openzfs
diff --git a/‎Makefile.am
Lines changed: 1 addition & 0 deletions b/‎Makefile.am
Lines changed: 1 addition & 0 deletions
diff --git a/‎include/os/freebsd/zfs/sys/freebsd_crypto.h
Lines changed: 1 addition & 0 deletions b/‎include/os/freebsd/zfs/sys/freebsd_crypto.h
Lines changed: 1 addition & 0 deletions
diff --git a/‎include/sys/crypto/common.h
Lines changed: 1 addition & 0 deletions b/‎include/sys/crypto/common.h
Lines changed: 1 addition & 0 deletions
diff --git a/‎include/sys/crypto/icp.h
Lines changed: 3 additions & 0 deletions b/‎include/sys/crypto/icp.h
Lines changed: 3 additions & 0 deletions
diff --git a/‎include/sys/fs/zfs.h
Lines changed: 1 addition & 0 deletions b/‎include/sys/fs/zfs.h
Lines changed: 1 addition & 0 deletions
diff --git a/‎include/sys/zio_crypt.h
Lines changed: 3 additions & 2 deletions b/‎include/sys/zio_crypt.h
Lines changed: 3 additions & 2 deletions
diff --git a/‎include/zfeature_common.h
Lines changed: 1 addition & 0 deletions b/‎include/zfeature_common.h
Lines changed: 1 addition & 0 deletions
diff --git a/‎lib/libicp/Makefile.am
Lines changed: 2 additions & 0 deletions b/‎lib/libicp/Makefile.am
Lines changed: 2 additions & 0 deletions
diff --git a/‎lib/libzfs/libzfs.abi
Lines changed: 40 additions & 17 deletions b/‎lib/libzfs/libzfs.abi
Lines changed: 40 additions & 17 deletions
diff --git a/‎man/man7/zfsprops.7
Lines changed: 9 additions & 2 deletions b/‎man/man7/zfsprops.7
Lines changed: 9 additions & 2 deletions
@@ -124,6 +124,7 @@ cstyle:
 		! -name 'zfs_config.*' ! -name '*.mod.c' \
 		! -name 'opt_global.h' ! -name '*_if*.h' \
 		! -name 'zstd_compat_wrapper.h' \
+		! -name 'monocypher.[ch]' \
 		! -path './module/zstd/lib/*' \
 		! -path './include/sys/lua/*' \
 		! -path './module/lua/l*.[ch]' \
 
@@ -41,6 +41,7 @@
 #define	SUN_CKM_AES_CCM	"CKM_AES_CCM"
 #define	SUN_CKM_AES_GCM	"CKM_AES_GCM"
 #define	SUN_CKM_SHA512_HMAC	"CKM_SHA512_HMAC"
+#define	SUN_CKM_CHACHA20_POLY1305	"CKM_CHACHA20_POLY1305"
 
 #define	CRYPTO_BITS2BYTES(n) ((n) == 0 ? 0 : (((n) - 1) >> 3) + 1)
 #define	CRYPTO_BYTES2BITS(n) ((n) << 3)
 
@@ -82,6 +82,7 @@ typedef uint32_t crypto_keysize_unit_t;
 #define	SUN_CKM_SHA512_HMAC		"CKM_SHA512_HMAC"
 #define	SUN_CKM_AES_CCM			"CKM_AES_CCM"
 #define	SUN_CKM_AES_GCM			"CKM_AES_GCM"
+#define	SUN_CKM_CHACHA20_POLY1305	"CKM_CHACHA20_POLY1305"
 
 /* Data arguments of cryptographic operations */
 
 
@@ -26,6 +26,9 @@
 #ifndef	_SYS_CRYPTO_ALGS_H
 #define	_SYS_CRYPTO_ALGS_H
 
+int chapoly_mod_init(void);
+int chapoly_mod_fini(void);
+
 int aes_mod_init(void);
 int aes_mod_fini(void);
 
 
@@ -1888,6 +1888,7 @@ enum zio_encrypt {
 	ZIO_CRYPT_AES_128_GCM,
 	ZIO_CRYPT_AES_192_GCM,
 	ZIO_CRYPT_AES_256_GCM,
+	ZIO_CRYPT_CHACHA20_POLY1305,
 	ZIO_CRYPT_FUNCTIONS
 };
 
 
@@ -45,7 +45,8 @@ struct zbookmark_phys;
 typedef enum zio_crypt_type {
 	ZC_TYPE_NONE = 0,
 	ZC_TYPE_CCM,
-	ZC_TYPE_GCM
+	ZC_TYPE_GCM,
+	ZC_TYPE_CHACHA20_POLY1305,
 } zio_crypt_type_t;
 
