Re: [Suit] CBOR pull parsing vs. packed binary format extraction
Martin Pagel <Martin.Pagel@microsoft.com> Tue, 13 November 2018 20:43 UTC
Return-Path: <Martin.Pagel@microsoft.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B69B9130DE0 for <suit@ietfa.amsl.com>; Tue, 13 Nov 2018 12:43:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.471
X-Spam-Level:
X-Spam-Status: No, score=-2.471 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n_zQHCxiHwtF for <suit@ietfa.amsl.com>; Tue, 13 Nov 2018 12:43:37 -0800 (PST)
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-co1nam05on0725.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe50::725]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFADD12D4EA for <suit@ietf.org>; Tue, 13 Nov 2018 12:43:36 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BCrbHwjbURMUQHtmu0AyQXTsSTufFSGmUJy8DRKITWc=; b=RD/TzKu+/C/V+suY0cMiQJ+S94E1QvHkKDIkwMe4dLvY/vWMUStfm26D0cVZAtqlTm/Y0sRoHp4KYXNcV/6oOKYg+8baw3/TpM5+pfTEKpezQFfQzIDkrVXposwliEpWEUSyq4LdZ78jAW7bTt+ohZPzHPudOxPYslG6B+5DPEE=
Received: from MWHPR21MB0703.namprd21.prod.outlook.com (10.175.142.13) by MWHPR21MB0862.namprd21.prod.outlook.com (10.173.51.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1361.7; Tue, 13 Nov 2018 20:43:35 +0000
Received: from MWHPR21MB0703.namprd21.prod.outlook.com ([fe80::fdd6:bf60:1bfc:7a6f]) by MWHPR21MB0703.namprd21.prod.outlook.com ([fe80::fdd6:bf60:1bfc:7a6f%16]) with mapi id 15.20.1361.004; Tue, 13 Nov 2018 20:43:35 +0000
From: Martin Pagel <Martin.Pagel@microsoft.com>
To: Brendan Moran <Brendan.Moran@arm.com>, Øyvind Rønningstad <Oyvind.Ronningstad@nordicsemi.no>
CC: suit <suit@ietf.org>
Thread-Topic: CBOR pull parsing vs. packed binary format extraction
Thread-Index: AQHUe0vLj/vkzYlH5UqFZoje4UGxS6VNpOFwgAArMQCAAFdM0A==
Date: Tue, 13 Nov 2018 20:43:35 +0000
Message-ID: <MWHPR21MB070336AF8129AFD0CF638EB39DC20@MWHPR21MB0703.namprd21.prod.outlook.com>
References: <77A2FE52-4828-481A-AA09-F20FCF0C3605@arm.com> <HE1PR05MB3228C0FF8CC75A2B6C9F8DCE88C20@HE1PR05MB3228.eurprd05.prod.outlook.com> <7AF3C3CC-F120-40EE-931E-EE70943EF1B2@arm.com>
In-Reply-To: <7AF3C3CC-F120-40EE-931E-EE70943EF1B2@arm.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Owner=mapagel@microsoft.com; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2018-11-13T20:43:33.2438672Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=General; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Application=Microsoft Azure Information Protection; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Extended_MSFT_Method=Automatic; Sensitivity=General
x-originating-ip: [2001:4898:80e8:9:c515:418b:e431:32dd]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR21MB0862; 6:xncrnS1gYAuXTCGqfAbwsskuIFuYLdHl5p9KE9gj4slG8vydaY0hFxOq9oCujcYS3yo871maB8sxM/3ZAA/RZjslbsmmRZfs5W53j5xMJZDNmO8vSkG892WdQ1w8QYhrJ3pjpbRKb7rxlMW/frpvZSkJDCzrIW5V/OMcaM1uwuCX1TjafpkYWQ871y+Qt60KxwOVOAc9crR6B2YzpS9zTvhm/cP33Gn7qpg/C8JcKIw7w5a+tIULBLByyUpRxkqLIHpn7/9W8+ImqnFg0Piec6eYx1lSdn+HxH1XGMRnTrfgO6bXcmVTQ02JCpYyJ2/vHpltyBzNrJ7TD6OWBwV01SsZKyk3LvxZqJopFVtbBwHxKngufKBaO8EOyADYzqhD9py/HL6vHZqylQOofz06ICsZ6nu6zdIYCtwvsos4OwYFR9wntjBwMHSVicc06BGxnWtOJtX7JxsHpgmj0mQxQQ==; 5:51pg+mPc5SD//HxDVA7yra6H/YL3K0/IVqYmR3AqcGxCUUKIoSKLM9WXebwj4ibMARDgo2RSDMpziPrG9znSmzESB3WB9EaRW4N0ZERIOR7G1uMfM7aBBXSvhHhl9/7otojnDqd5HIcbxnFSmSSyK9DQ80gRPlpakTKzmsSg59M=; 7:LacLs1EH6SANTF1SWwGgIf+9M7VXMVun5QaUxqlfu0w762KCxCEqzc+7osV122aty51DTL8gguX/7qEysikola25gCnngxMam8sF/7JeMJCquPxK+C1cKfnk4h7marP4rRaP4m1/CuwnE0OYAp3dCg==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 4387fe51-79ed-460c-96e0-08d649a8ae95
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390060)(7020095)(4652040)(8989299)(5600074)(711020)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:MWHPR21MB0862;
x-ms-traffictypediagnostic: MWHPR21MB0862:
x-ms-exchange-purlcount: 3
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Martin.Pagel@microsoft.com;
x-microsoft-antispam-prvs: <MWHPR21MB086234B814FDD1E524796BDB9DC20@MWHPR21MB0862.namprd21.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(8220035)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231410)(944501410)(2018427008)(6055026)(148016)(149066)(150057)(6041310)(20161123562045)(20161123558120)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:MWHPR21MB0862; BCL:0; PCL:0; RULEID:; SRVR:MWHPR21MB0862;
