Project

General

Profile

Actions

Feature #12709

closed

Support custom URI schemes for the keylocation property

Added by Jason King over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
External Bug:

Description

This integrates the same feature I contributed to OpenZFS (I'm doing both to prevent divergence):

   Every platform has their own preferred methods for implementing URI
    schemes beyond the currently supported file scheme (e.g. 'https' on
    FreeBSD would likely use libfetch, while Linux distros and illumos
    would probably use libcurl, etc). It would be helpful if libzfs can
    be extended to support additional schemes in a simple manner.

    A table of (scheme, handler_function) pairs is added to libzfs_crypto.c,
    and the existing functions in libzfs_crypto.c so that when the key
    format is ZFS_KEYFORMAT_URI, the scheme from the URI string is
    extracted, and a matching handler it located in the aforementioned
    table (returning an error if no matching handler is found). The handler
    function is then invoked to retrieve the key material (in the format
    specified by the keyformat property) and the key is loaded or the
    handler can return an error to abort the key loading process.

    Reviewed by: Sean Eric Fagan <sef@ixsystems.com>
    Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
    Signed-off-by: Jason King <jason.king@joyent.com>
    Closes #10218
Actions #1

Updated by Jason King over 2 years ago

For testing, I ran the zfs test suite. All failures were known issues with existing tickets.

Additionally, I created encrypted datasets -- one using a passphrase and a keylocation of prompt, and another with a raw key and a file key location. I then unloaded the keys for both, then did zfs load-key for both which worked as expected (prompted for the first dataset, was able to successfuly enter passphrase, and key loaded from file for the second dataset).

Actions #2

Updated by Electric Monk over 2 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

git commit 6c24238b6748a460b462c0b48b263cef4a6cbcdd

commit  6c24238b6748a460b462c0b48b263cef4a6cbcdd
Author: Jason King <jason.king@joyent.com>
Date:   2020-05-28T17:54:20.000Z

    12709 Support custom URI schemes for the keylocation property
    Portions contributed by: Adam D. Moss <c@yotes.com>
    Reviewed by: Yuri Pankov <ypankov@fastmail.com>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions

Also available in: Atom PDF