-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcbor-file-magic-02.txt
672 lines (426 loc) · 24.3 KB
/
cbor-file-magic-02.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
CBOR Working Group M. Richardson
Internet-Draft Sandelman Software Works
Intended status: Best Current Practice C. Bormann
Expires: 11 January 2022 Universität Bremen TZI
10 July 2021
On storing CBOR encoded items on stable storage
draft-ietf-cbor-file-magic-02
Abstract
This document proposes an on-disk format for CBOR objects that is
friendly to common on-disk recognition systems like the Unix file(1)
command.
This document is being discussed at: https://github.com/cbor-wg/cbor-
magic-number
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on 11 January 2022.
Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved.
Richardson & Bormann Expires 11 January 2022 [Page 1]
Internet-Draft cbor-file-magic July 2021
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document. Code Components
extracted from this document must include Simplified BSD License text
as described in Section 4.e of the Trust Legal Provisions and are
provided without warranty as described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Requirements for a Magic Number . . . . . . . . . . . . . . . 4
3. Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3.1. The CBOR Protocol Specific Tag . . . . . . . . . . . . . 4
3.2. CBOR Tag Wrapped . . . . . . . . . . . . . . . . . . . . 5
3.3. CBOR Tag Sequence . . . . . . . . . . . . . . . . . . . . 5
4. Advice to Protocol Developers . . . . . . . . . . . . . . . . 6
4.1. Is the on-wire format new? . . . . . . . . . . . . . . . 7
4.2. Can many items be trivially concatenated? . . . . . . . . 7
4.3. Are there tags at the start? . . . . . . . . . . . . . . 7
5. Security Considerations . . . . . . . . . . . . . . . . . . . 7
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
6.1. CBOR Sequence Tag . . . . . . . . . . . . . . . . . . . . 8
6.2. CBOR Tags for CoAP Content-Format Numbers . . . . . . . . 8
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
7.1. Normative References . . . . . . . . . . . . . . . . . . 9
7.2. Informative References . . . . . . . . . . . . . . . . . 9
Appendix A. CBOR Tags for CoAP Content Formats . . . . . . . . . 10
A.1. Content-Format Tag Examples . . . . . . . . . . . . . . . 10
Appendix B. Example from Openswan . . . . . . . . . . . . . . . 11
Appendix C. Changelog . . . . . . . . . . . . . . . . . . . . . 12
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 12
Contributors . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 12
1. Introduction
Since very early in computing, operating systems have sought ways to
mark which files could be processed by which programs.
Richardson & Bormann Expires 11 January 2022 [Page 2]
Internet-Draft cbor-file-magic July 2021
For instance, the Unix file(1) command, which has existed since 1973
[file], has been able to identify many file formats for decades.
Many systems (Linux, MacOS, Windows) will select the correct
application based upon the file contents, if the system can not
determine it by other means: for instance, the classic MacOS
maintained a resource fork that includes media type ("MIME type")
information and therefore ideally never needs to know anything about
the file. Other systems do this by file extensions.
While having a media type associated with the file is a better
solution in general, when files become disconnected from their type
information, such as when attempting to do forensics on a damaged
system, then being able to identify a file type can become very
important.
It is noted that in the media type registration, that a magic number
is asked for, if available, as is a file extension.
A challenge for the file(1) program is often that it can be confused
by the encoding vs the content. For instance, an Android "apk" used
to transfer and store an application may be identified as a ZIP file.
Both OpenOffice or MSOffice files are ZIP files of XML files.
(Unless OpenOffice files are flat (fodp) files, in which case they
may appear to be generic XML files.)
As CBOR becomes a more and more common encoding for a wide variety of
artifacts, identifying them as just "CBOR" is probably not
sufficient. This document provides a way to encode a magic number
into the beginning of a CBOR format file. Two options are presented:
typically a CBOR Protocol author will specify one.
A CBOR Protocol is a specification which uses CBOR as its encoding.