x-forefront-prvs: 085551F5A8
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(39860400002)(346002)(366004)(136003)(396003)(40434004)(13464003)(199004)(189003)(110136005)(8936002)(2906002)(81166006)(22452003)(81156014)(25786009)(102836004)(46003)(68736007)(71190400001)(53936002)(71200400001)(316002)(5024004)(14444005)(6246003)(66574009)(4326008)(53546011)(486006)(6116002)(476003)(8990500004)(6506007)(446003)(186003)(5660300001)(11346002)(8676002)(76176011)(10090500001)(7696005)(86612001)(6306002)(9686003)(86362001)(575784001)(74316002)(6436002)(14454004)(99286004)(33656002)(305945005)(7736002)(966005)(478600001)(72206003)(106356001)(105586002)(97736004)(2900100001)(256004)(229853002)(55016002)(10290500003); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR21MB0862; H:MWHPR21MB0703.namprd21.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: s9uUd3rbe5pNuiA3HBtmKRvu4DX/ssyAlWBPKZeOFIcRkDHRyhXinZc14pJ4ysTgeb7e5WukLzpc7HIVgq8YmRi9cmov/T7dziHCRhk3c4pj2hOgftN6XpKovfafkxg/gnZhcXiMTa1o+Nu00DN5o2MN/++0kgEll0Dx0OLVLGLThAv6KyBmHQFtZ3yVdx7r6OYt2rU1W+XAwOJxhzYwZNtZNLv4yr1pi5t7QuctIEzdeseiiSz3mMXXuo573UDXvgaftRBl609qyJpe2dsRbNzpEZE3G3Yu0i9LbejtDdLF4pVxrmmyHTashKvm0+yCTHyeBRZf912VT7XZ5NdbLuFlOWkyZNO2F7qkNkWh1oY=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4387fe51-79ed-460c-96e0-08d649a8ae95
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2018 20:43:35.0575 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR21MB0862
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/m1QLVpt4EfurIZ4U7PeLCzTBTOM>
Subject: Re: [Suit] CBOR pull parsing vs. packed binary format extraction
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Nov 2018 20:43:40 -0000
Hi Brendan, Yes, nice tight implementation of CBOR, thanks for sharing. I don't understand your discussion about different private keys for minimal and non-minimal manifest though, I'm concerned if the signature is dependent on the parsing method... I also like that it shows how a minimal manifest may only use signature, sequence number, vendor/class id, URI, and payload. You define the mfst_s struct as a C structure and you set a pointer to access the structure. How is this different from what's proposed for the binary manifest representation? You asked me about how much code is required for the parsing of the binary manifest. I reiterate that it only requires a call to verify the signature, all data fields can be accessed via a struct like you did which is resolved by the linker as you pointed out. Thanks Martin -----Original Message----- From: Suit <suit-bounces@ietf.org> On Behalf Of Brendan Moran Sent: Tuesday, November 13, 2018 7:13 AM To: Øyvind Rønningstad <Oyvind.Ronningstad@nordicsemi.no> Cc: suit <suit@ietf.org> Subject: Re: [Suit] CBOR pull parsing vs. packed binary format extraction Hi Øyvind, You’re correct, this is an extremely limited parser. It’s roughly as limited as it would be if it were interpreting a packed binary format. This manifest parser makes a number of flexibility sacrifices for the sake of size. It requires: * authentication is only done with COSE_Sign1 * the only supported algorithm is ES256 * the signer ID is implied (only one signer, for example—this is a legitimate use-case with a trust proxy as raised in a previous IETF meeting) * no elements of the outer wrapper are parsed except for the authentication wrapper and the manifest * no severable fields except text * text is ignored completely (parsing ends before text is encountered) * only one payload * no dependencies * no directives * vendor and class ID conditions must be present * no post-conditions * no post-directives * payload must be a raw binary * canonical (sorted) CBOR map encoding is required (this is the point about deterministic ordering) The intent is to show what the absolute minimum size of a manifest parser can be when many constraints are placed on it in the same way as a packed binary format. This is the sort of parser that could be used by a bootloader for whole-image updates. The intent not necessarily to build a production manifest parser. Though, if you were willing to accept those limitations, there is very little space for bugs due to the structure of the parser. I believe that this