Re: [Suit] Ordering of elements in SUIT Manifest
Ken Takayama <11kenterada@gmail.com> Fri, 29 July 2022 14:05 UTC
Return-Path: <11kenterada@gmail.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 47D2BC1594A9 for <suit@ietfa.amsl.com>; Fri, 29 Jul 2022 07:05:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vOnJvlJ7aoNW for <suit@ietfa.amsl.com>; Fri, 29 Jul 2022 07:05:47 -0700 (PDT)
Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com [IPv6:2607:f8b0:4864:20::1036]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9820FC14F74F for <suit@ietf.org>; Fri, 29 Jul 2022 07:05:04 -0700 (PDT)
Received: by mail-pj1-x1036.google.com with SMTP id pw15so4742524pjb.3 for <suit@ietf.org>; Fri, 29 Jul 2022 07:05:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=0cjyKnMm9r92z87qR2WY7lJxaHKh3dEpucm2cxTq7AE=; b=ObABHApTlNiIK76k+hhSaMJfZamfrhTVUgfhgNKSLUuKvC3RtF++DIQ1WJyFwbT6qy KPnObayZnB+0XYX8CGMW4DpEGvTwHBns+0oBIwUmjXdDy4WmCvmQXOeyBZvmsqZcPuJl wGiZVdxRQxIgVBQ7dkyAm8pmacd5UxKCldOkbimBYK1+pDr1JvT3cXod9KBb9cnNhDr9 Mrbp6P+IU0zM/UN49Uq+sAXDn74LjwyqdYgvLPfPMHB6TrTv0+hKeCWwbTwHduJ0znhA RlMjgappsHzOQypmwT2rK3lLfeswYSSFL7mjkWJ0Wtkqxsec1uprCfyyrFqZQg5A4H/b YvWQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=0cjyKnMm9r92z87qR2WY7lJxaHKh3dEpucm2cxTq7AE=; b=jDMXQNvnufc12UFjMUkkRuNlxzx+7juzIRre+SPz7I9jTGLsZ0RJ3hPZlO8cKkHudM 4hVEuBLlPT4eLZd+ANFXyJAy+r2uCkw7hWmkbv77hbaefRXXRHyplhCRSAYAq7j2Orrv 7/A9GbbRmNpfA8079hvPA1dZNwcLeOr9CGD53EqI5NoD5Whso5mfFMmm3dH9hL8Gpk2w acOdhafC64bk9icISylYkCWSi4SqYffBRhi9O5k8nScnrahVNcab7kDrA6eoJeoHLzqn prbdY+PyiabeLeghAflqbVu0tbUN2aRvm8KiBPoR7W++f1a68YPfabtgzFh9tf4N92N5 wW8w==
X-Gm-Message-State: ACgBeo0jJigRXw8Sx+eXheWTfoIcKv0xIdKdgP6WxkSdaizE0NrkkGN9 ynDQbF2cRzkN6z4FGVJsuS3DvoS7aF+pg31Xus7FfxT1HFmTQw==
X-Google-Smtp-Source: AA6agR6J4vg5oWfxlD9UBwjerho3qrz+7VTXlZeXPNnFGlUIJW8zkZNhixW3vp8SUSRREDCCqG/EmsLYnpwz0S6THk0=
X-Received: by 2002:a17:90a:9709:b0:1f3:7ac:73dd with SMTP id x9-20020a17090a970900b001f307ac73ddmr4409441pjo.184.1659103503362; Fri, 29 Jul 2022 07:05:03 -0700 (PDT)
MIME-Version: 1.0
References: <E29A3CBC-F330-4686-8FCF-35829AF4889C@arm.com> <CAMGQZH7sA0EQhMk_5H0pAMUK3i_V=P_iNJTdGBFVAonSH2vyUw@mail.gmail.com>
In-Reply-To: <CAMGQZH7sA0EQhMk_5H0pAMUK3i_V=P_iNJTdGBFVAonSH2vyUw@mail.gmail.com>
From: Ken Takayama <11kenterada@gmail.com>
Date: Fri, 29 Jul 2022 10:04:52 -0400
Message-ID: <CAMGQZH4excA2OzAgbG2+FDC5docf+LGL70cZETU5PRrbAWKbmw@mail.gmail.com>
To: Brendan Moran <Brendan.Moran@arm.com>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>
Cc: suit <suit@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f6ac3105e4f2227d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/MCNkZircEfTPi73vasmAs0_AbnY>
Subject: Re: [Suit] Ordering of elements in SUIT Manifest
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jul 2022 14:05:48 -0000
Dear Brendan and Hannes, I've changed and tested my library a bit, and now I'm 100% agree with Brendan. The order MUST be canonical / deterministic, so that the constrained device can easily parse it. I will complete fixing my parser soon. > Brendan and Hannes The SUIT_Encryption_Info is still trial, and there is no firmware encryption manifest. Does this example binary match to your thoughts? < https://github.com/yuichitk/libcsuit/blob/firmware-encryption/testfiles/suit_manifest_expE.md?plain=1#L74 > Best, Ken 2022年7月29日(金) 6:15 Ken Takayama <11kenterada@gmail.com>: > Dear Brendan, > CC: Hannes > > Thank you for your insightful comments. > I didn't care about the constrained devices enough. Now your intention > limiting envelope to canonical/determrnistic CBOR ordering in 8.1. becomes > clear. > ``` > All CBOR maps in the Manifest and manifest envelope MUST be encoded > with the canonical CBOR ordering as defined in [RFC8949]. > ``` > > > Let me explain more detail why I'm still thinkig about the order of > integrated elements and suit-install. > My current implementation of libcsuit assumes this format: > > - suit-authentication-block > - **integrated-payoad** (e.g. "#payload": h'beef') > - suit-manifest > - suit-install > - suit-directive-override-parameters > - suit-parameter-uri "#payload" > - suit-directive-fetch > - suit-text digest > - suit-text > > The libcsuit parse it with these sequence, which are almost the same what > you explained except step 3. > 1. cache the digest in suit-authentication-block > 2. authenticate the digest with the signature > 3. **store the memory address of key "#payload" and its bstr value into > pointer variables respectively** > 4. calculate the hash of suit-manifest and compare it with the cached > digest > 5. execute the manifest (set uri and fetch it from the stored pointers > created in step 3) > 6. cache the diget of suit-text > 7. validate the severed suit-text w/o executing it > > > since this would require random-access parsing of the manifest, rather > than the