Mandatory-to-Implement Algorithms for Creators and Consumers of Software Update for the Internet of Things manifests Arm Limited
brendan.moran.ietf@gmail.com
Security SUIT Internet-Draft This document specifies algorithm profiles for SUIT manifest parsers and authors to ensure better interoperability.
Introduction Mandatory algorithms may change over time due to an evolving threat landscape. Algorithms are grouped into algorithm profiles to account for this. Profiles may be deprecated over time. SUIT will define three choices of MTI profile: One Symmetric MTI profile One "Current" Asymmetric MTI profile One "Future" Asymmetric MTI profile Devices MAY choose which MTI profile they wish to implement. It is RECOMMENDED thaty they implement the "Future" Asymmetric MTI profile. Devices MAY implement any number of other profiles. MTI algorithms must be FIPS qualified.
Algorithms The algorithms that form a part of the profiles defined in this document are grouped into: Digest Algorithms Authentication Algorithms Key Exchange Algorithms Encryption Algorithms
Digest Algorithms SHA-256 (-16) SHAKE128 (-18) SHA-384 (-43) SHA-512 (-44) SHAKE256 (-45)
Authentication Algorithms Authentication Algorithms are divided into three categories:
Symmetric Authentication Algorithm HMAC-256 (5) HMAC-384 (6) HMAC-512 (7)
Asymmetric Classical Authentication Algorithms ES256 (-7) EdDSA (-8) ES384 (-35) ES512 (-36)
Asymmetric Post-Quantum Authentication Algorithms HSS-LMS (-46) XMSS (TBD) Falcon-512 (TBD) SPHINCS+ (TBD) Crystals-Dilithium (TBD)
Key Exchange Algorithms Key Exchange Algorithms are divided into two three groups: Symmetric, Classical Asymmetric, and Post-Quantum Asymmetric
Symmetric A128 (-3) A192 (-4) A256 (-5)
Classical Asymmetric HPKE (TBD) ECDH-ES + HKDF-256 (-25) ECDH-ES + HKDF-512 (-26) ECDH-ES + A128KW (-29) ECDH-ES + A192KW (-30) ECDH-ES + A256KW (-31)
Post-Quantum Asymmetric CRYSTALS-KYBER (TBD)
Encryption Algorithms A128GCM (1) A192GCM (2) A256GCM (3) ChaCha20/Poly1305 (24) AES-MAC 128/128 (25) AES-MAC 256/128 (26) AES-CCM-16-128-128 (30) AES-CCM-16-128-256 (31) AES-CCM-64-128-128 (32) AES-CCM-64-128-256 (33)
Profiles Recognized profiles are defined below.
 Symmetric MTI profile: suit-sha256-hmac-a128-ccm This profile requires the following algorithms: SHA-256 HMAC-256 A128W Key Wrap AES-CCM-16-128-128
Current Asymmetric MTI Profile: suit-sha256-es256-hpke-a128gcm This profile requires the following algorithms: SHA-256 ES256 HPKE AES-128-GCM
Future Asymmetric MTI Profile: suit-sha256-hsslms-hpke-a128gcm This profile requires the following algorithms: SHA-256 HSS-LMS HPKE AES-128-GCM
Other Profiles: Optional classical and PQC profiles are defined below. suit-sha256-eddsa-ecdh-es-chacha-poly SHA-256 EdDSA ECDH-ES + HKDF-256 ChaCha20 + Poly1305 suit-sha256-falcon512-hpke-a128gcm SHA-256 HSS-LMS HPKE AES-128-GCM suit-shake256-dilithium-kyber-a128gcm SHAKE256 Crystals-Dilithium Crystal-Kyber AES-128GCM
Security Considerations TODO
IANA Considerations TODO
CBOR Object Signing and Encryption (COSE) Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need for the ability to have basic security services defined for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR. Use of the HSS/LMS Hash-Based Signature Algorithm with CBOR Object Signing and Encryption (COSE) This document specifies the conventions for using the Hierarchical Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based signature algorithm with the CBOR Object Signing and Encryption (COSE) syntax. The HSS/LMS algorithm is one form of hash-based digital signature; it is described in RFC 8554. A Concise Binary Object Representation (CBOR)-based Serialization Format for the Software Updates for Internet of Things (SUIT) Manifest Arm Limited Arm Limited Fraunhofer SIT Inria This specification describes the format of a manifest. A manifest is a bundle of metadata about code/data obtained by a recipient (chiefly the firmware for an IoT device), where to find the that code/data, the devices to which it applies, and cryptographic information protecting the manifest. Software updates and Trusted Invocation both tend to use sequences of common operations, so the manifest encodes those sequences of operations, rather than declaring the metadata.