Skip to content

Commit

Permalink
ZFS encryption work in progress. Currently includes Illumos Crypto Po…
Browse files Browse the repository at this point in the history
…rt and Keystore implementation.

Requires-spl: refs/pull/533/head
  • Loading branch information
Tom Caputi committed Feb 21, 2016
1 parent 19a47cb commit 9ec5427
Showing 108 changed files with 33,761 additions and 54 deletions.
8 changes: 8 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -26,6 +26,14 @@ modules.order
Makefile
Makefile.in

#
# Eclipse rules - REMOVE BEFORE SUBMITTING
#
.settings/
.cproject
.project
.autotools

#
# Top level generated files specific to this top level dir
#
33 changes: 33 additions & 0 deletions cmd/zdb/zdb.c
Original file line number Diff line number Diff line change
@@ -59,6 +59,7 @@
#include <sys/arc.h>
#include <sys/ddt.h>
#include <sys/zfeature.h>
#include <sys/dsl_keychain.h>
#include <zfs_comutil.h>
#undef ZFS_MAXNAMELEN
#include <libzfs.h>
@@ -1353,6 +1354,8 @@ dump_dsl_dir(objset_t *os, uint64_t object, void *data, size_t size)
(u_longlong_t)dd->dd_props_zapobj);
(void) printf("\t\tdeleg_zapobj = %llu\n",
(u_longlong_t)dd->dd_deleg_zapobj);
(void) printf("\t\tkeychain_obj = %llu\n",
(u_longlong_t)dd->dd_keychain_obj);
(void) printf("\t\tflags = %llx\n",
(u_longlong_t)dd->dd_flags);

@@ -1814,6 +1817,35 @@ dump_dmu_objset(objset_t *os, uint64_t object, void *data, size_t size)
{
}

/*ARGSUSED*/
static void
dump_keychain_zap(objset_t *os, uint64_t object, void *data, size_t size)
{
zap_cursor_t zc;
zap_attribute_t attr;
dsl_crypto_key_phys_t dckp;
uint64_t txgid;
size_t keylen;

dump_zap_stats(os, object);
(void) printf("\tKeychain entries by txg:\n");

for (zap_cursor_init(&zc, os, object);
zap_cursor_retrieve(&zc, &attr) == 0; zap_cursor_advance(&zc)) {

txgid = ((uint64_t)*attr.za_name);
VERIFY0(zap_lookup_uint64(os, object, &txgid, 1, 1,
sizeof (dsl_crypto_key_phys_t), &dckp));

keylen = BYTES_TO_BITS(
zio_crypt_table[dckp.dk_crypt_alg].ci_keylen);

(void) printf("\t\ttxg %llu : wkeylen = %u\n",
(u_longlong_t)txgid, (uint_t)keylen);
}
zap_cursor_fini(&zc);
}

static object_viewer_t *object_viewer[DMU_OT_NUMTYPES + 1] = {
dump_none, /* unallocated */
dump_zap, /* object directory */
@@ -1869,6 +1901,7 @@ static object_viewer_t *object_viewer[DMU_OT_NUMTYPES + 1] = {
dump_none, /* deadlist hdr */
dump_zap, /* dsl clones */
dump_bpobj_subobjs, /* bpobj subobjs */
dump_keychain_zap, /* DSL keychain */
dump_unknown, /* Unknown type, must be last */
};

126 changes: 123 additions & 3 deletions cmd/zfs/zfs_main.c
Original file line number Diff line number Diff line change
@@ -103,6 +103,7 @@ static int zfs_do_holds(int argc, char **argv);
static int zfs_do_release(int argc, char **argv);
static int zfs_do_diff(int argc, char **argv);
static int zfs_do_bookmark(int argc, char **argv);
static int zfs_do_crypto(int argc, char **argv);

/*
* Enable a reasonable set of defaults for libumem debugging on DEBUG builds.
@@ -150,6 +151,7 @@ typedef enum {
HELP_RELEASE,
HELP_DIFF,
HELP_BOOKMARK,
HELP_CRYPTO,
} zfs_help_t;

typedef struct zfs_command {
@@ -203,6 +205,7 @@ static zfs_command_t command_table[] = {
{ "holds", zfs_do_holds, HELP_HOLDS },
{ "release", zfs_do_release, HELP_RELEASE },
{ "diff", zfs_do_diff, HELP_DIFF },
{ "key", zfs_do_crypto, HELP_CRYPTO },
};