linear process we have up to this point. > > Right, it causes random access parsing, but I expect that parsing > canonical SUIT Manifest would also be random access. > > - suit-authentication-block > - suit-manifest > - suit-install > - suit-directive-override-parameters > - suit-parameter-uri "#payload" > - suit-directive-fetch > - suit-text digest > - suit-text > - **integrated-payoad** (e.g. "#payload": h'beef') > > When I parse the manifest above, I want to cache the address of > integrated payload first otherwise the parser cannot resolve the uri > "#payload" while fetching the content in suit-install section. So the > parser will: > > 1. cache the digest in suit-authentication-block > 2. authenticate the digest with the signature > 3. calculate the hash of suit-manifest and compare it with the cached > digest > 4. store the memory address of severed suit-text section > 5. **store the memory address of key "#payload" and its bstr value into > pointer variables respectively** > 6. execute the manifest (set uri and fetch it from the stored pointers > created in step 5, then may validate the suit-text digest) > 7. ignore severed suit-text section > > I may misunderstand your thought, but I'm eager to make it clear in order > to implement correct parser and encoder. > > > > Regardless, the manifest now encodes integrated items with string keys, > so it may well be that your CBOR encoder puts those before integers? > > The CBOR encoder I'm using follows the procedure like so called > OrderedDict, so I do have to care it as a caller. > > > There is a good example which integrates encrypted firmware. I created it > in the IETF114 hackathon. > I integrated the encrypted firmware inside the manifest just before the > suit-manifest, because it has to be decryped while executing the manifest. > < > https://github.com/yuichitk/libcsuit/blob/firmware-encryption/testfiles/suit_manifest_expE.md?plain=1#L30 > > > > I hope you and Hannes give me some feedback on it not only the order of > map keys but also around SUIT_Encryption_Info. > > > Again, thank you Brendan answering my questions! > > Best, > Ken > > 2022年7月28日(木) 18:37 Brendan Moran <Brendan.Moran@arm.com>: > >> Hi Ken, >> >> I noticed your message in the meet echo chat; unfortunately, it wasn’t >> repeated at the mic and I missed it during the meeting. >> >> > Related to the order of the manifest, I'm not convinced but I think the >> integrated elements should be before the suit-manifest because it would be >> referred by suit-install or suit-dependency-resolution section. >> >> I think it is reasonable to say that elements the recipient requires >> should come before the elements the recipient does not require. >> >> I also think it is reasonable to say that severable elements should come >> after non-severable elements. >> >> But these are both “should” not “must.” So I don’t hold the opinion >> strongly. >> >> >> Now as to the location of the integrated elements, I think I have to >> disagree. The problem is the order of operations: >> >> When a constrained recipient receives a manifest, the first thing it >> encounters is delegation chains. This allows it to work down towards the >> public key that is in use. Next, it finds the authentication block. By now, >> it has the correct public key to validate the authentication block. The >> authentication block allows the constrained recipient to validate a single >> digest. Once it has done this, it can discard the authentication block >> (from memory anyway). It does not need to parse the authentication block >> again. Having parsed the authentication block, it has the expected hash of >> the manifest in memory. The next step it takes is to hash the manifest to >> verify/authenticate it. If this passes, then it can begin executing the >> manifest. >> >> The constrained recipient won’t even know it needs an integrated element >> until after it has completed all these steps, so I am reluctant to put them >> first, since this would require random-access parsing of the manifest, >> rather than the linear process we have up to this point. >> >> However, I’m happy to hear other opinions! >> >> Regardless, the manifest now encodes integrated items with string keys, >> so it may well be that your CBOR encoder puts those before integers? >> >> Best Regards, >> Brendan >> IMPORTANT NOTICE: The contents of this email and any attachments are >> confidential and may also be privileged. If you are not the intended >> recipient, please notify the sender immediately and do not disclose the >> contents to any other person, use it for any purpose, or store or copy the >> information in any medium. Thank you. >> >
- [Suit] Ordering of elements in SUIT Manifest Brendan Moran
- Re: [Suit] Ordering of elements in SUIT Manifest Ken Takayama
- Re: [Suit] Ordering of elements in SUIT Manifest Ken Takayama