Clevis/Tang Planning

Nathaniel McCallum

Clevis

  • Client-side
  • Key acquisition system
  • Plugins = "pins"
  • Permits recursion
  • Implements:
    • Shamir Secret Sharing
    • ​HTTP(S), incl. Custodia
    • Password

Tang

  • Server-side + Clevis "pin"
  • Key recovery without TLS
  • Fast (>30k requests/sec.)
  • Substantial test coverage
  • Lightweight

Clevis

Clevis - Provisioning

Provision

Config (JSON)

Key

Data (JSON)

  • Performed in series
  • ​Each pin receives Unique ID

Clevis - Acquisition

Acquire

Key

Data (JSON)

  • SSS:
    • parallelizes
    • does not wait for unneeded children

Clevis - Rotation (Proposed)

Rotate

Data (JSON)

Data (JSON)

  • Serial
  • Unique ID used to target pins
  • Interactive vs. Non-interactive

Example Laptop Policy

unlock?

QR Code

thresh. = 1

SSS

TPM

thresh. = 2

SSS

thresh. = 2

Password

Fingerprint

Tang

Bluetooth

Clevis Encryption

{

    "cipher": <OID> (AES-GCM)

    "kdf": <OID> (PBKDF2)

    "salt": <base64> (Key length; random every time)

    "iter": <number> (1 sec default; high vs low?)

    "ct": <base64>

}

 

Question: Upgrade during rotation?

Clevis Prompting

  • Password callback => queue
  • Single prompt
  • Local verifiers first, in parallel
  • Remote verifiers second, in series

 

Question: Prompting conflict w/ cryptsetup?

Tang

McCallum-Relyea Exchange

Provisioning: Elgamal

k = b^A
k=bAk = b^A
a = g^A
a=gAa = g^A
b = g^B
b=gBb = g^B

Acquisition:

Elgamal

Hughes Diffie Hellman

x = a + g^X
x=a+gXx = a + g^X
y = x^B
y=xBy = x^B
k = (y \div b^X)
k=(y÷bX)k = (y \div b^X)

X requires entropy at early boot

Tang - Key Storage

  • Standard OpenSSL EC_KEY serializing
  • Extended attributes control:
    • Advertisement
    • Key usage

Tang Advertisement

  • List of all advertised keys
  • Signed by all advertised signing keys
  • Can request signature by previous key
  • Allows "upgrades" to new keys; attacks?

Clevis/Tang Planning

By Nathaniel McCallum

Clevis/Tang Planning

  • 1,791
Loading comments...

More from Nathaniel McCallum