IETF Logo Mail Archive

Re: [Suit] CBOR pull parsing vs. packed binary format extraction

Brendan Moran <Brendan.Moran@arm.com> Tue, 13 November 2018 15:12 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C653C128D09 for <suit@ietfa.amsl.com>; Tue, 13 Nov 2018 07:12:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IySGH_NvJ7JR for <suit@ietfa.amsl.com>; Tue, 13 Nov 2018 07:12:49 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03on0629.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe09::629]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3DD1128A6E for <suit@ietf.org>; Tue, 13 Nov 2018 07:12:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=di857mIuhiJkrPHCSPqPF5Wi2hjZgPXNpUxdBK9mpuY=; b=kSF9JK1XC2DuLjrR8IXGx2XBuz1dA1vVee+AnzlWtSPMnOyM8FcHa7kzkYKo4gIYtJOon3YLAe5KieDowUHNd/9XP6scJg2tDDgwHBCps6JCLlG3ynY3N7BbrPIDXXHzmXTg9TSiDd3NGPGWxF5txjY72BKU1uwKF11em58nDNs=
Received: from DB6PR0801MB1879.eurprd08.prod.outlook.com (10.168.85.13) by DB6PR0801MB1896.eurprd08.prod.outlook.com (10.168.85.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.26; Tue, 13 Nov 2018 15:12:46 +0000
Received: from DB6PR0801MB1879.eurprd08.prod.outlook.com ([fe80::acf2:1e1b:193a:4971]) by DB6PR0801MB1879.eurprd08.prod.outlook.com ([fe80::acf2:1e1b:193a:4971%3]) with mapi id 15.20.1294.045; Tue, 13 Nov 2018 15:12:46 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Øyvind Rønningstad <Oyvind.Ronningstad@nordicsemi.no>
CC: suit <suit@ietf.org>
Thread-Topic: CBOR pull parsing vs. packed binary format extraction
Thread-Index: AQHUe0vLKZWTGijZw0SSKiCS4DvKXqVNr3OAgAAgnoA=
Date: Tue, 13 Nov 2018 15:12:46 +0000
Message-ID: <7AF3C3CC-F120-40EE-931E-EE70943EF1B2@arm.com>
References: <77A2FE52-4828-481A-AA09-F20FCF0C3605@arm.com> <HE1PR05MB3228C0FF8CC75A2B6C9F8DCE88C20@HE1PR05MB3228.eurprd05.prod.outlook.com>
In-Reply-To: <HE1PR05MB3228C0FF8CC75A2B6C9F8DCE88C20@HE1PR05MB3228.eurprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.9.1)
x-originating-ip: [217.140.106.54]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB6PR0801MB1896; 6:jGmSDqMKODw5LD7AhM5jtrtvdhnzwQVAyJfqry2+9IfzzOp5drcD1NZJdj6+i8Tf9PqRjrRdMK2X07U1RVYrgHXnBbRXnUEm86zc7BQaQYwBc6kzHXo5MNrisz4iI/w2zqZNAqAjNr3hZIntB0cc+CEXc0FokKB2YkGrD/RW5/g7R2XwNzc3ImHG43vfzEgl2x54jQKUA6DMsT2cjR6SyDFbZeU0yRGzOj0KwnKrM6v7Cmmg3xzlVgFKdJbsWTz9lEhMEpDctDrGHRGCBU4kZ7cQfLNWMXebc3PnCcdygKyQTX5IW3Otwe/QAoHQSF7Fn5CYXDMxctZE+WbNKyhpyeHaCtXRPPw1HgVHCREfy5UB3O3iV9VY09AahgXFqmXr90WawzQ2xsfTfTNOMd6nggaYTmHYQSJM3kitPtQ+tDFtne+rIQ49tC8lq6Zangc9HDbMRxrAGRyT8MQpAedciw==; 5:zmkube1xOHeV3kdw6JMK/otTR9aiiZliaUhwnvpPDjEyyFu9s1IOyEnULjq6GDWUhPiu4e3w945n41QdTVphHeE/vVkfMbTIvDuKC/s3ca3V0cAr3HdSTxnOJ5y/l3sRu6n/NrY1Yz5Z7mIbnY2izI9UrdtK7zCIi7n+ttOx1Dw=; 7:6LvNj+wmdaT0qYlbCI+redLrxAuXYCpZ54CG8HxDPAJ9lWYC0zukLiBOHIahPRoJftVjLqfkbd/RFaImFqoPqKd02ksKv915E5rlkhoW0hYxGhnjFfmZG9AfUscSxi5X6ROs8WDm+7h7ASfaBnEHiQ==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 2cf80ffd-c5e1-45b0-c7da-08d6497a77c6
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390060)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB6PR0801MB1896;
x-ms-traffictypediagnostic: DB6PR0801MB1896:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com;
x-microsoft-antispam-prvs: <DB6PR0801MB1896FA246CE8A5D77779752AEAC20@DB6PR0801MB1896.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(131327999870524)(166708455590820);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3002001)(3231406)(944501410)(52105112)(93006095)(93001095)(10201501046)(6055026)(148016)(149066)(150057)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(20161123562045)(20161123560045)(20161123564045)(201708071742011)(7699051)(76991095); SRVR:DB6PR0801MB1896; BCL:0; PCL:0; RULEID:; SRVR:DB6PR0801MB1896;
x-forefront-prvs: 085551F5A8
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(376002)(366004)(346002)(136003)(396003)(199004)(189003)(40434004)(13464003)(53936002)(6916009)(2906002)(3846002)(8676002)(6116002)(81156014)(6246003)(81166006)(8936002)(36756003)(4326008)(68736007)(82746002)(97736004)(2900100001)(86362001)(72206003)(50226002)(478600001)(66066001)(316002)(966005)(25786009)(5660300001)(476003)(33656002)(7736002)(305945005)(6486002)(26005)(99286004)(66574009)(6436002)(57306001)(186003)(14444005)(5024004)(102836004)(256004)(71190400001)(6506007)(106356001)(76176011)(105586002)(6512007)(446003)(6306002)(71200400001)(486006)(53546011)(2616005)(229853002)(11346002)(83716004)(14454004); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0801MB1896; H:DB6PR0801MB1879.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: kx1YovHi9fmkkIA4BlkstNrIfWTjC3PvRswCGAw5wCLElF2/HowgNk9olind4Aea6e921iUGuN8+1WSdV7Elkq3afroUfNMbXDiNBErdABW7HF6rwQ0OLgVgpEV5dyUlLYjlcnBtECfE07/U/u0C7Hvm12jbcezQcGMKcXWOAjx0ucRrehj03phF94Dac7NaA8iZIQJGYCvmUp6JXKQTzv82qNEAq4h4Ts2tzMhevR0uOUWtfSXn/mvF29XO8VCSbjrDo1NzuYuqQrwGso7OP6JwyoeYBk+0rg9T8kXMhPH/FUpTsdH+BoRWwMkof4w76D77cCsD287kdjeyN/4W3EXWe/TxVlyGHTYDT55lLDU=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <3294A28C700E2F4CB195241CAC1DC4EE@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2cf80ffd-c5e1-45b0-c7da-08d6497a77c6
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Nov 2018 15:12:46.3367 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1896
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/iEegdah99FmyamriFQrp1NfvY2I>
Subject: Re: [Suit] CBOR pull parsing vs. packed binary format extraction
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Nov 2018 15:12:53 -0000

