IETF Logo Mail Archive

Re: [Suit] [suit]: draft-moran-suit-manifest-02

David Brown <david.brown@linaro.org> Wed, 11 July 2018 17:48 UTC

Return-Path: <david.brown@linaro.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9E70130E40 for <suit@ietfa.amsl.com>; Wed, 11 Jul 2018 10:48:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=linaro.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z6lvcBaIdnfZ for <suit@ietfa.amsl.com>; Wed, 11 Jul 2018 10:48:50 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80854130E31 for <suit@ietf.org>; Wed, 11 Jul 2018 10:48:50 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id y10-v6so9968189ioa.10 for <suit@ietf.org>; Wed, 11 Jul 2018 10:48:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=FjazkFz0V9rf/kp20LnMNWOIHq9T86rai/w7wMLYGDA=; b=GRmeaQ3sfZVO32jkADD/GH84EE+CSvFcA20gKfaJuPRmbxM9Xkx/jZbDGGcQ8CFQCj stOhUS1LBfmdEmxbm8I7nHypEneiqnyKMjCdPB0zduNMnpDf56N4EdFq3Bg2Wcclk7fW wLBncmzmVHcGBUWUTW3bIuV0UokY7EI7VYfvc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:content-transfer-encoding :in-reply-to:user-agent; bh=FjazkFz0V9rf/kp20LnMNWOIHq9T86rai/w7wMLYGDA=; b=gop/KjNBTrgJNVzF7GTdzP0X89O6ZuQCtqQbhORMmbORAC6jnHl7tgVjPBwxIBaOUS Zm0MS/oUQdVEp4i2+wi9T0CPr1JeRWTL1jZHYOmHLwbha36S1sEgKPNb03WHhqzfnYcT RrKkUHgXDnvKSNIu012A9boKi4jRHTKNccrpkE9jzKrviL7bZ35lZxF7RWvruVR3/e0M tw1Mo9bRdp4aKN9/uPMIcj+uOysDI0R0qSsVJ7UwYgiNAnZ5HS08bUQfa+GYNwA4xkE8 BZltkyeNdvPMCufd4ilTiYHhd8Eg8JpztKnJ7ot1xScd26ApRsva9EnaCPiCh6BnN+os ZHWg==
X-Gm-Message-State: AOUpUlHXLzSRIkoJg31MxkHYPSScodgqfdPZnlMvEyHBYjXMczA4WLHZ 21+iCwXTrPbg+/JwAfCxJXUuCg==
X-Google-Smtp-Source: AAOMgpd1aHX0WLxeiRlz7Aj/HvBGW9gfA1cqrKYEUfmIO/gtE+lyCc4UFX4rEjl8kY/LUze6+kttYQ==
X-Received: by 2002:a6b:30c9:: with SMTP id w192-v6mr27003258iow.291.1531331329790; Wed, 11 Jul 2018 10:48:49 -0700 (PDT)
Received: from davidb.org ([2601:283:4300:987c:6245:cbff:fe6d:5400]) by smtp.gmail.com with ESMTPSA id u15-v6sm8191509iog.62.2018.07.11.10.48.49 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 11 Jul 2018 10:48:49 -0700 (PDT)
Date: Wed, 11 Jul 2018 11:48:47 -0600
From: David Brown <david.brown@linaro.org>
To: "Rønningstad, Øyvind" <Oyvind.Ronningstad@nordicsemi.no>
Cc: Brendan Moran <Brendan.Moran@arm.com>, suit <suit@ietf.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Message-ID: <20180711174847.GA30365@davidb.org>
References: <FDAB87B5-A7CB-4BBC-B7CF-763355B099D8@arm.com> <790d40b227034bd784185bd9bdd52f4f@nordicsemi.no> <20180711174726.GB8918@davidb.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"; format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20180711174726.GB8918@davidb.org>
User-Agent: Mutt/1.9.4 (2018-02-28)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/5HR8hizvMqiM1hPN0FeKN-MKKmg>
Subject: Re: [Suit] [suit]: draft-moran-suit-manifest-02
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Jul 2018 17:48:52 -0000

Sorry, most of this can be ignored, as I missed the processReference
field in the Manifest.  I would still suggest putting the
textReference in the Manifest as well so that it doesn't require as
deep of nesting to verify the text.

David

On Wed, Jul 11, 2018 at 11:47:26AM -0600, David Brown wrote:
>On Fri, Jul 06, 2018 at 01:50:38PM +0000, Rønningstad, Øyvind wrote:
>
>>AuthenticatedManifest = [
>>  authenticatedManifest: COSE_Mac / COSE_Sign,
>>  updateProcess:         bstr .cbor UpdateProcess,
>>  text:                  bstr .cbor TextMap,
>>]
>
>>UpdateProcess = [
>>  nonce :              bstr,
>>  textReference :      bstr,
>>  preConditions :      [ * PreCondition ],
>>  directives :         [ * Directive ],
>>  resources :          [ * ResourceInfo ],
>>  processors :         [ * ProcessingStep ],
>>  targets :            [ * TargetInfo ],
>>  extensions :         { * int => bstr}
>>]
>
>The textReference has to be in the Manifest that is covered by the
>signature.  As stated here, none of the updateProcess or text
>information is covered by a signature.
>
>This could be done by moving textReference above into the Manifest, as
>well as adding an updateProcessReference that would contain a digest
>of the updateProcess.  This adds complexity to verifying this
>additional information, but would indeed then allow them to be
>severed, while still being covered by the signature.
>
>David

v2.23.0 | Report a Bug | By Email