Mandatory-to-Implement Algorithms for Creators and Consumers of Software Update for the Internet of Things manifests
Arm Limited
brendan.moran.ietf@gmail.com
Security
SUIT
Internet-Draft
This document specifies algorithm profiles for SUIT manifest parsers and authors to ensure better interoperability.
Introduction
Mandatory algorithms may change over time due to an evolving threat landscape. Algorithms are grouped into algorithm profiles to account for this. Profiles may be deprecated over time. SUIT will define three choices of MTI profile:
One Symmetric MTI profile
One "Current" Asymmetric MTI profile
One "Future" Asymmetric MTI profile
Devices MAY choose which MTI profile they wish to implement. It is RECOMMENDED thaty they implement the "Future" Asymmetric MTI profile.
Devices MAY implement any number of other profiles.
MTI algorithms must be FIPS qualified.
Algorithms
The algorithms that form a part of the profiles defined in this document are grouped into:
Digest Algorithms
Authentication Algorithms
Key Exchange Algorithms
Encryption Algorithms
Digest Algorithms
SHA-256 (-16)
SHAKE128 (-18)
SHA-384 (-43)
SHA-512 (-44)
SHAKE256 (-45)
Authentication Algorithms
Authentication Algorithms are divided into three categories:
Symmetric Authentication Algorithm
HMAC-256 (5)
HMAC-384 (6)
HMAC-512 (7)
Asymmetric Classical Authentication Algorithms
ES256 (-7)
EdDSA (-8)
ES384 (-35)
ES512 (-36)
Asymmetric Post-Quantum Authentication Algorithms
HSS-LMS (-46)
XMSS (TBD)
Falcon-512 (TBD)
SPHINCS+ (TBD)
Crystals-Dilithium (TBD)
Key Exchange Algorithms
Key Exchange Algorithms are divided into two three groups: Symmetric, Classical Asymmetric, and Post-Quantum Asymmetric
Symmetric
A128 (-3)
A192 (-4)
A256 (-5)
Classical Asymmetric
HPKE (TBD)
ECDH-ES + HKDF-256 (-25)
ECDH-ES + HKDF-512 (-26)
ECDH-ES + A128KW (-29)
ECDH-ES + A192KW (-30)
ECDH-ES + A256KW (-31)
Post-Quantum Asymmetric
CRYSTALS-KYBER (TBD)
Encryption Algorithms
A128GCM (1)
A192GCM (2)
A256GCM (3)
ChaCha20/Poly1305 (24)
AES-MAC 128/128 (25)
AES-MAC 256/128 (26)
AES-CCM-16-128-128 (30)
AES-CCM-16-128-256 (31)
AES-CCM-64-128-128 (32)
AES-CCM-64-128-256 (33)
Profiles
Recognized profiles are defined below.
Symmetric MTI profile: suit-sha256-hmac-a128-ccm
This profile requires the following algorithms:
SHA-256
HMAC-256
A128W Key Wrap
AES-CCM-16-128-128
Current Asymmetric MTI Profile: suit-sha256-es256-hpke-a128gcm
This profile requires the following algorithms:
SHA-256
ES256
HPKE
AES-128-GCM
Future Asymmetric MTI Profile: suit-sha256-hsslms-hpke-a128gcm
This profile requires the following algorithms:
SHA-256
HSS-LMS
HPKE
AES-128-GCM
Other Profiles:
Optional classical and PQC profiles are defined below.
suit-sha256-eddsa-ecdh-es-chacha-poly
SHA-256
EdDSA
ECDH-ES + HKDF-256
ChaCha20 + Poly1305
suit-sha256-falcon512-hpke-a128gcm
SHA-256
HSS-LMS
HPKE
AES-128-GCM
suit-shake256-dilithium-kyber-a128gcm
SHAKE256
Crystals-Dilithium
Crystal-Kyber
AES-128GCM
Security Considerations
TODO
CBOR Object Signing and Encryption (COSE)
Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need for the ability to have basic security services defined for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.
Use of the HSS/LMS Hash-Based Signature Algorithm with CBOR Object Signing and Encryption (COSE)
This document specifies the conventions for using the Hierarchical Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based signature algorithm with the CBOR Object Signing and Encryption (COSE) syntax. The HSS/LMS algorithm is one form of hash-based digital signature; it is described in RFC 8554.
A Concise Binary Object Representation (CBOR)-based Serialization Format for the Software Updates for Internet of Things (SUIT) Manifest
Arm Limited
Arm Limited
Fraunhofer SIT
Inria
This specification describes the format of a manifest. A manifest is
a bundle of metadata about code/data obtained by a recipient (chiefly
the firmware for an IoT device), where to find the that code/data,
the devices to which it applies, and cryptographic information
protecting the manifest. Software updates and Trusted Invocation
both tend to use sequences of common operations, so the manifest
encodes those sequences of operations, rather than declaring the
metadata.