Tuesday, June 12, 2018

Extracting ZFS Wrapping Key

Thanks to Victor Latushkin, below is a procedure on how to extract ZFS wrapping key for a given dataset. Notice that key length is encoded in number of bits so it needs to be converted.
# cat /tmp/p
aaaaaaaaaabbbbbbbbbbccccccccccz

# zfs create -o encryption=aes-256-ccm -o keysource="raw,file:///tmp/p" test-0/testp
# zfs get objsetid test-0/testp
NAME                              PROPERTY  VALUE  SOURCE
test-0/testp  objsetid  192    -
# mdb -k
Loading modules: [ unix genunix specfs dtrace mac cpu.generic uppc apix zvpsm scsi_vhci iommu zfs lsc sd ip hook neti arp usba kssl stmf stmf_sbd sockfs lofs random idm nvme sata ufs cpc crypto fcip fctl fcp smbsrv nfs zvmm logindmux
nsmb ptm sppp ipc ]
> ::spa
ADDR                 STATE NAME                   REALNAME
ffffa1c13a33b000    ACTIVE test-0 -
ffffa1c13a38b000    ACTIVE test-1 -
ffffa1c13a097000    ACTIVE rpool                  -
> ffffa1c13a33b000::spa |::print spa spa_keystore->sk_dslkeys|::walk avl|::if zcrypt_keystore_node_t skn_os = 0t192|::print zcrypt_keystore_node_t skn_wrapkey->zk_key.cku_data.cku_key_value.cku_v_length
skn_wrapkey->zk_key.cku_data.cku_key_value.cku_v_length = 0x100
> 0x100 % 8 = X
                20
> ffffa1c13a33b000::spa |::print spa spa_keystore->sk_dslkeys|::walk avl|::if zcrypt_keystore_node_t skn_os = 0t192|::print zcrypt_keystore_node_t skn_wrapkey->zk_key.cku_data.cku_key_value.cku_v_data|::dump -un 0x20
                    0 1 2 3  4 5 6 7  8 9 a b  c d e f  0123456789abcdef
ffffa1c149dcdd20:  61616161 61616161 61616262 62626262  aaaaaaaaaabbbbbb
ffffa1c149dcdd30:  62626262 63636363 63636363 63637a0a  bbbbccccccccccz.

No comments:

Post a Comment