[Suit] SUIT manifest draft 3 prototype implementation
David Brown <david.brown@linaro.org> Fri, 18 January 2019 23:26 UTC
Return-Path: <david.brown@linaro.org>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FCA3131495 for <suit@ietfa.amsl.com>; Fri, 18 Jan 2019 15:26:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=linaro.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IoDzPqRC3u3G for <suit@ietfa.amsl.com>; Fri, 18 Jan 2019 15:26:12 -0800 (PST)
Received: from mail-qk1-x72e.google.com (mail-qk1-x72e.google.com [IPv6:2607:f8b0:4864:20::72e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 719EE127AC2 for <suit@ietf.org>; Fri, 18 Jan 2019 15:26:12 -0800 (PST)
Received: by mail-qk1-x72e.google.com with SMTP id 189so9015830qkj.8 for <suit@ietf.org>; Fri, 18 Jan 2019 15:26:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=date:from:to:subject:message-id:mime-version:content-disposition :user-agent; bh=Sci9VcJdoOQGy2Ht3dh1+YoWFB5NDHEpTFgLiY064GU=; b=dSscAnun4tB9CsdFFK1xOhQ067fYyo2QYWL9XEoh/Nx7pFkJwLZdQlpPqamsTpB2lA AdwkeRz7WTQ6DYeXp/wJFJLwqzi3XLpRJIDXMaQfpClaWZlE6qI/npbGjMtxEhCTH0Oh PKXLhJuF9iubVdI9xeFEjfm4dHz/TikYjFn9I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-disposition:user-agent; bh=Sci9VcJdoOQGy2Ht3dh1+YoWFB5NDHEpTFgLiY064GU=; b=AbduRaLFwrHTsKxNounTmTnGL+HM4xBTRWNBv+C2Abire+wmEK8tgMO2/GjBD31C64 XUGPjeqCK/A/L49yf/AGJ5wzf54WuRd0HcPI0vQtLAGP0apl9ORn0h+gSEuYg+ZFtEMr pBkN0JdjGH0kjXcNrGIEsqrLGjUyhfMV4c6Qp9YdbsKO7DsYqDkXw7TCXGjJGfP8hyOt VEXbnKzXj37Gb+1QuUF2lq4x+73Fg5ibv4VPMRqJG6rNj9KTkJD+Blph9FMcuPdEO9py oSXOmh6vTZt8QlF4W2OMp5X2LDR2VeV8b2ADCpAenL+ZSwPqiaLZDgcQKwj2PnOqID07 YA4Q==
X-Gm-Message-State: AJcUukfoQd7dyR4lvaQdxzMf0FJpmftu7FT8QrnesJnUJVVbVS9Umc8K Xa67uzn4yt2QF1+NG8ImVPz8yGGw6rwcxQ==
X-Google-Smtp-Source: ALg8bN7mNbzF+CHwOVY8BKRBRVV1b3yf5Opgn+vuG6vMcN2TcY7S13zoivpu2QYjzsgzGA3krmGHFg==
X-Received: by 2002:a37:9604:: with SMTP id y4mr17390157qkd.279.1547853971154; Fri, 18 Jan 2019 15:26:11 -0800 (PST)
Received: from davidb.org (cn-co-b07400e8c3-142422-1.tingfiber.com. [64.98.48.55]) by smtp.gmail.com with ESMTPSA id r5sm49225263qke.33.2019.01.18.15.26.09 for <suit@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Jan 2019 15:26:10 -0800 (PST)
Date: Fri, 18 Jan 2019 16:26:08 -0700
From: David Brown <david.brown@linaro.org>
To: "suit@ietf.org" <suit@ietf.org>
Message-ID: <20190118232608.GA20669@davidb.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/yQYFompVrUywUCTwuQKO8-V8n-o>
Subject: [Suit] SUIT manifest draft 3 prototype implementation
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Jan 2019 23:26:14 -0000
I have been working on implementing draft 3 of the SUIT manifest in MCUboot, and have gotten to the point where it may be worth sharing this with others. https://github.com/JuulLabs-OSS/mcuboot/pull/391 Some notable features: - This preserves the existing small fixed header on the image used by MCUboot (but changes the magic number). There is a field (iv_build_num) in this header that is validated to match the sequence number in the SUIT manifest. - The SUIT manifest is appended to this image. I reused the old MCUboot manifest format (again changing the magic number), to have a way to indicate the length of this data. This could also have been done by encoding the data as a CBOR bstr, but this seemed easier. - The simulator (in the 'sim' directory) is able to generate a specific and narrowly defined signed manifest. Right now this is very hard coded, but I wanted to get an idea of sizes. - The decoder uses a template approach where the code contains a template manifest (or COSE signature) where certain values are #7.xx extension values (starting at 32). The decoder walks the two CBOR structures together, making sure they match exactly, except for the capture markers, and those pieces of data are stored off. - The code was written with keeping the decoder robust against even malicious CBOR data. I appreciate anyone finding a way that it can be exploited. - Compiled for a Cortex M4, the validation code with cbor parser and templates is 1228 bytes of code. This is in comparison with 628 bytes of code used to decode and validate the old MCUboot TLV manifest format. - This is not following any processing instructions or dependencies, merely trying to be equivalent to what MCUboot's existing code does. David