SUIT: Upgrade to draft-ietf-suit-manifest-09

[bergzand]

Contribution description

This PR upgrades the current manifest generator and parser to be ietf-v7ietf-v9 compliant. Everything under dist/tools/suit/suit-manifest-generator is imported from ARMmbed/suit-manifest-generator and will be migrated to a package when the spec is stabilized.

Testing procedure

• tests/suit_manifest must pass
• upgrades must be possible with the flow in examples/suit_update.

Issues/PRs references

None

[bergzand]

Updated to be draft-ietf-suit-manifest-09 compatible.

[benpicco]

Looks like we'll need pyhsslms on Murdock now

[bergzand]

Looks like we'll need pyhsslms on Murdock now

I've stripped the hss-lms key functionality from the tool for now.

[benpicco]

Well that's also a solution 😄
Should we open a PR in riotdocker so this can eventually be added back?

[bergzand]

Well that's also a solution smile

It's not like there is any use in having support for it in auxiliary tooling without support for HSS-LMS in RIOT itself.

Should we open a PR in riotdocker so this can eventually be added back?

That's probably the best long-term solution.

[benpicco]

Travis has some complaints about missing documentation to some public functions.

[benpicco]

Is that a private key? And why not for production use?

[bergzand]

Ahh, crap, this was not supposed to be reviewed, everything under dist/tools/suit/suit-manifest-generator is imported from ARMmbed/suit-manifest-generator and will be migrated to a package when the spec is stabilized.
I'd rather not start fixing nitpicks in "external" code and only fix the bare minimum required for integration.

[benpicco]

Murdock will need cbor2 still.

[benpicco]

@kaspar030 the workers will need an update

[emmanuelsearch]

@benpicco @fjmolinas @kaspar030 good to go? Squashing time?

[fjmolinas]

I see that now you can eventually have more than one component, can test/suit_manifest be updated to test for that?

[fjmolinas]

Now the update starts but digest validation is failing, any ideas?

riotboot_flashwrite: initializing update to target slot 1
Fetching firmware |█████████████████████████| 100%
Verifying image digest
suit_parse() failed. res=-4
Timeout in expect script at "return child.expect([r"Fetching firmware \|[█ ]+\|\s+\d+\%"," (examples/suit_update/tests/01-run.py:70)

Also I don't know if I ended up making this comment or if it got lost but can the tests/suit_manifest be adapted to test for multiple components?

[bergzand]

Also I don't know if I ended up making this comment or if it got lost but can the tests/suit_manifest be adapted to test for multiple components?

Had this around somewhere from a previous hackathon. See 7da04ac

[bergzand]

Now the update starts but digest validation is failing, any ideas?

Yup, see ARMmbed/suit-manifest-generator#42, included the fix in our clone of that repo.

[fjmolinas]

Its working for me now! Please squash @bergzand!

ifconfig
Iface  4  HWaddr: 4A:D4:58:2E:EB:63
          L2-PDU:1500 MTU:1500  HL:64  RTR
          Source address length: 6
          Link type: wired
          inet6 addr: fe80::48d4:58ff:fe2e:eb63  scope: link  VAL
pinging node...
PING fe80::48d4:58ff:fe2e:eb63%riot0(fe80::48d4:58ff:fe2e:eb63%riot0) 56 data bytes

--- fe80::48d4:58ff:fe2e:eb63%riot0 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 41.168/41.168/41.168/0.000 ms
pinging node succeeded.
TEST PASSED

[fjmolinas]

ACK.

[bergzand]

Squashed!

[benpicco]

Murdock is not happy

[fjmolinas]

Go!

[bergzand]

Thanks for testing and reviewing!

[emmanuelsearch]

@bergzand yay!

[benpicco]

With this I now get Segmentation fault (core dumped) when trying to build tests/suit_manifest on Ubuntu 20.04 (Python 3.8.2)

The crasher is python3 /home/benpicco/dev/RIOT/dist/tools/suit/suit-manifest-generator/bin/suit-tool

Never mind, updating Python fixed it (literally just running sudo apt full-upgrade)