Examples of CBOR Protocols currently under development include CoSWID
[I-D.ietf-sacm-coswid], and EAT [I-D.ietf-rats-eat]. COSE itself
[RFC8152] is considered infrastructure, however the encoding of
public keys in CBOR as described in [I-D.ietf-cose-cbor-encoded-cert]
would be an identified CBOR Protocol.
A major inspiration for this document is observing the mess in ASN.1
based systems where most files are PEM encoded, identified by the
extension "pem", confusing public keys, private keys, certificate
requests and S/MIME content.
These proposals are invasive to how CBOR protocols are written to
disk, but in both cases, the proposed envelope does not require that
the tag be transferred on the wire.
Richardson & Bormann Expires 11 January 2022 [Page 3]
Internet-Draft cbor-file-magic July 2021
In addition to the on-disk identification aspects, there are some
protocols which may benefit from having such a magic number on the
wire if they presently using a different (legacy) encoding scheme.
The presence of the identifiable magic sequence signals that CBOR is
being used or a legacy scheme.
2. Requirements for a Magic Number
A magic number is ideally a unique fingerprint, present in the first
4 or 8 bytes of the file, which does not change when the contents
change, and does not depend upon the length of the file.
Less ideal solutions have a pattern that needs to be matched, but in
which some bytes need to be ignored. While the Unix file(1) command
can be told to ignore bytes, this can lead to ambiguities.
3. Protocol
There are two variations of this practice. Both use CBOR Tags in a
way that results in a deterministic first 8 to 12 bytes.
3.1. The CBOR Protocol Specific Tag
CBOR Protocol designers should obtain a tag for each major type of
object that they might store on disk. As there are more than 4
billion available 4-byte tags, there should be little issue in
allocating a few to each available CBOR Protocol.
The policy is First Come First Served, so all that is required is an
email to IANA, having filled in the small template provided in
Section 9.2 of [RFC8949].
This tag should be allocated by the author of the CBOR Protocol, and
to be in the four-byte range, it should be at least 0x01000000
(decimal 16777216) in value.
The use of a sequence of four US-ASCII codes which are mnemonic to
the protocol is encouraged, but not required.
For CBOR byte strings that happen to contain a representation that is
described by a CoAP Content-Format Number (Section 12.3 of [RFC7252],
Subregistry Content-Formats of [IANA.core-parameters]), a tag number
has been allocated in Section 6.2 (see Appendix A for details and
examples).
Richardson & Bormann Expires 11 January 2022 [Page 4]
Internet-Draft cbor-file-magic July 2021
3.2. CBOR Tag Wrapped
This proposal starts with the Self-described CBOR tag, 55799, as
described in Section 3.4.6 of [RFC8949].
A second CBOR Tag is then allocated to describe the specific Protocol
involved, as described above.
This proposal wraps the CBOR value as tags usually do. Applications
that need to send the CBOR value across a constrained link may wish
to remove the two tags if the use is implicitly understood. This is
a decision of the CBOR Protocol specification.
3.3. CBOR Tag Sequence
This proposal makes use of CBOR Sequences as described in [RFC8742].
This proposal consists of two tags and a constant string for a total
of 12 bytes.
1. The file shall start with the Self-described CBOR Sequence tag,
55800.
2. The file shall continue with a CBOR tag, from the First Come
First Served space, which uniquely identifies the CBOR Protocol.
The use of a four-byte tag is encouraged.
3. The three byte CBOR byte string containing 0x42_4F_52. When
encoded it shows up as "CBOR"
The first part identifies the file as being CBOR, and does so with
all the desirable properties explained in Section 3.4.6 of [RFC8949].
Specifically, it does not seem to conflict with any known file types,
and it is not valid Unicode in any Unicode encoding.
The second part identifies which CBOR Protocol is used, as described
above.
The third part is a constant value 0x43_42_4f_52, "CBOR". That is,
the CBOR encoded data item for the three byte sequence 0x42_4f_52
("BOR"). This is the data item that is tagged.
The actual CBOR Protocol value then follows as the next data item(s)
in the CBOR sequence, without a need for any further specific tag.
The use of a CBOR Sequence allows the application to trivially remove
the first item with the two tags.