 /* table of supported crypto algorithms, modes and keylengths. */
@@ -60,7 +61,7 @@ typedef struct zio_crypt_info {
 #else
 	crypto_mech_name_t ci_mechname;
 #endif
-	/* cipher mode type (GCM, CCM) */
+	/* cipher mode type (GCM, CCM, ChaCha20-Poly1305) */
 	zio_crypt_type_t ci_crypt_type;
 
 	/* length of the encryption key */
 
@@ -83,6 +83,7 @@ typedef enum spa_feature {
 	SPA_FEATURE_REDACTION_LIST_SPILL,
 	SPA_FEATURE_RAIDZ_EXPANSION,
 	SPA_FEATURE_FAST_DEDUP,
+	SPA_FEATURE_CHACHA20_POLY1305,
 	SPA_FEATURES
 } spa_feature_t;
 
 
@@ -29,8 +29,10 @@ nodist_libicp_la_SOURCES = \
 	module/icp/algs/skein/skein_block.c \
 	module/icp/algs/skein/skein_iv.c \
 	module/icp/illumos-crypto.c \
+	module/icp/monocypher.c \
 	module/icp/io/aes.c \
 	module/icp/io/sha2_mod.c \
+	module/icp/io/chapoly.c \
 	module/icp/core/kcf_sched.c \
 	module/icp/core/kcf_prov_lib.c \
 	module/icp/core/kcf_callprov.c \
 