#define NCOMMAND (sizeof (command_table) / sizeof (command_table[0]))
@@ -319,6 +322,9 @@ get_usage(zfs_help_t idx)
"[snapshot|filesystem]\n"));
case HELP_BOOKMARK:
return (gettext("\tbookmark <snapshot> <bookmark>\n"));
case HELP_CRYPTO:
return (gettext("\tkey -l <filesystem|volume>\n"
"\tkey -u <filesystem|volume>\n"));
}

abort();
@@ -640,7 +646,7 @@ static int
zfs_do_clone(int argc, char **argv)
{
zfs_handle_t *zhp = NULL;
boolean_t parents = B_FALSE;
boolean_t parents = B_FALSE, add_key = B_FALSE;
nvlist_t *props;
int ret = 0;
int c;
@@ -649,7 +655,7 @@ zfs_do_clone(int argc, char **argv)
nomem();

/* check options */
while ((c = getopt(argc, argv, "o:p")) != -1) {
while ((c = getopt(argc, argv, "o:pK")) != -1) {
switch (c) {
case 'o':
if (parseprop(props, optarg) != 0)
@@ -658,6 +664,9 @@ zfs_do_clone(int argc, char **argv)
case 'p':
parents = B_TRUE;
break;
case 'K':
add_key = B_TRUE;
break;
case '?':
(void) fprintf(stderr, gettext("invalid option '%c'\n"),
optopt);
@@ -703,7 +712,7 @@ zfs_do_clone(int argc, char **argv)
}

/* pass to libzfs */
ret = zfs_clone(zhp, argv[1], props);
ret = zfs_clone(zhp, argv[1], props, add_key);

/* create the mountpoint if necessary */
if (ret == 0) {
@@ -6699,6 +6708,117 @@ zfs_do_bookmark(int argc, char **argv)
return (-1);
}

static int
zfs_do_crypto(int argc, char **argv)
{
int c, ret = -1;
boolean_t load = B_FALSE, unload = B_FALSE;
boolean_t add_key = B_FALSE, rewrap = B_FALSE;
nvlist_t *props = NULL;
zfs_handle_t *zhp = NULL;

if (nvlist_alloc(&props, NV_UNIQUE_NAME, 0) != 0)
nomem();

while ((c = getopt(argc, argv, "ulKco:")) != -1) {
switch (c) {
case 'u':
if (ret == 0) {
(void) fprintf(stderr, gettext(
"multiple actions specified\n"));
goto usage;
}
unload = B_TRUE;
ret = 0;
break;
case 'l':
if (ret == 0) {
(void) fprintf(stderr, gettext(
"multiple actions specified\n"));
goto usage;
}
load = B_TRUE;
ret = 0;
break;
case 'K':
if (ret == 0) {
(void) fprintf(stderr, gettext(
"multiple actions specified\n"));
goto usage;
}
add_key = B_TRUE;
ret = 0;
break;
case 'c':
if (ret == 0) {
(void) fprintf(stderr, gettext(
"multiple actions specified\n"));
goto usage;
}
rewrap = B_TRUE;
ret = 0;
break;
case 'o':
if (parseprop(props, optarg) != 0)
return (1);
break;
default:
(void) fprintf(stderr,
gettext("invalid option '%c'\n"), optopt);
goto usage;
}
}

if (ret) {
(void) fprintf(stderr,
gettext("No action specified\n"));
goto usage;
}

if (!rewrap && !nvlist_empty(props)) {
(void) fprintf(stderr,
gettext("Properties not accepted "
"for specified command\n"));
goto usage;
}

if (argc < 3) {
(void) fprintf(stderr, gettext("Too few arguments\n"));
goto usage;
}

zhp = zfs_open(g_zfs, argv[argc - 1],
ZFS_TYPE_FILESYSTEM|ZFS_TYPE_VOLUME);
if (zhp == NULL)
goto usage;

if (load)
ret = zfs_crypto_load_key(zhp);
else if (unload)
ret = zfs_crypto_unload_key(zhp);
else if (add_key)
ret = zfs_crypto_add_key(zhp);
else
ret = zfs_crypto_rewrap(zhp, props);

if (ret)
goto error;

nvlist_free(props);
zfs_close(zhp);
return (0);

usage:
usage(B_FALSE);

error:
if (props)
nvlist_free(props);
if (zhp)
zfs_close(zhp);
return (-1);
}

int
main(int argc, char **argv)
{
10 changes: 5 additions & 5 deletions cmd/ztest/ztest.c
Original file line number Diff line number Diff line change
@@ -3261,7 +3261,7 @@ static int
ztest_dataset_create(char *dsname)
{
uint64_t zilset = ztest_random(100);
int err = dmu_objset_create(dsname, DMU_OST_OTHER, 0,
int err = dmu_objset_create(dsname, DMU_OST_OTHER, 0, NULL,
ztest_objset_create_cb, NULL);

if (err || zilset < 80)
@@ -3423,7 +3423,7 @@ ztest_dmu_objset_create_destroy(ztest_ds_t *zd, uint64_t id)
* Verify that we cannot create an existing dataset.
*/
VERIFY3U(EEXIST, ==,
dmu_objset_create(name, DMU_OST_OTHER, 0, NULL, NULL));
dmu_objset_create(name, DMU_OST_OTHER, 0, NULL, NULL, NULL));