Richardson & Bormann Expires 11 January 2022 [Page 5]
Internet-Draft cbor-file-magic July 2021
This means that should a file be reviewed by a human (directly in an
editor, or in a hexdump display), it will include the string "CBOR"
prominently. This value is also included simply because the two tags
need to tag something.
4. Advice to Protocol Developers
This document introduces a choice between a CBOR Sequence and a
wrapped CBOR Tag. Which should a protocol designer use?
In this discussion, one assumes that there is an object stored in a
file, perhaps specified by a system operator in a configuration file.
For example: a private key used in COSE operations, a public key/
certificate in C509 or CBOR format, a recorded sensor reading stored
for later transmission, or a COVID vaccination certificate that needs
to be displayed in QRcode form.
Both the CBOR Tag Sequence and the wrapped tag can be trivially
removed by an application before sending the CBOR content out on the
wire.
The CBOR Tag Sequence is a little bit easier to remove as in most
cases, CBOR parsers will return it as a unit, and then return the
actual CBOR item, which could be anything at all, and could include
CBOR tags that _do_ need to be sent on wire.
On the other hand, having the CBOR Tag Sequence in the file requires
that all programs that expect to examine that file are able to skip
what appears to be an empty CBOR item. Programs which might not
expect the CBOR Tag Sequence, but which would operate without a
problem would include any program that expects to process CBOR
Sequences from the file.
As an example of where there was a problem with previous security
systems, "PEM" format certificate files grew to be able to contain
multiple certificates by simple concatenation. The PKCS1 format
could also contain a private key object followed by a one or more
certificate objects: but only when in PEM format. But, when in
binary DER format, concatenation of certificates was not compatible
with most programs.
The use of CBOR Tag Wrapped format is easier to retrofit to an
existing format with existing and unchangeable on-disk format. This
new sequence of tags are expected to be trivially ignored by an
existing program when reading CBOR from disk. But, a naive program
might also then transmit them across the network. Removing the CBOR
Tag Wrapped format requires knowledge of the two tags involved.
Richardson & Bormann Expires 11 January 2022 [Page 6]
Internet-Draft cbor-file-magic July 2021
Other tags present might be needed. For a representation matching a
specific media-type that is carried in a CBOR byte string, the byte
string head will already have to be removed for use as such a
representation, so it should be easy to remove the enclosing tag
heads as well. This is of particular interest with the pre-defined
tags provided by Appendix A for media-types with CoAP Content-Format
numbers.
Here are some considerations:
4.1. Is the on-wire format new?
If the on-wire format is new, then it could be specified with the
CBOR Tag Wrapped format if the extra eight bytes are not a problem.
The disk format is then identical to the on-wire format.
If the eight bytes are a problem (and they usually are if CBOR is
being considered), then the CBOR Tag Sequence format should be
adopted for on-disk storage.
4.2. Can many items be trivially concatenated?
If the programs that read the contents of the file already expect to
process all of the items in the file (not just the first), then the
CBOR Tag Sequence format may be easily retrofitted.
The program involved may throw errors or warnings on the CBOR Tag
Sequence if they have not yet been updated, but this may not be a
problem. If it is, then consideration should be given to CBOR Tag
Wrapped.
If only one item is ever expected in the file, the the use of CBOR
Tag Sequence may present an implementation hurdle to programs that
previously just read a single value and used it.
4.3. Are there tags at the start?
If the Protocol expects to use other tags values at the top-level,
then it may be easier to explain if the CBOR Tag Sequence format is
used.
5. Security Considerations
This document provides a way to identify CBOR Protocol objects.
Clearly identifying CBOR contents on disk may have a variety of
impacts.
Richardson & Bormann Expires 11 January 2022 [Page 7]
Internet-Draft cbor-file-magic July 2021
The most obvious is that it may allow malware to identify interesting
objects on disk, and then corrupt them.
6. IANA Considerations
Section 6.1 documents the allocation that was done for a CBOR tag to
be used in a CBOR sequence to identify the sequence. Section 6.2
allocates a CBOR tag for each actual or potential CoAP Content-Format
number.