@@ -183,8 +183,8 @@
     <elf-symbol name='fsleep' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='get_dataset_depth' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='get_system_hostid' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
-    <elf-symbol name='getexecname' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='get_timestamp' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
+    <elf-symbol name='getexecname' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='getextmntent' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='getmntany' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='getprop_uint64' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
@@ -466,6 +466,7 @@
     <elf-symbol name='zpool_clear' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_clear_label' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_close' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
+    <elf-symbol name='zpool_collect_unsup_feat' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_create' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_default_search_paths' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_destroy' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
@@ -485,8 +486,8 @@
     <elf-symbol name='zpool_export_force' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_feature_init' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_find_config' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
-    <elf-symbol name='zpool_find_vdev' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_find_parent_vdev' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
+    <elf-symbol name='zpool_find_vdev' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_find_vdev_by_physpath' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_free_handles' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_get_all_vdev_props' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
@@ -529,7 +530,6 @@
     <elf-symbol name='zpool_prefetch' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_prepare_and_label_disk' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_prepare_disk' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
-    <elf-symbol name='zpool_collect_unsup_feat' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_prop_align_right' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_prop_column_name' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zpool_prop_default_numeric' type='func-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
@@ -616,7 +616,7 @@
     <elf-symbol name='fletcher_4_superscalar_ops' size='128' type='object-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='libzfs_config_ops' size='16' type='object-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='sa_protocol_names' size='16' type='object-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
-    <elf-symbol name='spa_feature_table' size='2352' type='object-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
+    <elf-symbol name='spa_feature_table' size='2408' type='object-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zfeature_checks_disable' size='4' type='object-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zfs_deleg_perm_tab' size='512' type='object-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
     <elf-symbol name='zfs_history_event_names' size='328' type='object-type' binding='global-binding' visibility='default-visibility' is-defined='yes'/>
@@ -6007,7 +6007,8 @@
       <enumerator name='SPA_FEATURE_REDACTION_LIST_SPILL' value='39'/>
       <enumerator name='SPA_FEATURE_RAIDZ_EXPANSION' value='40'/>
       <enumerator name='SPA_FEATURE_FAST_DEDUP' value='41'/>
-      <enumerator name='SPA_FEATURES' value='42'/>
+      <enumerator name='SPA_FEATURE_CHACHA20_POLY1305' value='42'/>
+      <enumerator name='SPA_FEATURES' value='43'/>
     </enum-decl>
     <typedef-decl name='spa_feature_t' type-id='33ecb627' id='d6618c78'/>
     <qualified-type-def type-id='80f4b756' const='yes' id='b99c00c9'/>
@@ -7831,7 +7832,7 @@
       </data-member>
     </class-decl>
     <typedef-decl name='vdev_cbdata_t' type-id='b8006be8' id='a9679c94'/>
-    <class-decl name='zprop_get_cbdata' size-in-bits='832' is-struct='yes' visibility='default' id='f3d3c319'>
+    <class-decl name='zprop_get_cbdata' size-in-bits='960' is-struct='yes' visibility='default' id='f3d3c319'>
       <data-member access='public' layout-offset-in-bits='0'>
         <var-decl name='cb_sources' type-id='95e97e5e' visibility='default'/>
       </data-member>
@@ -7850,6 +7851,9 @@
       <data-member access='public' layout-offset-in-bits='448'>
         <var-decl name='cb_first' type-id='c19b74c3' visibility='default'/>
       </data-member>
+      <data-member access='public' layout-offset-in-bits='480'>
+        <var-decl name='cb_json' type-id='c19b74c3' visibility='default'/>
+      </data-member>
       <data-member access='public' layout-offset-in-bits='512'>
         <var-decl name='cb_proplist' type-id='3a9b2288' visibility='default'/>
       </data-member>
@@ -7859,6 +7863,15 @@
       <data-member access='public' layout-offset-in-bits='640'>
         <var-decl name='cb_vdevs' type-id='a9679c94' visibility='default'/>
       </data-member>
+      <data-member access='public' layout-offset-in-bits='832'>
+        <var-decl name='cb_jsobj' type-id='5ce45b60' visibility='default'/>
+      </data-member>
+      <data-member access='public' layout-offset-in-bits='896'>
+        <var-decl name='cb_json_as_int' type-id='c19b74c3' visibility='default'/>
+      </data-member>
+      <data-member access='public' layout-offset-in-bits='928'>
+        <var-decl name='cb_json_pool_key_guid' type-id='c19b74c3' visibility='default'/>
+      </data-member>
     </class-decl>
     <typedef-decl name='zprop_get_cbdata_t' type-id='f3d3c319' id='f3d87113'/>
     <typedef-decl name='zprop_func' type-id='2e711a2a' id='1ec3747a'/>
@@ -7962,6 +7975,11 @@
     <qualified-type-def type-id='d33f11cb' restrict='yes' id='5c53ba29'/>
     <pointer-type-def type-id='ffa52b96' size-in-bits='64' id='76c8174b'/>
     <pointer-type-def type-id='f3d87113' size-in-bits='64' id='0d2a0670'/>
+    <function-decl name='nvlist_print_json' visibility='default' binding='global' size-in-bits='64'>
+      <parameter type-id='822cd80b'/>
+      <parameter type-id='5ce45b60'/>
+      <return type-id='95e97e5e'/>
+    </function-decl>
     <function-decl name='zpool_label_disk' mangled-name='zpool_label_disk' visibility='default' binding='global' size-in-bits='64' elf-symbol-id='zpool_label_disk'>
       <parameter type-id='b0382bb3'/>
       <parameter type-id='4c81de99'/>
@@ -8069,6 +8087,11 @@
       <parameter type-id='d33f11cb'/>
       <return type-id='48b5725f'/>
     </function-decl>
+    <function-decl name='putc' visibility='default' binding='global' size-in-bits='64'>
+      <parameter type-id='95e97e5e'/>
+      <parameter type-id='822cd80b'/>
+      <return type-id='95e97e5e'/>
+    </function-decl>
     <function-decl name='puts' visibility='default' binding='global' size-in-bits='64'>
       <parameter type-id='80f4b756'/>
       <return type-id='95e97e5e'/>
@@ -8087,6 +8110,11 @@
       <parameter type-id='95e97e5e'/>
       <return type-id='48b5725f'/>
     </function-decl>
+    <function-decl name='strspn' visibility='default' binding='global' size-in-bits='64'>
+      <parameter type-id='80f4b756'/>
+      <parameter type-id='80f4b756'/>
+      <return type-id='b59d7dce'/>
+    </function-decl>
     <function-decl name='strnlen' visibility='default' binding='global' size-in-bits='64'>
       <parameter type-id='80f4b756'/>
       <parameter type-id='b59d7dce'/>
@@ -8286,12 +8314,12 @@
     <function-decl name='zfs_version_print' mangled-name='zfs_version_print' visibility='default' binding='global' size-in-bits='64' elf-symbol-id='zfs_version_print'>
       <return type-id='95e97e5e'/>
     </function-decl>
-    <function-decl name='use_color' mangled-name='use_color' visibility='default' binding='global' size-in-bits='64' elf-symbol-id='use_color'>
-      <return type-id='95e97e5e'/>
-    </function-decl>
     <function-decl name='zfs_version_nvlist' mangled-name='zfs_version_nvlist' visibility='default' binding='global' size-in-bits='64' elf-symbol-id='zfs_version_nvlist'>
       <return type-id='5ce45b60'/>
     </function-decl>
+    <function-decl name='use_color' mangled-name='use_color' visibility='default' binding='global' size-in-bits='64' elf-symbol-id='use_color'>
+      <return type-id='95e97e5e'/>
+    </function-decl>
     <function-decl name='printf_color' mangled-name='printf_color' visibility='default' binding='global' size-in-bits='64' elf-symbol-id='printf_color'>
       <parameter type-id='80f4b756' name='color'/>
       <parameter type-id='80f4b756' name='format'/>
@@ -8796,11 +8824,6 @@
       <parameter type-id='78c01427'/>
       <return type-id='13956559'/>
     </function-decl>
-    <function-decl name='strspn' visibility='default' binding='global' size-in-bits='64'>
-      <parameter type-id='80f4b756'/>
-      <parameter type-id='80f4b756'/>
-      <return type-id='b59d7dce'/>
-    </function-decl>
     <function-decl name='zfs_dirnamelen' mangled-name='zfs_dirnamelen' visibility='default' binding='global' size-in-bits='64' elf-symbol-id='zfs_dirnamelen'>
       <parameter type-id='80f4b756' name='path'/>
       <return type-id='79a0948f'/>
@@ -9132,8 +9155,8 @@
     </function-decl>
   </abi-instr>
   <abi-instr address-size='64' path='module/zcommon/zfeature_common.c' language='LANG_C99'>
-    <array-type-def dimensions='1' type-id='83f29ca2' size-in-bits='18816' id='b937914f'>
-      <subrange length='42' type-id='7359adad' id='cb7c937f'/>
+    <array-type-def dimensions='1' type-id='83f29ca2' size-in-bits='19264' id='bd39d632'>
+      <subrange length='43' type-id='7359adad' id='8f7e73a2'/>
     </array-type-def>
     <enum-decl name='zfeature_flags' id='6db816a4'>
       <underlying-type type-id='9cac1fee'/>
@@ -9210,7 +9233,7 @@
     <pointer-type-def type-id='611586a1' size-in-bits='64' id='2e243169'/>
     <qualified-type-def type-id='eaa32e2f' const='yes' id='83be723c'/>
     <pointer-type-def type-id='83be723c' size-in-bits='64' id='7acd98a2'/>
-    <var-decl name='spa_feature_table' type-id='b937914f' mangled-name='spa_feature_table' visibility='default' elf-symbol-id='spa_feature_table'/>
+    <var-decl name='spa_feature_table' type-id='bd39d632' mangled-name='spa_feature_table' visibility='default' elf-symbol-id='spa_feature_table'/>
     <var-decl name='zfeature_checks_disable' type-id='c19b74c3' mangled-name='zfeature_checks_disable' visibility='default' elf-symbol-id='zfeature_checks_disable'/>
     <function-decl name='opendir' visibility='default' binding='global' size-in-bits='64'>
       <parameter type-id='80f4b756'/>
 
