SUIT B. Moran Internet-Draft Arm Limited Intended status: Standards Track 11 July 2022 Expires: 12 January 2023 Mandatory-to-Implement Algorithms for Creators and Consumers of Software Update for the Internet of Things manifests draft-moran-suit-mti-00 Abstract This document specifies algorithm profiles for SUIT manifest parsers and authors to ensure better interoperability. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on 12 January 2023. Copyright Notice Copyright (c) 2022 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/ license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License. Moran Expires 12 January 2023 [Page 1] Internet-Draft MTI SUIT Algorithms July 2022 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . 2 2.1. Digest Algorithms . . . . . . . . . . . . . . . . . . . . 3 2.2. Authentication Algorithms . . . . . . . . . . . . . . . . 3 2.2.1. Symmetric Authentication Algorithm . . . . . . . . . 3 2.2.2. Asymmetric Classical Authentication Algorithms . . . 3 2.2.3. Asymmetric Post-Quantum Authentication Algorithms . . 3 2.3. Key Exchange Algorithms . . . . . . . . . . . . . . . . . 4 2.3.1. Symmetric . . . . . . . . . . . . . . . . . . . . . . 4 2.3.2. Classical Asymmetric . . . . . . . . . . . . . . . . 4 2.3.3. Post-Quantum Asymmetric . . . . . . . . . . . . . . . 4 2.4. Encryption Algorithms . . . . . . . . . . . . . . . . . . 4 3. Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . 5 4. Security Considerations . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 6.1. Normative References . . . . . . . . . . . . . . . . . . 6 6.2. Informative References . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7 1. Introduction Mandatory algorithms may change over time due to an evolving threat landscape. As a result these are grouped into profiles that a device should use. the mandatory-to implement algorithms for SUIT are described in this draft in order to provide flexibility in the definition of algorithm profiles. An authentication algorithm is REQUIRED for ALL SUIT manifests. Encryption algorithms MAY be provided. 2. Algorithms The algorithms that form a part of the profiles defined in this document are grouped into: * Digest Algorithms * Authentication Algorithms * Key Exchange Algorithms * Encryption Algorithms Moran Expires 12 January 2023 [Page 2] Internet-Draft MTI SUIT Algorithms July 2022 2.1. Digest Algorithms * SHA-256 (-16) * SHAKE128 (-18) * SHA-384 (-43) * SHA-512 (-44) * SHAKE256 (-45) 2.2. Authentication Algorithms Authentication Algorithms are divided into three categories: 2.2.1. Symmetric Authentication Algorithm * HMAC-256 (5) * HMAC-384 (6) * HMAC-512 (7) 2.2.2. Asymmetric Classical Authentication Algorithms * ES256 (-7) * EdDSA (-8) * ES384 (-35) * ES512 (-36) 2.2.3. Asymmetric Post-Quantum Authentication Algorithms * HSS-LMS (-46) [RFC8778] * XMSS (TBD) * Falcon-512 (TBD) * SPHINCS+ (TBD) * Crystals-Dilithium (TBD) Moran Expires 12 January 2023 [Page 3] Internet-Draft MTI SUIT Algorithms July 2022 2.3. Key Exchange Algorithms Key Exchange Algorithms are divided into two three groups: Symmetric, Classical Asymmetric, and Post-Quantum Asymmetric 2.3.1. Symmetric * A128 (-3) * A192 (-4) * A256 (-5) 2.3.2. Classical Asymmetric * HPKE (TBD) * ECDH-ES + HKDF-256 (-25) * ECDH-ES + HKDF-512 (-26) * ECDH-ES + A128KW (-29) * ECDH-ES + A192KW (-30) * ECDH-ES + A256KW (-31) 2.3.3. Post-Quantum Asymmetric * CRYSTALS-KYBER (TBD) 2.4. Encryption Algorithms * A128GCM (1) * A192GCM (2) * A256GCM (3) * ChaCha20/Poly1305 (24) * AES-MAC 128/128 (25) * AES-MAC 256/128 (26) * AES-CCM-16-128-128 (30) * AES-CCM-16-128-256 (31) Moran Expires 12 January 2023 [Page 4] Internet-Draft MTI SUIT Algorithms July 2022 * AES-CCM-64-128-128 (32) * AES-CCM-64-128-256 (33) 3. Profiles The following profiles are defined by this draft: * suit-sha256-es256-hpke-a128gcm - SHA-256 - ES256 - HPKE - AES-128-GCM * suit-sha256-hmac-a128-ccm - SHA-256 - HMAC-256 - A128W Key Wrap - AES-CCM-16-128-128 * suit-sha256-eddsa-ecdh-es-chacha-poly - SHA-256 - EdDSA - ECDH-ES + HKDF-256 - ChaCha20 + Poly1305 * suit-sha256-hsslms-hpke-a128gcm - SHA-256 - HSS-LMS - HPKE - AES-128-GCM Moran Expires 12 January 2023 [Page 5] Internet-Draft MTI SUIT Algorithms July 2022 * suit-sha256-falcon512-hpke-a128gcm - SHA-256 - HSS-LMS - HPKE - AES-128-GCM * suit-shake256-dilithium-kyber-a128gcm - SHAKE256 - Crystals-Dilithium - Crystal-Kyber - AES-128GCM 4. Security Considerations TODO 5. IANA Considerations TODO 6. References 6.1. Normative References [RFC8152] Schaad, J., "CBOR Object Signing and Encryption (COSE)", RFC 8152, DOI 10.17487/RFC8152, July 2017, . [RFC8778] Housley, R., "Use of the HSS/LMS Hash-Based Signature Algorithm with CBOR Object Signing and Encryption (COSE)", RFC 8778, DOI 10.17487/RFC8778, April 2020, . 6.2. Informative References [I-D.ietf-suit-manifest] Moran, B., Tschofenig, H., Birkholz, H., and K. Zandberg, "A Concise Binary Object Representation (CBOR)-based Serialization Format for the Software Updates for Internet of Things (SUIT) Manifest", Work in Progress, Internet- Moran Expires 12 January 2023 [Page 6] Internet-Draft MTI SUIT Algorithms July 2022 Draft, draft-ietf-suit-manifest-17, 28 April 2022, . Author's Address Brendan Moran Arm Limited Email: Brendan.Moran@arm.com Moran Expires 12 January 2023 [Page 7]