Added argon2id as KDF.

cmd/zdb/zdb.c

@@ -41,6 +41,7 @@
 #include <ctype.h>
 #include <getopt.h>
 #include <openssl/evp.h>
+#include <argon2.h>
 #include <sys/zfs_context.h>
 #include <sys/spa.h>
 #include <sys/spa_impl.h>
@@ -3033,7 +3034,8 @@ static char *key_material = NULL;
 static boolean_t
 zdb_derive_key(dsl_dir_t *dd, uint8_t *key_out)
 {
-	uint64_t keyformat, salt, iters;
+	uint64_t keyformat, salt, iters, key_kdf;
+	uint64_t argon2_t_cost, argon2_m_cost, argon2_parallelism, argon2_version;
 	int i;
 	unsigned char c;
 
@@ -3055,16 +3057,47 @@ zdb_derive_key(dsl_dir_t *dd, uint8_t *key_out)
 
 	case ZFS_KEYFORMAT_PASSPHRASE:
 		VERIFY0(zap_lookup(dd->dd_pool->dp_meta_objset,
-		    dd->dd_crypto_obj, zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT),
-		    sizeof (uint64_t), 1, &salt));
-		VERIFY0(zap_lookup(dd->dd_pool->dp_meta_objset,
-		    dd->dd_crypto_obj, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS),
-		    sizeof (uint64_t), 1, &iters));
-
-		if (PKCS5_PBKDF2_HMAC_SHA1(key_material, strlen(key_material),
-		    ((uint8_t *)&salt), sizeof (uint64_t), iters,
-		    WRAPPING_KEY_LEN, key_out) != 1)
-			return (B_FALSE);
+		    dd->dd_crypto_obj, zfs_prop_to_name(ZFS_PROP_KEY_KDF),
+		    sizeof (uint64_t), 1, &key_kdf));
+		if (key_kdf == ZFS_KEY_KDF_PBKDF2 || key_kdf == ZFS_KEY_KDF_NONE) {
+			VERIFY0(zap_lookup(dd->dd_pool->dp_meta_objset,
+			    dd->dd_crypto_obj, zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT),
+			    sizeof (uint64_t), 1, &salt));
+			VERIFY0(zap_lookup(dd->dd_pool->dp_meta_objset,
+			    dd->dd_crypto_obj, zfs_prop_to_name(ZFS_PROP_PBKDF2_ITERS),
+			    sizeof (uint64_t), 1, &iters));
+
+			if (PKCS5_PBKDF2_HMAC_SHA1(key_material, strlen(key_material),
+			    ((uint8_t *)&salt), sizeof (uint64_t), iters,
+			    WRAPPING_KEY_LEN, key_out) != 1)
+				return (B_FALSE);
+		} else if (key_kdf == ZFS_KEY_KDF_ARGON2ID) {
+			VERIFY0(zap_lookup(dd->dd_pool->dp_meta_objset,
+			    dd->dd_crypto_obj, zfs_prop_to_name(ZFS_PROP_ARGON2_T_COST),
+			    sizeof (uint64_t), 1, &argon2_t_cost));
+			VERIFY0(zap_lookup(dd->dd_pool->dp_meta_objset,
+			    dd->dd_crypto_obj, zfs_prop_to_name(ZFS_PROP_ARGON2_M_COST),
+			    sizeof (uint64_t), 1, &argon2_m_cost));
+			VERIFY0(zap_lookup(dd->dd_pool->dp_meta_objset,
+			    dd->dd_crypto_obj, zfs_prop_to_name(ZFS_PROP_ARGON2_PARALLELISM),
+			    sizeof (uint64_t), 1, &argon2_parallelism));
+			VERIFY0(zap_lookup(dd->dd_pool->dp_meta_objset,
+			    dd->dd_crypto_obj, zfs_prop_to_name(ZFS_PROP_ARGON2_VERSION),
+			    sizeof (uint64_t), 1, &argon2_version));
+
+			if (argon2_hash(argon2_t_cost, argon2_m_cost,
+			    argon2_parallelism, key_material,
+			    strlen((char *)key_material), &salt, sizeof (uint64_t),
+			    key_out, WRAPPING_KEY_LEN, NULL,
+			    0, Argon2_id,
+			    argon2_version)
+			    != ARGON2_OK)
+				return (B_FALSE);
+		} else {
+			fatal("no support for kdf %u\n",
+			    (unsigned int) key_kdf);
+			return (B_TRUE);
+		}
 