approach is extensible to handling more fields and adding more flexibility, but I’ve not had a chance to build a proof-of-concept. Thanks, Brendan > On 13 Nov 2018, at 13:16, Rønningstad, Øyvind <Oyvind.Ronningstad@nordicsemi.no> wrote: > > Thanks for sharing! > > Your code seems to assume a specific order of map elements, but as far as I know, CDDL (or even CBOR?) doesn't guarantee deterministic ordering. > Am I missing something? > > Also, a full implementation will require the ability to fetch of most or all present elements (if not, why are the elements present?), so in practice the size will be larger, right? > > Øyvind > >> -----Original Message----- >> From: Suit <suit-bounces@ietf.org> On Behalf Of Brendan Moran >> Sent: 13. november 2018 13:24 >> To: suit <suit@ietf.org> >> Subject: [Suit] CBOR pull parsing vs. packed binary format extraction >> >> I have worked up an example pull parser for Class 1 devices. It is >> published in the suit-manifest-generator repo: >> >> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith >> ub.com%2FARMmbed%2Fsuit-manifest-&data=02%7C01%7Cmartin.pagel%40m >> icrosoft.com%7Cfce38a1566f74c9906e208d6497a80cd%7C72f988bf86f141af91a >> b2d7cd011db47%7C1%7C0%7C636777187832203400&sdata=oo7Q%2F4QSVGcjgc >> RoJWh0hEH4QhKGlfEeWiJrEPG2nz8%3D&reserved=0 >> generator/tree/master/parser-example >> >> This repo demonstrates constructing a highly specialised parser for >> the >> draft-moran-suit-manifest-03 draft (with one small modification that >> will be included in the 04 draft) as detailed in README.md. >> >> The parser has been built for ARM Cortex-M4 to evaluate size: >> >> The parser consumes 560 bytes of flash, uses only a single pointer of >> state between function calls, returns interpreted integers and >> references to byte strings to save memory when called, and uses no >> dynamic memory. It is guaranteed not to issue unaligned accesses, >> since all accesses are explicitly byte-wise. >> >> The parser can be used in a low-resource mode, consuming 333 bytes of >> flash, but giving up structural validation of the CBOR, and assuming >> that any fixed components (such as containers) of the manifest are >> correct >> >> >> I have also provided, for comparison, an unserialised binary >> structure using the same information and the same parser API. In this >> instance, the parser consumes 102 bytes of flash. This is not the >> manifest as defined in draft-pagel-suit-manifest-00. >> >> Martin, would you be able to offer an implementation of an updater >> for class 1 devices using your manifest draft so that we can compare >> the compiled size? >> >> Best Regards, >> Brendan >> >> IMPORTANT NOTICE: The contents of this email and any attachments are >> confidential and may also be privileged. If you are not the intended >> recipient, please notify the sender immediately and do not disclose >> the contents to any other person, use it for any purpose, or store or >> copy the information in any medium. Thank you. >> >> _______________________________________________ >> Suit mailing list >> Suit@ietf.org >> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. >> ietf.org%2Fmailman%2Flistinfo%2Fsuit&data=02%7C01%7Cmartin.pagel% >> 40microsoft.com%7Cfce38a1566f74c9906e208d6497a80cd%7C72f988bf86f141af >> 91ab2d7cd011db47%7C1%7C0%7C636777187832203400&sdata=CrtRADnpWE8PG >> DfsuPdQfrguHtU%2BaiZK9N3TDPx%2Fpo0%3D&reserved=0 IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. _______________________________________________ Suit mailing list Suit@ietf.org https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fsuit&data=02%7C01%7Cmartin.pagel%40microsoft.com%7Cfce38a1566f74c9906e208d6497a80cd%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636777187832203400&sdata=CrtRADnpWE8PGDfsuPdQfrguHtU%2BaiZK9N3TDPx%2Fpo0%3D&reserved=0
- [Suit] CBOR pull parsing vs. packed binary format… Brendan Moran
- Re: [Suit] CBOR pull parsing vs. packed binary fo… Rønningstad
- Re: [Suit] CBOR pull parsing vs. packed binary fo… Brendan Moran
- Re: [Suit] CBOR pull parsing vs. packed binary fo… Martin Pagel
- Re: [Suit] CBOR pull parsing vs. packed binary fo… David Brown
- Re: [Suit] CBOR pull parsing vs. packed binary fo… David Brown
- Re: [Suit] CBOR pull parsing vs. packed binary fo… Derek Atkins