6.1. CBOR Sequence Tag
IANA has allocated tag 55800 as the CBOR Sequence tag. This tag is
from the First Come/First Served area.
The value has been picked to have properties similar to the 55799 tag
(Section 3.4.6 of [RFC8949]).
The hexadecimal representation is: 0xd9_d9_f8.
This is not valid UTF-8: the first 0xd9 puts the value into the
three-byte value of UTF-8, but the 0xd9 as the second value is not a
valid second byte for UTF-8.
This is not valid UTF-16: the byte sequence 0xd9d9 (in either endian
order) puts this value into the UTF-16 high-half zone, which would
signal that this a 32-bit Unicode value. However, the following
16-bit big-endian value 0xf8.. is not a valid second sequence
according to [RFC2781]. On a little-endian system, it would be
necessary to examine the fourth byte to determine if it is valid.
That next byte is determined by the subsequent encoding, and
Section 3.4.6 of [RFC8949] has already determined that no valid CBOR
encodings result in a valid UTF-16.
Data Item:
byte string
Semantics:
indicates that the file contains CBOR Sequences
6.2. CBOR Tags for CoAP Content-Format Numbers
IANA is requested to allocate the tag numbers 1668546560 (0x63740000)
to 1668612095 (0x6374FFFF) as follows:
Data Item:
byte string
Richardson & Bormann Expires 11 January 2022 [Page 8]
Internet-Draft cbor-file-magic July 2021
Semantics:
for each tag number NNNN, the representation of content-format
(RFC7252) NNNN-1668546560
Reference:
RFCthis
(More details in Appendix A.)
7. References
7.1. Normative References
[RFC8742] Bormann, C., "Concise Binary Object Representation (CBOR)
Sequences", RFC 8742, DOI 10.17487/RFC8742, February 2020,
<https://www.rfc-editor.org/info/rfc8742>.
[RFC8949] Bormann, C. and P. Hoffman, "Concise Binary Object
Representation (CBOR)", STD 94, RFC 8949,
DOI 10.17487/RFC8949, December 2020,
<https://www.rfc-editor.org/info/rfc8949>.
7.2. Informative References
[file] Wikipedia, "file (command)", 20 January 2021,
<https://en.wikipedia.org/wiki/File_%28command%29>.
[I-D.ietf-cose-cbor-encoded-cert]
Raza, S., Höglund, J., Selander, G., Mattsson, J. P., and
M. Furuhed, "CBOR Encoded X.509 Certificates (C509
Certificates)", Work in Progress, Internet-Draft, draft-
ietf-cose-cbor-encoded-cert-01, 25 May 2021,
<https://www.ietf.org/archive/id/draft-ietf-cose-cbor-
encoded-cert-01.txt>.
[I-D.ietf-rats-eat]
Mandyam, G., Lundblade, L., Ballesteros, M., and J.
O'Donoghue, "The Entity Attestation Token (EAT)", Work in
Progress, Internet-Draft, draft-ietf-rats-eat-10, 7 June
2021, <https://www.ietf.org/archive/id/draft-ietf-rats-
eat-10.txt>.
[I-D.ietf-sacm-coswid]
Birkholz, H., Fitzgerald-McKay, J., Schmidt, C., and D.
Waltermire, "Concise Software Identification Tags", Work
in Progress, Internet-Draft, draft-ietf-sacm-coswid-17, 22
February 2021, <https://www.ietf.org/archive/id/draft-
ietf-sacm-coswid-17.txt>.
Richardson & Bormann Expires 11 January 2022 [Page 9]
Internet-Draft cbor-file-magic July 2021
[IANA.core-parameters]
IANA, "Constrained RESTful Environments (CoRE)
Parameters",
<http://www.iana.org/assignments/core-parameters>.
[RFC2781] Hoffman, P. and F. Yergeau, "UTF-16, an encoding of ISO
10646", RFC 2781, DOI 10.17487/RFC2781, February 2000,
<https://www.rfc-editor.org/info/rfc2781>.