 		break;
 

cmd/zfs/zfs_main.c

@@ -413,7 +413,7 @@ get_usage(zfs_help_t idx)
 		    "<-a | filesystem|volume>\n"));
 	case HELP_CHANGE_KEY:
 		return (gettext("\tchange-key [-l] [-o keyformat=<value>]\n"
-		    "\t    [-o keylocation=<value>] [-o pbkdf2iters=<value>]\n"
+		    "\t    [-o keylocation=<value>] [-o pbkdf2iters=<value>] [-o keykdf=<value>] [-o argon2_t_cost=<value>] [-o argon2_m_cost=<value>] [-o argon2_parallelism=<value>]\n"
 		    "\t    <filesystem|volume>\n"
 		    "\tchange-key -i [-l] <filesystem|volume>\n"));
 	case HELP_VERSION:

cmd/ztest.c

@@ -4206,6 +4206,8 @@ ztest_dataset_create(char *dsname)
 		    zfs_prop_to_name(ZFS_PROP_KEYFORMAT), ZFS_KEYFORMAT_RAW);
 		fnvlist_add_string(props,
 		    zfs_prop_to_name(ZFS_PROP_KEYLOCATION), "prompt");
+		fnvlist_add_uint64(props,
+		    zfs_prop_to_name(ZFS_PROP_KEY_KDF), ZFS_KEY_KDF_PBKDF2);
 		fnvlist_add_uint64(props,
 		    zfs_prop_to_name(ZFS_PROP_PBKDF2_SALT), 0ULL);
 		fnvlist_add_uint64(props,

config/user-libcrypto.m4

@@ -2,7 +2,18 @@ dnl #
 dnl # Check for libcrypto. Used for userspace password derivation via PBKDF2.
 dnl #
 AC_DEFUN([ZFS_AC_CONFIG_USER_LIBCRYPTO], [
-	ZFS_AC_FIND_SYSTEM_LIBRARY(LIBCRYPTO, [libcrypto], [openssl/evp.h], [], [crypto], [PKCS5_PBKDF2_HMAC_SHA1], [], [
-		AC_MSG_FAILURE([
-		*** evp.h missing, libssl-devel package required])])
+#	ZFS_AC_FIND_SYSTEM_LIBRARY(LIBCRYPTO, [libcrypto], [openssl/evp.h], [], [crypto], [PKCS5_PBKDF2_HMAC_SHA1], [], [
+#		AC_MSG_FAILURE([
+#		*** evp.h missing, libssl-devel package required])])
+
+ZFS_AC_FIND_SYSTEM_LIBRARY(LIBCRYPTO_SSL, [libcrypto], [openssl/evp.h], [], [crypto], [PKCS5_PBKDF2_HMAC_SHA1], [], [
+	AC_MSG_FAILURE([*** evp.h missing, libssl-devel package required])])
+ZFS_AC_FIND_SYSTEM_LIBRARY(LIBCRYPTO_ARGON2, [libargon2], [argon2.h], [], [argon2], [argon2id_hash_raw], [], [
+	AC_MSG_FAILURE([*** libargon2-dev package required])])
+
+LIBCRYPTO_CFLAGS="$LIBCRYPTO_SSL_CFLAGS $LIBCRYPTO_ARGON2_CFLAGS"
+LIBCRYPTO_LIBS="$LIBCRYPTO_SSL_LIBS $LIBCRYPTO_ARGON2_LIBS"
+AC_SUBST(LIBCRYPTO_CFLAGS, [])
+AC_SUBST(LIBCRYPTO_LIBS, [])
 ])
+

