tcyrus@tcyr.us ~ $

Tang + Clevis + ZFS = Profit?

Automated ZFS Decryption via Clevis

tags
#Tang #Clevis #ZFS
published

Intro

I decided that I’m tired of manually plugging and un-plugging a temporary drive to load keys into ZFS, so I came up with a workaround using Tang and Clevis.

Setup

Instead of explaining every single step to set this up, I’m just going to link you to the source. This is really close to the version that I’m running right now on my server (I need to update my server), but there are some things you should know before proceeding.

Caveats

There are some things that you should know before locking away your secrets using Clevis + Tang.

  1. Issues with Ubuntu package (tang)

    The default systemd config that shipped with tang on Ubuntu and Fedora was broken (info). The easy solution is to comment out After=tangd-update.service. Fedora has fixed the issue, Ubuntu has not (feel free to contact package maintainers to fix, I’m too lazy).

  2. No Academic Publication

    Tang uses ECMR (Elliptic-curve McCallum-Relyea) which is only implemented by latchset/jose, which is only used by Tang and Clevis (to the best of my knowledge). I couldn’t find any academic publication related to ECMR. The only academic-ish mention of ECMR was a presentation at the 2015 Storage Developer Conference given by one of the creators.

  3. No Alternative Implementations

    ECMR is only available in the latchset/jose (linked above). I tried re-implementing ECMR myself, but I’m not an expert in elliptical curve cryptography. I wish there was a standalone implementation which didn’t have all the confusing dependencies.

  4. Hard to Understand

    Simply put, I found the source code of both Tang and latchset/jose very hard to understand. It could be because I don’t work in cryptography, but it seemed unnecessarily confusing in some places.

Ideas

  1. Standalone Implementation

    A standalone implementation of ECMR would be great. I’m working on an alternative implementation of Tang in Rust. I’m also working on a standalone executable of Tang with some slight modifications.

  2. Dependency Changes

    OpenSSL can be replaced by LibreSSL (PR in progress) or BoringSSL (better suited for the use case in my opinion).

    http-parser and the rest of the web server setup can be replaced with something like lwan.

Moar Setup

Since the start-up order for things are a bit weird sometimes, I needed to add some overrides to make sure that services waited for the datasets to be decrypted.

# /etc/systemd/system/nextcloudcron.service.d/override.conf
[Unit]
RequiresMountsFor=/grail/karna/nextcloud

# /etc/systemd/system/postgresql@13-main.service.d/override.conf
[Unit]
RequiresMountsFor=/grail/karna/postgresql/13

Conclusion

Tang works, but I strongly encourage others to do their own reseach before using it. I don’t know much about cryptography and none of these tools have gone through security audits (to the best of my knowledge).

Extras

Since I didn’t like the dependency on clevis and latchset/jose, I made a standalone version of my script in Go (link). This is very hacky and not something I wouldn’t recommend using it.

I also implemented the ECMR algorithm in Rust based on the latchset/jose docs (link). This doesn’t handle any of the JWK parsing and other stuff in latchset/jose, but it’s a start.

The only issue is that RustCrypto (the crate I’m using) doesn’t support P-521, since the curve is a bit weird when compared to the other NIST curves. I was unable to find any rust crates that supported P-521. After a bit of research, I decided that easiest solution is to ignore P-521, since a decent chunk of libraries are dropping support for it since it isn’t a Suite B curve.

Update (09/2021): tangd now builds a static executable (as close as it can get) after meson pain. This was done by rewriting a large chunk of the jose and tang build setup. I also made some minor code changes, but most of those were unrelated to static building. I’ll be posting git patches soon.

$ ldd src/tangd
        linux-vdso.so.1 (0x00007fffccf0b000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fc95e3dd000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fc95e1e0000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fc95e438000)