IETF Logo Mail Archive

Re: [saag] ASN.1 vs. DER Encoding

Nico Williams <nico@cryptonector.com> Thu, 28 March 2019 04:43 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AFE981201DB for <saag@ietfa.amsl.com>; Wed, 27 Mar 2019 21:43:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WOq6TtMjxvVW for <saag@ietfa.amsl.com>; Wed, 27 Mar 2019 21:42:58 -0700 (PDT)
Received: from palegreen.birch.relay.mailchannels.net (palegreen.birch.relay.mailchannels.net [23.83.209.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41F761201D9 for <saag@ietf.org>; Wed, 27 Mar 2019 21:42:58 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id D6A533E283A; Thu, 28 Mar 2019 04:42:56 +0000 (UTC)
Received: from pdx1-sub0-mail-a70.g.dreamhost.com (unknown [100.96.39.118]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 7A9503E19C2; Thu, 28 Mar 2019 04:42:56 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a70.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.17.2); Thu, 28 Mar 2019 04:42:56 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Continue-Obese: 279e533a6c56c687_1553748176685_1005090396
X-MC-Loop-Signature: 1553748176685:4016597563
X-MC-Ingress-Time: 1553748176684
Received: from pdx1-sub0-mail-a70.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a70.g.dreamhost.com (Postfix) with ESMTP id 07CE480FC9; Wed, 27 Mar 2019 21:42:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=vNhpsUccdhXRAY wYR0gBGiJ19WE=; b=I+AVwpfsvFq5oJsHiY+jUqPRmNDhKHr49sHgBbT+uxiDDq XXVAPshmbPVRgOWXWDIjj24d9ausVZg9CqVYD65uL1LpskL5b3HLLKI7O2q89Cde tuGvAvij+PtosUu3T0x8ld2h2slrVPRTL/OfZ3VTEsVQOBVn6V1JIVv4SJBl0=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a70.g.dreamhost.com (Postfix) with ESMTPSA id 908DB80FC3; Wed, 27 Mar 2019 21:42:53 -0700 (PDT)
Date: Wed, 27 Mar 2019 23:42:51 -0500
X-DH-BACKEND: pdx1-sub0-mail-a70
From: Nico Williams <nico@cryptonector.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: "Dr. Pala" <madwolf@openca.org>, "saag@ietf.org" <saag@ietf.org>
Message-ID: <20190328044250.GJ4211@localhost>
References: <20190326164951.GX4211@localhost> <20190326214816.GB4211@localhost> <1553679912618.8510@cs.auckland.ac.nz> <20190327151545.GG4211@localhost> <1553737133841.88796@cs.auckland.ac.nz>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1553737133841.88796@cs.auckland.ac.nz>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrkeefgdekhecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/VqDZgHQUxjc2uLQ1NoKzECyMTVs>
Subject: Re: [saag] ASN.1 vs. DER Encoding
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Mar 2019 04:43:01 -0000

On Thu, Mar 28, 2019 at 01:38:59AM +0000, Peter Gutmann wrote:
> Nico Williams <nico@cryptonector.com> writes:
> >A protocol using ASN.1 BER/DER/CER with IMPLICT tagging will lose some type
> >information, so while you can check a lot of an encoded message's validity
> >without reference to its schema, you cannot check all of it.
> 
> You can check it, you just need to use heurstics.  That's what dumpasn1 does,
> it's aware of the situations in which there's encapsulation and can dig down
> into both implicit-tagged data and hole encodings.

Yup.

> >Whereas if you have reference to its schema, then you can check all of it
> >regardless of whether the encoding rules are TLV or not.
> 
> And that's the problem, you need to have the schema for the latest version of
> every possible protocol you're likely to examine, and update the code every
> time anything anywhere changes.  With a self-describing data type, you only
> need to write the format firewall once and it'll work indefinitely.  I've been
> using the same ASN.1 firewall code for over fifteen years...

Consider extensibility markers: extensions your dumper doesn't know will
be skippable.  Or consider typed-holes: if a hole contains something
that isn't BER, dumpasn1 won't be able to understand it.

Non-TLV encodings exist and get used.  NFSv4 uses XDR -- not TLV.  CBOR
isn't TLV and you can see it's likely going to get used for important
applications.

At some point a generic dumper needs to know the various schemas, and
hopefully it can figure out contextually the type of the outer-most
value and then use schema to drive the rest.  Once you accept this your
dumper no longer needs heuristics.  Keeping up to date is no different
than keeping any TLS/whatever library up to date, but it's easier
because there are no compatibility requirements (it being just a
dumper).

Code bloat is not really an issue.  The Heimdal ASN.1 compiler has an
option for something it calls "templates", but which is really a bit
more like a bytecode compiler and interpreter.  That reduces code size
(because the bytecode is much smaller than the alternative generated C)
and improves performance (for the same reason, which reduces pressure on
the instruction cache).  With byte-compiled modules you could afford to
have all of them built-in to the dumper, and you could even make new
modules downloadable.

Nico
--

v2.23.0 | Report a Bug | By Email