contrib/pam_zfs_key/pam_zfs_key.c

@@ -346,6 +346,15 @@ change_key(pam_handle_t *pamh, const char *ds_name,
 		zfs_close(ds);
 		return (-1);
 	}
+	if (nvlist_add_uint64(nvlist,
+	    zfs_prop_to_name(ZFS_PROP_KEY_KDF),
+	    ZFS_KEY_KDF_PBKDF2)) {
+		pam_syslog(pamh, LOG_ERR, "nvlist_add failed for key_kdf");
+		pw_free(key);
+		nvlist_free(nvlist);
+		zfs_close(ds);
+		return (-1);
+	}
 	if (nvlist_add_uint64(nvlist,
 	    zfs_prop_to_name(ZFS_PROP_KEYFORMAT),
 	    ZFS_KEYFORMAT_PASSPHRASE)) {

include/sys/dsl_crypt.h

@@ -49,6 +49,9 @@ typedef struct dsl_wrapping_key {
 	/* link on spa_keystore_t:sk_wkeys */
 	avl_node_t wk_avl_link;
 
+	/* key kdf algorithm */
+	uint64_t wk_key_kdf;
+
 	/* keyformat property enum */
 	zfs_keyformat_t wk_keyformat;
 
@@ -58,6 +61,18 @@ typedef struct dsl_wrapping_key {
 	/* the pbkdf2 iterations, if the keyformat is of type passphrase */
 	uint64_t wk_iters;
 
+	/* key kdf algorithm */
+	uint64_t wk_argon2_t_cost;
+
+	/* key kdf algorithm */
+	uint64_t wk_argon2_m_cost;
+
+	/* key kdf algorithm */
+	uint64_t wk_argon2_parallelism;
+
+	/* key kdf algorithm */
+	uint64_t wk_argon2_version;
+
 	/* actual wrapping key */
 	crypto_key_t wk_key;
 

include/sys/fs/zfs.h

@@ -191,6 +191,11 @@ typedef enum {
 	ZFS_PROP_REDACTED,
 	ZFS_PROP_REDACT_SNAPS,
 	ZFS_PROP_SNAPSHOTS_CHANGED,
+	ZFS_PROP_KEY_KDF,
+	ZFS_PROP_ARGON2_T_COST,
+	ZFS_PROP_ARGON2_M_COST,
+	ZFS_PROP_ARGON2_PARALLELISM,
+	ZFS_PROP_ARGON2_VERSION,
 	ZFS_NUM_PROPS
 } zfs_prop_t;
 
@@ -543,9 +548,20 @@ typedef enum zfs_key_location {
 	ZFS_KEYLOCATION_LOCATIONS
 } zfs_keylocation_t;
 
+typedef enum zfs_key_kdf {
+	ZFS_KEY_KDF_NONE = 0,
+	ZFS_KEY_KDF_PBKDF2,
+	ZFS_KEY_KDF_ARGON2ID,
+} zfs_key_kdf_t;
+
 #define	DEFAULT_PBKDF2_ITERATIONS 350000
 #define	MIN_PBKDF2_ITERATIONS 100000
 
+#define	DEFAULT_ARGON2_T_COST 4
+#define	DEFAULT_ARGON2_M_COST (1<<19)
+#define	DEFAULT_ARGON2_PARALLELISM 4
+#define	DEFAULT_ARGON2_VERSION ARGON2_VERSION_13
+
 /*
  * On-disk version number.
  */

lib/libzfs/libzfs.abi

@@ -1862,7 +1862,12 @@
       <enumerator name='ZFS_PROP_REDACTED' value='93'/>
       <enumerator name='ZFS_PROP_REDACT_SNAPS' value='94'/>
       <enumerator name='ZFS_PROP_SNAPSHOTS_CHANGED' value='95'/>
-      <enumerator name='ZFS_NUM_PROPS' value='96'/>
+      <enumerator name='ZFS_PROP_KEY_KDF' value='96'/>
+      <enumerator name='ZFS_PROP_ARGON2_T_COST' value='97'/>
+      <enumerator name='ZFS_PROP_ARGON2_M_COST' value='98'/>
+      <enumerator name='ZFS_PROP_ARGON2_PARALLELISM' value='99'/>
+      <enumerator name='ZFS_PROP_ARGON2_VERSION' value='100'/>
+      <enumerator name='ZFS_NUM_PROPS' value='101'/>
     </enum-decl>
     <typedef-decl name='zfs_prop_t' type-id='4b000d60' id='58603c44'/>
     <enum-decl name='zprop_source_t' naming-typedef-id='a2256d42' id='5903f80e'>