[RFC7252] Shelby, Z., Hartke, K., and C. Bormann, "The Constrained
Application Protocol (CoAP)", RFC 7252,
DOI 10.17487/RFC7252, June 2014,
<https://www.rfc-editor.org/info/rfc7252>.
[RFC8152] Schaad, J., "CBOR Object Signing and Encryption (COSE)",
RFC 8152, DOI 10.17487/RFC8152, July 2017,
<https://www.rfc-editor.org/info/rfc8152>.
Appendix A. CBOR Tags for CoAP Content Formats
Often, there is a need to identify a media type (or content type,
i.e., media type optionally used with parameters) that describes a
byte string in a CBOR data item.
Section 5.10.3 of [RFC7252] defines the concept of a Content-Format,
which is a short 16-bit unsigned integer that identifies a specific
content type (media type plus optionally parameters), optionally
together with a content encoding.
This specification allocates CBOR tag numbers 1668546560 (0x63740000)
to 1668612095 (0x6374FFFF) for the tagging of representations of
specific content formats. The tag content tagged with tag number
NNNN (in above range) is a byte string that is to be interpreted as a
representation of the content format NNNN-1668546560.
A.1. Content-Format Tag Examples
Subregistry Content-Formats of [IANA.core-parameters] defines content
formats that can be used as examples:
* Content-Format 432 stands for media type application/td+json (no
parameters). The corresponding tag number is 1668546992 (i.e.,
1668546560+432).
So the following CDDL snippet can be used to identify application/
td+json representations:
td-json = #6.1668546992(bstr)
Richardson & Bormann Expires 11 January 2022 [Page 10]
Internet-Draft cbor-file-magic July 2021
Note that a byte string is used as the type of the tag content,
because a media type representation in general can be any byte
string.
* Content-Format 11050 stands for media type application/json in
deflate encoding.
The corresponding tag number is 1668557610 (i.e.,
1668546560+11050).
So the following CDDL snippet can be used to identify application/
json representations compressed in deflate encoding:
json-deflate = #6.1668557610(bstr)
The byte string is appropriate here as the type for the tag
content, because the compressed form is an instance of a general
byte string.
Appendix B. Example from Openswan
The Openswan IPsec project has a daemon ("pluto"), and two control
programs ("addconn", and "whack"). They communicate via a Unix-
domain socket, over which a C-structure containing pointers to
strings is serialized using a bespoke mechanism. This is normally
not a problem as the structure is compiled by the same compiler; but
when there are upgrades it is possible for the daemon and the control
programs to get out of sync by the bespoke serialization. As a
result, there are extra compensations to deal with shutting the
daemon down. During testing it is sometimes the case that upgrades
are backed out.
In addition, when doing unit testing, the easiest way to load policy
is to use the normal policy reading process, but that is not normally
loaded in the daemon. Instead the IPC that is normally sent across
the wire is compiled/serialized and placed in a file. The above
magic number is included in the file, and also on the IPC in order to
distinguish the "shutdown" command CBOR operation.
In order to reduce the problems due to serialization, the
serialization is being changed to CBOR. Additionally, this change
allows the IPC to be described by CDDL, and for any language that
encode to CBOR can be used.
IANA has allocated the tag 1330664270, or 0x4f_50_53_4e for this
purpose. As a result, each file and each IPC is prefixed with:
In diagnostic notation:
Richardson & Bormann Expires 11 January 2022 [Page 11]
Internet-Draft cbor-file-magic July 2021
55800(1330664270(h'424F52'))
Or in hex:
00000000 d9 d9 f8 da 4f 50 53 4e 43 42 4f 52 |....OPSNCBOR|
Appendix C. Changelog
Acknowledgements
The CBOR WG brainstormed this protocol on January 20, 2021.
Contributors
Josef 'Jeff' Sipek
Email: [email protected]
Authors' Addresses
Michael Richardson
Sandelman Software Works
Email: [email protected]
Carsten Bormann
Universität Bremen TZI
Germany
Email: [email protected]
Richardson & Bormann Expires 11 January 2022 [Page 12]