IETF Logo Mail Archive

Re: [Suit] Which type of devices?

Brendan Moran <Brendan.Moran@arm.com> Mon, 12 November 2018 13:35 UTC

Return-Path: <Brendan.Moran@arm.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BE6E1130DDD for <suit@ietfa.amsl.com>; Mon, 12 Nov 2018 05:35:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id birg45PE803B for <suit@ietfa.amsl.com>; Mon, 12 Nov 2018 05:35:33 -0800 (PST)
Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-ve1eur03on060d.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe09::60d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8A9BC1292AD for <suit@ietf.org>; Mon, 12 Nov 2018 05:35:32 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector1-arm-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=BeZTQ3MRj9IuYnmFEI+YlWdiTLiJp0aGqbsb2Rc5Bfc=; b=XGQi0Mv5omoIBbHZ5AV6t8yDVG1QxU2njT36jDaM/j3v3duPBNuvtjRxtQX9A+SPJ9st+gH6tnVxnEyeu9bszVWqIh2fCpgp/J82Hhd17EZ8vtDIus8EOKisz6e9+XHqnfJDiH0BKaeNQQ0zLyZIEzTnEm3ufg7RQrz3l3pxsNY=
Received: from DB6PR0801MB1879.eurprd08.prod.outlook.com (10.168.85.13) by DB6PR0801MB1398.eurprd08.prod.outlook.com (10.168.11.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.26; Mon, 12 Nov 2018 13:35:30 +0000
Received: from DB6PR0801MB1879.eurprd08.prod.outlook.com ([fe80::acf2:1e1b:193a:4971]) by DB6PR0801MB1879.eurprd08.prod.outlook.com ([fe80::acf2:1e1b:193a:4971%3]) with mapi id 15.20.1294.044; Mon, 12 Nov 2018 13:35:30 +0000
From: Brendan Moran <Brendan.Moran@arm.com>
To: Michael Richardson <mcr@sandelman.ca>
CC: "suit@ietf.org" <suit@ietf.org>
Thread-Topic: [Suit] Which type of devices?
Thread-Index: AQHUdxCeESzCxcUcBkyGeHzm9feg7qVFOCUAgAAJYQCAAAk3gIAACG2AgAADBgCAAAKLAIAACZeAgALycoCAAAheAIADj46AgAA+VYA=
Date: Mon, 12 Nov 2018 13:35:29 +0000
Message-ID: <5B3F76F2-5417-4082-A824-064013768CE5@arm.com>
References: <alpine.WNT.2.00.1811081007400.11848@mw-x1> <VI1PR0801MB2112913A1D14ED05692175C7FAC50@VI1PR0801MB2112.eurprd08.prod.outlook.com> <alpine.WNT.2.00.1811081029280.11848@mw-x1> <VI1PR0801MB2112878330B6A121B887D7E8FAC50@VI1PR0801MB2112.eurprd08.prod.outlook.com> <DM5PR21MB0698C1DDD37982E0F212A6FA9DC50@DM5PR21MB0698.namprd21.prod.outlook.com> <VI1PR0801MB2112C5CBE3E170E2CD499C0FFAC50@VI1PR0801MB2112.eurprd08.prod.outlook.com> <VI1PR0801MB2112C3CDFA7A858A262B6494FAC50@VI1PR0801MB2112.eurprd08.prod.outlook.com> <DM5PR21MB0698CBC8833D76E752590E709DC50@DM5PR21MB0698.namprd21.prod.outlook.com> <BE97C87B-9B9A-4DD5-8E89-CE91B7BC0378@tzi.org> <DM5PR21MB0698425D8460D66F8D0555319DC70@DM5PR21MB0698.namprd21.prod.outlook.com> <16709.1542016343@localhost>
In-Reply-To: <16709.1542016343@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-mailer: Apple Mail (2.3445.9.1)
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Brendan.Moran@arm.com;
