/A * name of the dataset getting created. 2N/A "Enter new hexadecimal key for"),
2N/A * Loading the key is the only case were we don't reprompt. 2N/A "They don't match.\n"));
2N/A * If the PKCS#11 uri has a pinfile argument read the pin from 2N/A * Otherwise if the libzfs_handle_t has crypto data we assume this is 2N/A * the PIN given we can only be in here with a PKCS#11 uri. 2N/A * Finally if that is empty then if we can prompt then do so using 2N/A * Abuse zfs_can_prompt_if_needed() by pretending we are 2N/A * "passphrase,prompt". 2N/A "Enter '%s' PKCS#11 token PIN for '%s': "),
2N/A "Enter PKCS#11 token PIN for '%s': "),
dsname);
2N/A /* If the token wasn't set we assume the metaslot */ 2N/A /* Always prompt for PIN since the key is likey CKA_SENSITIVE */ 2N/A "PKCS#11 token login failed."));
2N/A "PKCS#11 token object not found."));
2N/A "keysource points to multiple PKCS#11" 2N/A "invalid keysource property."));
2N/A * First check if there was anything in the handle already 2N/A * if so we use that and we are done with locating the data. 2N/A * Note that we may be looking at other fields 2N/A * and zic_clone_newkey even if zc_key_data_len is empty. 2N/A * We allow this regardless of the locator so that things 2N/A * like a PAM module can provide the passphrase but the user 2N/A * can still have "passphrase,prompt" to use zfs(1M) interactively. 2N/A * Get the key from the URI or prompt for it. 2N/A * If the format is raw then prompting is a simple read(2) 2N/A * otherwise we put up a prompt saying what we are asking for. 2N/A * We can't do this with the 'zfs mount -a' that is in 2N/A * cause errors or warnings there either. 2N/A /* get_passphrase allocates keydata */ 2N/A * Need to tell pkcs11_read_data() how big of a key 2N/A * we want in case the locator URI is a device (eg, /dev/random) 2N/A * to be read from and not a file. 2N/A * Note that pkcs11_read_data allocates memory with malloc 2N/A * that we need to free. 2N/A * Parse out the PKCS#11 URI and 2N/A * get the value of the wrapping key. 2N/A * Just deal with libcurl errors here, reading the wrong key 2N/A * size is dealt with generically in the format_key section. 2N/A "failed to retreive key from '%s': '%s'"),
2N/A "key can not be of zero size"));
2N/A * Now that we have the key do any transform that is necessary 2N/A * such as turning the hex format into raw or in the case of 2N/A * a passphrase running it through PKCS#5 to get the raw key. 2N/A * Note that zic_keydata is not malloc'd memory so that we 2N/A * don't have to worry about our caller freeing it. 2N/A * If the keylen is not on the byte boundary, in terms of hex 2N/A * format, and that extra char is a linefeed, we can trim it 2N/A * hexstr_to_bytes allocates memory with malloc 2N/A * but we want the data in zic_keydata which isn't malloc'd 2N/A * so to avoid a memory leak we use a tmpkeydata buffer 2N/A "invalid hex format key."));
2N/A /* Remove any extra linefeed that may be on the end */ 2N/A "failed to obtain salt: %s."),
2N/A "failed to access CKM_PKCS5_PBKD2: %s."),
2N/A * pkcs11_PasswdToKey allocates memory with malloc 2N/A * but we want the data in zic_keydata which isn't malloc'd 2N/A * so to avoid a memory leak we use a tmpkeydata buffer 2N/A "failed to generate key: %s."),
2N/A "key must be 128, 192 or 256 bits, got %lu bits"),
2N/A "invalid all zeros key %lu"));
2N/A "already loaded."));
2N/A "no keysource property available."));
2N/A "key must be loaded from global zone."));
2N/A "no key to unload when encryption=off."));
2N/A "key not present."));
2N/A * We need to be sure that all the data has been written to 2N/A * disk before we unload the key so we first have to attempt 2N/A * an unmount, if that fails we don't continue with the key unload 2N/A * and instead return the error from zfs_umount. 2N/A "failed to unload key: unmount failed"));
2N/A "cannot change key when encryption=off"));
2N/A "inconsistent state encryption enabled but " 2N/A "key not defined."));
2N/A "load existing key first: 'zfs key -l <dataset>'."));
2N/A "keysource property not local, change key on '%s'."),
2N/A * The only thing we currently expect in props is a keysource 2N/A * if we have props without keysource then that isn't valid. 2N/A "invalid props for key change; expected " 2N/A "%s property missing."),
2N/A "unable to prompt for new wrapping key."));
2N/A /* Send change to kernel */ 2N/A * This is to verify that the proposed keysource property change via 2N/A * 'zfs set', and internal functions is valid. 2N/A * If we are calling this from a change key operation or a clone 2N/A * the valid keysource changes have no restrictions. 2N/A * If we are calling this from a set property operation, the valid 2N/A * keysources are limited to the same format 2N/A/* Validate the keysource provided is a valid keysource */ 2N/A * Called for creating new filesystems and clones and receiving. 2N/A * For encryption != off get the key material. 2N/A "parent not found"));
2N/A "stream encryption '%s'(%llu) differs " 2N/A "from receiving dataset value '%s'(%llu)"),
2N/A "parent not found"));
2N/A "encryption value. dataset must be encrypted."));
2N/A * If we have nothing to do then bail out, but make one last check 2N/A * that keysource wasn't specified when there is no crypto going on. 2N/A "can not be specified when encryption is off."));
2N/A * Need to pass down the inherited crypt value so that 2N/A * dsl_crypto_key_gen() can see the same that we saw. 2N/A * Here we have encryption on so we need to find a valid keysource 2N/A * Now lets see if we have an explicit setting for keysource and 2N/A * we have validate it; otherwise, if we inherit then it is already 2N/A * If keysource is local then encryption has to be as well 2N/A * otherwise we could end up with the wrong sized keys. 2N/A /* Get the already validated keysource from our parent */ 2N/A "keysource must be provided."));
2N/A * "Default" to "passphrase,prompt". The obvious 2N/A * as the property default. However that doesn't 2N/A * work here because we don't want keysource set 2N/A * for datasets that have encryption=off. If we 2N/A * ever change the default to encryption=on then 2N/A * the default of keysource can change too. 2N/A * This is needed because of how inheritance happens 2N/A * with defaulted properties, they show up as 2N/A * "default" not "inherit" but we need "inherit" 2N/A * to find the wrapping key if we are actually 2N/A * inheriting keysource. 2N/A * Assume key is available and handle failure ioctl 2N/A * ENOKEY errors later. 2N/A * AVAILABLE we are done other than filling in who we 2N/A * are inheriting the wrapping key from. 2N/A * UNAVAILABLE we need to load the key of a higher level 2N/A "unable to prompt for key material keysource = \"%s\"\n"),
2N/A * zfs_crypto_rename_check 2N/A * Can't rename "out" of same hierarchy if keysource would change. 2N/A * If this dataset isn't encrypted we allow the rename, unless it 2N/A * is being placed "below" an encrypted one. 2N/A /* Simple rename in place */ 2N/A /* parent should never be null */ 2N/A "failed to obtain parent to check encryption property."));
2N/A /* If no crypt involved then we are done. */ 2N/A /* Just like create time no unencrypted below encrypted . */ 2N/A "Can not move unencrypted dataset below " 2N/A "encrypted datasets."));
2N/A * From here on we need to check that keysource is 2N/A * from the same dataset if it is being inherited 2N/A "keysource must be provided."));
2N/A "keysource must be provided."));
2N/A "keysource doesn't allow for rename, make keysource local."));