/*
* Verify that we can hold an objset that is also owned.
@@ -3557,7 +3557,7 @@ ztest_dsl_dataset_promote_busy(ztest_ds_t *zd, uint64_t id)
fatal(0, "dmu_take_snapshot(%s) = %d", snap1name, error);
}

error = dmu_objset_clone(clone1name, snap1name);
error = dmu_objset_clone(clone1name, snap1name, NULL);
if (error) {
if (error == ENOSPC) {
ztest_record_enospc(FTAG);
@@ -3584,7 +3584,7 @@ ztest_dsl_dataset_promote_busy(ztest_ds_t *zd, uint64_t id)
fatal(0, "dmu_open_snapshot(%s) = %d", snap3name, error);
}

error = dmu_objset_clone(clone2name, snap3name);
error = dmu_objset_clone(clone2name, snap3name, NULL);
if (error) {
if (error == ENOSPC) {
ztest_record_enospc(FTAG);
@@ -4883,7 +4883,7 @@ ztest_dmu_snapshot_hold(ztest_ds_t *zd, uint64_t id)
fatal(0, "dmu_objset_snapshot(%s) = %d", fullname, error);
}

error = dmu_objset_clone(clonename, fullname);
error = dmu_objset_clone(clonename, fullname, NULL);
if (error) {
if (error == ENOSPC) {
ztest_record_enospc("dmu_objset_clone");
7 changes: 7 additions & 0 deletions configure.ac
Original file line number Diff line number Diff line change
@@ -123,12 +123,19 @@ AC_CONFIG_FILES([
module/zcommon/Makefile
module/zfs/Makefile
module/zpios/Makefile
module/icp/Makefile
include/Makefile
include/arch/Makefile
include/arch/intel/Makefile
include/arch/intel/ia32/Makefile
include/arch/intel/ia32/sys/Makefile
include/arch/intel/sys/Makefile
include/linux/Makefile
include/sys/Makefile
include/sys/fs/Makefile
include/sys/fm/Makefile
include/sys/fm/fs/Makefile
include/sys/crypto/Makefile
scripts/Makefile
scripts/zpios-profile/Makefile
scripts/zpios-test/Makefile
2 changes: 1 addition & 1 deletion include/Makefile.am
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
SUBDIRS = linux sys
SUBDIRS = linux sys arch

COMMON_H = \
$(top_srcdir)/include/zfeature_common.h \
19 changes: 19 additions & 0 deletions include/arch/Makefile.am
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
SUBDIRS = intel

COMMON_H =

KERNEL_H =

USER_H =

EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H)

if CONFIG_USER
libzfsdir = $(includedir)/libzfs/arch
libzfs_HEADERS = $(COMMON_H) $(USER_H)
endif

if CONFIG_KERNEL
kerneldir = @prefix@/src/zfs-$(VERSION)/include/arch
kernel_HEADERS = $(COMMON_H) $(KERNEL_H)
endif
19 changes: 19 additions & 0 deletions include/arch/intel/Makefile.am
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
SUBDIRS = ia32 sys

COMMON_H =

KERNEL_H =

USER_H =

EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H)

if CONFIG_USER
libzfsdir = $(includedir)/libzfs/arch
libzfs_HEADERS = $(COMMON_H) $(USER_H)
endif

if CONFIG_KERNEL
kerneldir = @prefix@/src/zfs-$(VERSION)/include/arch
kernel_HEADERS = $(COMMON_H) $(KERNEL_H)
endif
19 changes: 19 additions & 0 deletions include/arch/intel/ia32/Makefile.am
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
SUBDIRS = sys

COMMON_H =

KERNEL_H =

USER_H =

EXTRA_DIST = $(COMMON_H) $(KERNEL_H) $(USER_H)

if CONFIG_USER
libzfsdir = $(includedir)/libzfs/arch
libzfs_HEADERS = $(COMMON_H) $(USER_H)
endif

if CONFIG_KERNEL
kerneldir = @prefix@/src/zfs-$(VERSION)/include/arch
kernel_HEADERS = $(COMMON_H) $(KERNEL_H)
endif
Loading

0 comments on commit 9ec5427

Please sign in to comment.