x-originating-ip: [217.140.106.50]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; DB6PR0801MB1398; 6:DROZb62ASccRZKmjBJtMZ1RfN8Ah1Fj7UDH+hEa2XMWphF0uMzmVzhU1su1hgAO1VS+6hdRZ6wROgYxFq2AwwmCGfWIATO5p9NhAbOBx9onS2+3gg+B5I3aiT+YOBxp988bqdu/ECCXv+Id8wHT8nfVLH9ASu7d4nm7IM0Nf4Y9OnWnJToU/v5iTtxR3/mWb+SWAiYhRDFefnRlMG0WXPBShKse02k9XlqHNvi0j2dEiKycSCLLMgTM5yHyCDe34o/K2GR6FDeTvO36zsFw0lA8icrOb+gnxHrUQJIVBEaZnTtNE1NVpU8eZzEjtAo9FLiJZ24sm9zU7SYOoyTTKnydak4cgugetzTTDh63+vYN5LKeiu4K8selpKm4YAKSAhKQlxf6Yjf8AKLoZahn2iQZGQsPMIPsaq+L5CtfjSGe8nHOMDS2r4zut3WktwRZkwZVAC+l6UbjVURbScR781w==; 5:GkasUrP5dU3ehixNXs7W/Qn2BaPUOK7kRvQjA2RVQKwabYzAlqt4qPUZoabX4OwejkdRDiPTVlOu/003GkLTCndtAnEw9b2mmc2q6DhiZZ/LpGkRDANT/dajMKlW7V6RJqjjmXhoBvYw5l0RlB/WLE8AVy7kDpS6bDx11oXo/D4=; 7:d2kcZC9DL2DJUJmrKP4NrCOuPF3ONsj1WsFYBVB/dTGYL9t6TYmbviic9PN0pH+r58kZavsD+xSu+QMOG0+Omp/eG/dqFpUibJ1crP2v0rpw9IsSXVBeTgKBpMWerXrWfHgrtC99+RVvVVDVLH8CQg==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: e17f0c39-d3c3-4993-b94f-08d648a3b6ad
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390040)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(4618075)(2017052603328)(7153060)(7193020); SRVR:DB6PR0801MB1398;
x-ms-traffictypediagnostic: DB6PR0801MB1398:
x-microsoft-antispam-prvs: <DB6PR0801MB1398C60CF3A2A2E65CDE896CEAC10@DB6PR0801MB1398.eurprd08.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(5005006)(8121501046)(3231402)(944501410)(4982022)(52105112)(3002001)(10201501046)(93006095)(93001095)(6055026)(148016)(149066)(150057)(6041310)(20161123558120)(20161123562045)(20161123564045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095); SRVR:DB6PR0801MB1398; BCL:0; PCL:0; RULEID:; SRVR:DB6PR0801MB1398;
x-forefront-prvs: 0854128AF0
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(136003)(396003)(376002)(366004)(346002)(39860400002)(51444003)(40434004)(189003)(199004)(102836004)(478600001)(25786009)(6916009)(53546011)(6506007)(229853002)(50226002)(86362001)(76176011)(2906002)(2900100001)(305945005)(72206003)(7736002)(97736004)(36756003)(966005)(99286004)(14454004)(66066001)(4326008)(316002)(93886005)(14444005)(256004)(8936002)(6306002)(5024004)(26005)(6486002)(6512007)(57306001)(81166006)(81156014)(2616005)(446003)(8676002)(71190400001)(6246003)(106356001)(11346002)(6116002)(3846002)(5660300001)(83716004)(68736007)(71200400001)(53936002)(186003)(6436002)(105586002)(486006)(476003)(82746002)(33656002); DIR:OUT; SFP:1101; SCL:1; SRVR:DB6PR0801MB1398; H:DB6PR0801MB1879.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: arm.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: EL1U+64TCs/fHVigGE8jVfWpDHCp0WOfR+iloCf3x0we1TXszUcb85WI7M4tL4b+wLgO29CzSmyzztVndF/D9P9Ksa7GYeFXCHTi6u/zyHfQ2j/5p2glPsdU2KDQJmWFcfmaLedt7k6gTDpJGo7HkhPQ4Ha57ss9lPa8BGdbhQhxJWJwCrkCBnaKFb5i6LW+s+8+mkhirM1Xo129iRWaTeW/RTrU6LZbBh8lBZUGg1u8sg1AfGCP9F+n3xRVsny1iK4sFgZ3Icw+uh9vYjkHesAVrzApsb9/3cqD7KALDZxcYERZBh5ohkHb34Z1euf9BkQVOUy9le94aIRipGir9D7ZtfyJFzSxU+HQ7KWY6n8=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-ID: <CD96EF3AB284E44BA26FBBF1243FF281@eurprd08.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e17f0c39-d3c3-4993-b94f-08d648a3b6ad
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Nov 2018 13:35:29.9850 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB6PR0801MB1398
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/xdD0oD2zagnUqMxn9gO8wOQjxUY>
Subject: Re: [Suit] Which type of devices?
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Nov 2018 13:35:36 -0000