@@ -37,8 +37,9 @@
 .\" Copyright 2019 Joyent, Inc.
 .\" Copyright (c) 2019, Kjeld Schouten-Lebbing
 .\" Copyright (c) 2022 Hewlett Packard Enterprise Development LP.
+.\" Copyright (c) 2023, Rob Norris <robn@despairlabs.com>
 .\"
-.Dd June 29, 2024
+.Dd July 26, 2024
 .Dt ZFSPROPS 7
 .Os
 .
@@ -1077,7 +1078,7 @@ This property can also be referred to by its shortened column name,
 .It Xo
 .Sy encryption Ns = Ns Sy off Ns | Ns Sy on Ns | Ns Sy aes-128-ccm Ns | Ns
 .Sy aes-192-ccm Ns | Ns Sy aes-256-ccm Ns | Ns Sy aes-128-gcm Ns | Ns
-.Sy aes-192-gcm Ns | Ns Sy aes-256-gcm
+.Sy aes-192-gcm Ns | Ns Sy aes-256-gcm Ns | Ns Sy chacha20-poly1305
 .Xc
 Controls the encryption cipher suite (block cipher, key length, and mode) used
 for this dataset.
@@ -1096,6 +1097,12 @@ selected, which is currently
 In order to provide consistent data protection, encryption must be specified at
 dataset creation time and it cannot be changed afterwards.
 .Pp
+On systems lacking hardware-accelerated AES (many non-x86 boards)
+.Sy chacha20-poly1305
+will usually offer better performance without compromising security.
+On x86, or when datasets may be mounted on on older versions of ZFS, an AES
+suite is the best choice.
+.Pp
 For more details and caveats about encryption see the
 .Sx Encryption
 section of