Hi Øyvind,

You’re correct, this is an extremely limited parser. It’s roughly as limited as it would be if it were interpreting a packed binary format.

This manifest parser makes a number of flexibility sacrifices for the sake of size. It requires:
* authentication is only done with COSE_Sign1
* the only supported algorithm is ES256
* the signer ID is implied (only one signer, for example—this is a legitimate use-case with a trust proxy as raised in a previous IETF meeting)
* no elements of the outer wrapper are parsed except for the authentication wrapper and the manifest
* no severable fields except text
* text is ignored completely (parsing ends before text is encountered)
* only one payload
* no dependencies
* no directives
* vendor and class ID conditions must be present
* no post-conditions
* no post-directives
* payload must be a raw binary
* canonical (sorted) CBOR map encoding is required (this is the point about deterministic ordering)

The intent is to show what the absolute minimum size of a manifest parser can be when many constraints are placed on it in the same way as a packed binary format. This is the sort of parser that could be used by a bootloader for whole-image updates. The intent not necessarily to build a production manifest parser. Though, if you were willing to accept those limitations, there is very little space for bugs due to the structure of the parser.

I believe that this approach is extensible to handling more fields and adding more flexibility, but I’ve not had a chance to build a proof-of-concept.

Thanks,
Brendan


> On 13 Nov 2018, at 13:16, Rønningstad, Øyvind <Oyvind.Ronningstad@nordicsemi.no> wrote:
>
> Thanks for sharing!
>
> Your code seems to assume a specific order of map elements, but as far as I know, CDDL (or even CBOR?) doesn't guarantee deterministic ordering.
> Am I missing something?
>
> Also, a full implementation will require the ability to fetch of most or all present elements (if not, why are the elements present?), so in practice the size will be larger, right?
>
> Øyvind
>
>> -----Original Message-----
>> From: Suit <suit-bounces@ietf.org> On Behalf Of Brendan Moran
>> Sent: 13. november 2018 13:24
>> To: suit <suit@ietf.org>
>> Subject: [Suit] CBOR pull parsing vs. packed binary format extraction
>>
>> I have worked up an example pull parser for Class 1 devices. It is
>> published in the suit-manifest-generator repo:
>>
>> https://github.com/ARMmbed/suit-manifest-
>> generator/tree/master/parser-example
>>
>> This repo demonstrates constructing a highly specialised parser for the
>> draft-moran-suit-manifest-03 draft (with one small modification that will
>> be included in the 04 draft) as detailed in README.md.
>>
>> The parser has been built for ARM Cortex-M4 to evaluate size:
>>
>> The parser consumes 560 bytes of flash, uses only a single pointer of
>> state between function calls, returns interpreted integers and references
>> to byte strings to save memory when called, and uses no dynamic
>> memory. It is guaranteed not to issue unaligned accesses, since all
>> accesses are explicitly byte-wise.
>>
>> The parser can be used in a low-resource mode, consuming 333 bytes of
>> flash, but giving up structural validation of the CBOR, and assuming that
>> any fixed components (such as containers) of the manifest are correct
>>
>>
>> I have also provided, for comparison, an unserialised binary structure
>> using the same information and the same parser API. In this instance, the
>> parser consumes 102 bytes of flash. This is not the manifest as defined in
>> draft-pagel-suit-manifest-00.
>>
>> Martin, would you be able to offer an implementation of an updater for
>> class 1 devices using your manifest draft so that we can compare the
>> compiled size?
>>
>> Best Regards,
>> Brendan
>>
>> IMPORTANT NOTICE: The contents of this email and any attachments
>> are confidential and may also be privileged. If you are not the intended
>> recipient, please notify the sender immediately and do not disclose the
>> contents to any other person, use it for any purpose, or store or copy the
>> information in any medium. Thank you.
>>
>> _______________________________________________
>> Suit mailing list
>> Suit@ietf.org
>> https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email