Mandatory-to-Implement Algorithms for Creators and Consumers of Software Update for the Internet of Things manifests

Internet-Draft	MTI SUIT Algorithms	July 2022
Moran	Expires 28 January 2023	[Page]

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶

This Internet-Draft will expire on 28 January 2023.¶

Copyright Notice

This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶

1. Introduction

Mandatory algorithms may change over time due to an evolving threat landscape. Algorithms are grouped into algorithm profiles to account for this. Profiles may be deprecated over time. SUIT will define three choices of MTI profile:¶

One Symmetric MTI profile¶
One "Current" Asymmetric MTI profile¶
One "Future" Asymmetric MTI profile¶

Devices MAY choose which MTI profile they wish to implement. It is RECOMMENDED thaty they implement the "Future" Asymmetric MTI profile.¶

Devices MAY implement any number of other profiles.¶

MTI algorithms must be FIPS qualified.¶

2. Algorithms

The algorithms that form a part of the profiles defined in this document are grouped into:¶

Digest Algorithms¶
Authentication Algorithms¶
Key Exchange Algorithms¶
Encryption Algorithms¶

2.1. Digest Algorithms

SHA-256 (-16)¶
SHAKE128 (-18)¶
SHA-384 (-43)¶
SHA-512 (-44)¶
SHAKE256 (-45)¶

2.2. Authentication Algorithms

Authentication Algorithms are divided into three categories:¶

2.2.1. Symmetric Authentication Algorithm

HMAC-256 (5)¶
HMAC-384 (6)¶
HMAC-512 (7)¶

2.2.2. Asymmetric Classical Authentication Algorithms

ES256 (-7)¶
EdDSA (-8)¶
ES384 (-35)¶
ES512 (-36)¶

2.2.3. Asymmetric Post-Quantum Authentication Algorithms

HSS-LMS (-46) [RFC8778]¶
XMSS (TBD)¶
Falcon-512 (TBD)¶
SPHINCS+ (TBD)¶
Crystals-Dilithium (TBD)¶

2.3. Key Exchange Algorithms

Key Exchange Algorithms are divided into two three groups: Symmetric, Classical Asymmetric, and Post-Quantum Asymmetric¶

2.3.1. Symmetric

A128 (-3)¶
A192 (-4)¶
A256 (-5)¶

2.3.2. Classical Asymmetric

HPKE (TBD)¶
ECDH-ES + HKDF-256 (-25)¶
ECDH-ES + HKDF-512 (-26)¶
ECDH-ES + A128KW (-29)¶
ECDH-ES + A192KW (-30)¶
ECDH-ES + A256KW (-31)¶

2.3.3. Post-Quantum Asymmetric

CRYSTALS-KYBER (TBD)¶

2.4. Encryption Algorithms

A128GCM (1)¶
A192GCM (2)¶
A256GCM (3)¶
ChaCha20/Poly1305 (24)¶
AES-MAC 128/128 (25)¶
AES-MAC 256/128 (26)¶
AES-CCM-16-128-128 (30)¶
AES-CCM-16-128-256 (31)¶
AES-CCM-64-128-128 (32)¶
AES-CCM-64-128-256 (33)¶

3. Profiles

Recognized profiles are defined below.¶

3.1. Symmetric MTI profile: suit-sha256-hmac-a128-ccm

This profile requires the following algorithms:¶

SHA-256¶
HMAC-256¶
A128W Key Wrap¶
AES-CCM-16-128-128¶

3.2. Current Asymmetric MTI Profile: suit-sha256-es256-hpke-a128gcm

This profile requires the following algorithms:¶

SHA-256¶
ES256¶
HPKE¶
AES-128-GCM¶

3.3. Future Asymmetric MTI Profile: suit-sha256-hsslms-hpke-a128gcm

This profile requires the following algorithms:¶

SHA-256¶
HSS-LMS¶
HPKE¶
AES-128-GCM¶

3.4. Other Profiles:

Optional classical and PQC profiles are defined below.¶

suit-sha256-eddsa-ecdh-es-chacha-poly¶
- SHA-256¶
- EdDSA¶
- ECDH-ES + HKDF-256¶
- ChaCha20 + Poly1305¶
suit-sha256-falcon512-hpke-a128gcm¶
- SHA-256¶
- HSS-LMS¶
- HPKE¶
- AES-128-GCM¶
suit-shake256-dilithium-kyber-a128gcm¶
- SHAKE256¶
- Crystals-Dilithium¶
- Crystal-Kyber¶
- AES-128GCM¶

6. References

6.1. Normative References

[RFC8152]: Schaad, J., "CBOR Object Signing and Encryption (COSE)", RFC 8152, DOI 10.17487/RFC8152, July 2017, <https://www.rfc-editor.org/info/rfc8152>.
[RFC8778]: Housley, R., "Use of the HSS/LMS Hash-Based Signature Algorithm with CBOR Object Signing and Encryption (COSE)", RFC 8778, DOI 10.17487/RFC8778, April 2020, <https://www.rfc-editor.org/info/rfc8778>.

6.2. Informative References

[I-D.ietf-suit-manifest]: Moran, B., Tschofenig, H., Birkholz, H., and K. Zandberg, "A Concise Binary Object Representation (CBOR)-based Serialization Format for the Software Updates for Internet of Things (SUIT) Manifest", Work in Progress, Internet-Draft, draft-ietf-suit-manifest-18, 11 July 2022, <https://www.ietf.org/archive/id/draft-ietf-suit-manifest-18.txt>.

Mandatory-to-Implement Algorithms for Creators and Consumers of Software Update for the Internet of Things manifests

Abstract

Status of This Memo

Copyright Notice

Table of Contents

1. Introduction

2. Algorithms

2.1. Digest Algorithms

2.2. Authentication Algorithms

2.2.1. Symmetric Authentication Algorithm

2.2.2. Asymmetric Classical Authentication Algorithms

2.2.3. Asymmetric Post-Quantum Authentication Algorithms

2.3. Key Exchange Algorithms

2.3.1. Symmetric

2.3.2. Classical Asymmetric

2.3.3. Post-Quantum Asymmetric

2.4. Encryption Algorithms

3. Profiles

3.1. Symmetric MTI profile: suit-sha256-hmac-a128-ccm

3.2. Current Asymmetric MTI Profile: suit-sha256-es256-hpke-a128gcm

3.3. Future Asymmetric MTI Profile: suit-sha256-hsslms-hpke-a128gcm

3.4. Other Profiles:

4. Security Considerations

5. IANA Considerations

6. References

6.1. Normative References

6.2. Informative References

Author's Address