Internet DRAFT - draft-moran-suit-mti

draft-moran-suit-mti







SUIT                                                            B. Moran
Internet-Draft                                               Arm Limited
Intended status: Standards Track                         24 October 2022
Expires: 27 April 2023


Mandatory-to-Implement Algorithms for Creators and Consumers of Software
              Update for the Internet of Things manifests
                        draft-moran-suit-mti-02

Abstract

   This document specifies algorithm profiles for SUIT manifest parsers
   and authors to ensure better interoperability.  These profiles apply
   specifically to a constrained node software update use case.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at https://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 27 April 2023.

Copyright Notice

   Copyright (c) 2022 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (https://trustee.ietf.org/
   license-info) in effect on the date of publication of this document.
   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.





Moran                     Expires 27 April 2023                 [Page 1]

Internet-Draft             MTI SUIT Algorithms              October 2022


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Algorithms  . . . . . . . . . . . . . . . . . . . . . . . . .   3
     2.1.  Digest Algorithms . . . . . . . . . . . . . . . . . . . .   3
     2.2.  Authentication Algorithms . . . . . . . . . . . . . . . .   3
       2.2.1.  Symmetric Authentication Algorithm  . . . . . . . . .   3
       2.2.2.  Asymmetric Classical Authentication Algorithms  . . .   3
       2.2.3.  Asymmetric Post-Quantum Authentication Algorithms . .   3
     2.3.  Key Exchange Algorithms . . . . . . . . . . . . . . . . .   3
       2.3.1.  Symmetric . . . . . . . . . . . . . . . . . . . . . .   4
       2.3.2.  Classical Asymmetric  . . . . . . . . . . . . . . . .   4
     2.4.  Encryption Algorithms . . . . . . . . . . . . . . . . . .   4
   3.  Profiles  . . . . . . . . . . . . . . . . . . . . . . . . . .   4
     3.1.  Symmetric MTI profile: suit-sha256-hmac-a128-ccm  . . . .   4
     3.2.  Current Asymmetric MTI Profile 1:
           suit-sha256-es256-hpke-a128gcm  . . . . . . . . . . . . .   4
     3.3.  Current Asymmetric MTI Profile 2:
           suit-sha256-ed256-hpke-a128gcm  . . . . . . . . . . . . .   4
     3.4.  Future Asymmetric MTI Profile:
           suit-sha256-hsslms-hpke-a128gcm . . . . . . . . . . . . .   5
     3.5.  Other Profiles: . . . . . . . . . . . . . . . . . . . . .   5
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   6
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   6
   6.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   6
     6.1.  Normative References  . . . . . . . . . . . . . . . . . .   6
     6.2.  Informative References  . . . . . . . . . . . . . . . . .   6
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   6

1.  Introduction

   Mandatory algorithms may change over time due to an evolving threat
   landscape.  Algorithms are grouped into algorithm profiles to account
   for this.  Profiles may be deprecated over time.  SUIT will define
   four choices of MTI profile specifically for constrained node
   software update.  These profiles are:

   *  One Symmetric MTI profile

   *  Two "Current" Asymmetric MTI profiles

   *  One "Future" Asymmetric MTI profile

   At least one MTI algorithm in each category MUST be FIPS qualified.

   Because SUIT presents an asymmetric communication profile, with
   powerful/complex manifest authors and constrined manifest recipients,
   the requirements for Recipients and Authors are different.



Moran                     Expires 27 April 2023                 [Page 2]

Internet-Draft             MTI SUIT Algorithms              October 2022


   Recipients MAY choose which MTI profile they wish to implement.  It
   is RECOMMENDED thaty they implement the "Future" Asymmetric MTI
   profile.  Recipients MAY implement any number of other profiles.

   Authors MUST implement all MTI profiles.  Authors MAY implement any
   number of other profiles.

   Other use-cases of SUIT MAY define their own MTI algorithms.