Hi Michael,

You’re absolutely right. I’ve written an example of a completely minimal manifest parser, for a very limited subset of the manifest I proposed.

The “parser” only returns the information that is needed for each step, so it has several functions that must be called in sequence.

This is a pull parser that interacts with the signature verification primitives to initialise a signature verification context in preparation for verifying the COSE_Sign1 structure that is in the manifest outer wrapper.

All builds were done for ARM Cortex-M4. I built this parser in two ways, depending on the bit-size of CBOR integers. This affects two fields in the minimal manifest subset I chose: the payload size and the sequence number.

The test manifest for this minimal subset was 302 bytes and includes a reference digest for a text description, but that description has been severed.

When assuming that all CBOR integers are 64-bit:
Full Structural verification: 562
Information Extraction: 339

When assuming that all CBOR integers are 32-bit:
Full Structural verification: 542
Information Extraction: 323

Given that this is a very rough first try, I expect there is room for further optimisation.

I’ll post the code shortly. For now, however, we have a maximum lower bound that we can use to discuss the suitability of a fixed-function CBOR parser for a fixed, minimal subset of draft-moran-suit-manifest-03.

Best Regards,
Brendan


> On 12 Nov 2018, at 09:52, Michael Richardson <mcr@sandelman.ca> wrote:
>
>
> Martin Pagel <Martin.Pagel=40microsoft.com@dmarc.ietf.org> wrote:
>> Let me try to describe the process in more detail: From what I
>> understand (correct me if I'm wrong as I'm not a CBOR expert) CBOR uses
>> the first three bits of a field as its type identifier, for example
>> whether the rest is a (5bit) integer or, depending on the following
>> values, is followed by a 16bit or 32bit integer or text string or...
>> As such format is kind of difficult to parse by code natively, you
>> usually load the CBOR data into a temporary receiving buffer and you
>> use a parser which parses the CBOR structure from beginning to end into
>> a more convenient structure such as a C structure or array of
>> structures. For example the parser would store the 5bit value into a
>
> This is certainly how it works with Python or Ruby.
> In C, which is not what I'd do.
>
> I'd look at the CBOR blob, parse enough to find out which key signed it,
> validate the signature, and then I'd mutate the CBOR into formats I can
> use directly.  For instance, setting the upper three bits to zeroes if
> I wanted the 5-bit number directly. (That's probably a silly example, because
> it's just one byte, but maybe it helps to have a length value in front of a
> string)
>
>> 8bit or 16bit integer variable and drop any of the type identifier info
>> so that the application can work with the data just like any other
>> program variables. During that process, the parser needs about twice
>> the memory of the manifest file: one memory area for the receiving
>> buffer and one for the final data the application can conveniently deal
>> with.
>
> I think that I would build a structure that would point to all the strings
> in the original manifest that I needed.  Maybe saving bytes by using offsets
> rather than 32-bit pointers.
>
> It just doesn't seem that hard to me, nor do I think it has to take a lot
> of space.
>
> --
> ]               Never tell me the odds!                 | ipv6 mesh networks [
> ]   Michael Richardson, Sandelman Software Works        | network architect  [
> ]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [
>
> _______________________________________________
> Suit mailing list
> Suit@ietf.org
> https://www.ietf.org/mailman/listinfo/suit

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.23.0 | Report a Bug | By Email