2.  Algorithms

   The algorithms that form a part of the profiles defined in this
   document are grouped into:

   *  Digest Algorithms

   *  Authentication Algorithms

   *  Key Exchange Algorithms

   *  Encryption Algorithms

2.1.  Digest Algorithms

   *  SHA-256 (-16)

2.2.  Authentication Algorithms

   Authentication Algorithms are divided into three categories:

2.2.1.  Symmetric Authentication Algorithm

   *  HMAC-256 (5)

2.2.2.  Asymmetric Classical Authentication Algorithms

   *  ES256 (-7)

   *  EdDSA (-8)

2.2.3.  Asymmetric Post-Quantum Authentication Algorithms

   *  HSS-LMS (-46) [RFC8778]

2.3.  Key Exchange Algorithms

   Key Exchange Algorithms are divided into two three groups: Symmetric,
   Classical Asymmetric, and Post-Quantum Asymmetric



Moran                     Expires 27 April 2023                 [Page 3]

Internet-Draft             MTI SUIT Algorithms              October 2022


2.3.1.  Symmetric

   *  A128 (-3)

2.3.2.  Classical Asymmetric

   *  COSE HPKE (TBD)

   *  ECDH-ES + HKDF-256 (-25)

2.4.  Encryption Algorithms

   *  A128GCM (1)

3.  Profiles

   Recognized profiles are defined below.

3.1.  Symmetric MTI profile: suit-sha256-hmac-a128-ccm

   This profile requires the following algorithms:

   *  SHA-256

   *  HMAC-256

   *  A128W Key Wrap

   *  AES-CCM-16-128-128

3.2.  Current Asymmetric MTI Profile 1: suit-sha256-es256-hpke-a128gcm

   This profile requires the following algorithms:

   *  SHA-256

   *  ES256

   *  HPKE

   *  AES-128-GCM

3.3.  Current Asymmetric MTI Profile 2: suit-sha256-ed256-hpke-a128gcm

   This profile requires the following algorithms:

   *  SHA-256




Moran                     Expires 27 April 2023                 [Page 4]

Internet-Draft             MTI SUIT Algorithms              October 2022


   *  EDDSA

   *  HPKE

   *  AES-128-GCM

3.4.  Future Asymmetric MTI Profile: suit-sha256-hsslms-hpke-a128gcm

   This profile requires the following algorithms:

   *  SHA-256

   *  HSS-LMS

   *  HPKE

   *  AES-128-GCM

3.5.  Other Profiles:

   Optional classical and PQC profiles are defined below.

   *  suit-sha256-eddsa-ecdh-es-chacha-poly

      -  SHA-256

      -  EdDSA

      -  ECDH-ES + HKDF-256

      -  ChaCha20 + Poly1305

   *  suit-sha256-falcon512-hpke-a128gcm

      -  SHA-256

      -  HSS-LMS

      -  HPKE

      -  AES-128-GCM

   *  suit-shake256-dilithium-kyber-a128gcm

      -  SHAKE256

      -  Crystals-Dilithium




Moran                     Expires 27 April 2023                 [Page 5]

Internet-Draft             MTI SUIT Algorithms              October 2022


      -  Crystal-Kyber

      -  AES-128GCM

4.  Security Considerations

   TODO

5.  IANA Considerations

   TODO

6.  References

6.1.  Normative References

   [RFC8152]  Schaad, J., "CBOR Object Signing and Encryption (COSE)",
              RFC 8152, DOI 10.17487/RFC8152, July 2017,
              <https://www.rfc-editor.org/info/rfc8152>.

   [RFC8778]  Housley, R., "Use of the HSS/LMS Hash-Based Signature
              Algorithm with CBOR Object Signing and Encryption (COSE)",
              RFC 8778, DOI 10.17487/RFC8778, April 2020,
              <https://www.rfc-editor.org/info/rfc8778>.

6.2.  Informative References

   [I-D.ietf-suit-manifest]
              Moran, B., Tschofenig, H., Birkholz, H., Zandberg, K., and
              O. Rønningstad, "A Concise Binary Object Representation
              (CBOR)-based Serialization Format for the Software Updates
              for Internet of Things (SUIT) Manifest", Work in Progress,
              Internet-Draft, draft-ietf-suit-manifest-20, 7 October
              2022, <https://www.ietf.org/archive/id/draft-ietf-suit-
              manifest-20.txt>.

Author's Address

   Brendan Moran
   Arm Limited
   Email: brendan.moran.ietf@gmail.com










Moran                     Expires 27 April 2023                 [Page 6]