-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdraft-ietf-suit-mti.xml
723 lines (586 loc) · 27.7 KB
/
draft-ietf-suit-mti.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?>
<!-- generated by https://github.com/cabo/kramdown-rfc version 1.6.26 (Ruby 3.0.2) -->
<!DOCTYPE rfc [
<!ENTITY nbsp " ">
<!ENTITY zwsp "​">
<!ENTITY nbhy "‑">
<!ENTITY wj "⁠">
]>
<?rfc rfcedstyle="yes"?>
<?rfc tocindent="yes"?>
<?rfc strict="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc text-list-symbols="-o*+"?>
<?rfc docmapping="yes"?>
<?rfc toc_levels="4"?>
<rfc ipr="trust200902" docName="draft-ietf-suit-mti-08" category="std" tocInclude="true" sortRefs="true" symRefs="true">
<front>
<title abbrev="MTI SUIT Algorithms">Mandatory-to-Implement Algorithms for Authors and Recipients of Software Update for the Internet of Things manifests</title>
<author initials="B." surname="Moran" fullname="Brendan Moran">
<organization>Arm Limited</organization>
<address>
<email>[email protected]</email>
</address>
</author>
<author initials="Ø." surname="Rønningstad" fullname="Øyvind Rønningstad">
<organization>Nordic Semiconductor</organization>
<address>
<email>[email protected]</email>
</address>
</author>
<author initials="A." surname="Tsukamoto" fullname="Akira Tsukamoto">
<organization></organization>
<address>
<email>[email protected]</email>
</address>
</author>
<date year="2024" month="November" day="28"/>
<area>Security</area>
<workgroup>SUIT</workgroup>
<keyword>Internet-Draft</keyword>
<abstract>
<t>This document specifies algorithm profiles for SUIT manifest parsers and authors to ensure better interoperability. These profiles apply specifically to a constrained node software update use case.</t>
</abstract>
</front>
<middle>
<section anchor="introduction"><name>Introduction</name>
<t>Mandatory algorithms may change over time due to an evolving threat landscape. Algorithms are grouped into algorithm profiles to account for this. Profiles may be deprecated over time. SUIT will define five choices of MTI profile specifically for constrained node software update. These profiles are:</t>
<t><list style="symbols">
<t>One Symmetric MTI profile</t>
<t>Two "Current" Constrained Asymmetric MTI profiles</t>
<t>Two "Current" AEAD Asymmetric MTI profiles</t>
<t>One "Future" Constrained Asymmetric MTI profile</t>
</list></t>
<t>At least one MTI algorithm in each category MUST be FIPS qualified.</t>
<t>Because SUIT presents an asymmetric communication profile, with powerful/complex manifest authors and constrained manifest recipients, the requirements for Recipients and Authors are different.</t>
<t>Recipients MAY choose which MTI profile they wish to implement. It is RECOMMENDED that they implement the "Future" Asymmetric MTI profile. Recipients MAY implement any number of other profiles. Recipients MAY choose not to implement an encryption algorithm if encrypted payloads will never be used.</t>
<t>Authors MUST implement all MTI profiles. Authors MAY implement any number of other profiles.</t>
<t>AEAD is preferred over un-authenticated encryption. Where possible an AEAD profile SHOULD be selected. Certain constrained IoT applications require streaming decryption, which necessitates a non-AEAD ecryption algorithm. If the application is not a constrained device, the two AEAD profiles are RECOMMENDED.</t>
<t>Other use-cases of SUIT MAY define their own MTI algorithms.</t>
</section>
<section anchor="algorithms"><name>Algorithms</name>
<t>The algorithms that form a part of the profiles defined in this document are grouped into:</t>
<t><list style="symbols">
<t>Digest Algorithms</t>
<t>Authentication Algorithms</t>
<t>Key Exchange Algorithms (OPTIONAL)</t>
<t>Encryption Algorithms (OPTIONAL)</t>
</list></t>
</section>
<section anchor="profiles"><name>Profiles</name>
<t>Recognized profiles are defined below.</t>
<section anchor="suit-sha256-hmac-a128kw-a128ctr"><name> Symmetric MTI profile: suit-sha256-hmac-a128kw-a128ctr</name>
<texttable>
<ttcol align='left'>Algorithm Type</ttcol>
<ttcol align='left'>Algorithm</ttcol>
<ttcol align='left'>COSE Key</ttcol>
<c>Digest</c>
<c>SHA-256</c>
<c>-16</c>
<c>Authentication</c>
<c>HMAC-256</c>
<c>5</c>
<c>Key Exchange</c>
<c>A128KW Key Wrap</c>
<c>-3</c>
<c>Encryption</c>
<c>A128CTR</c>
<c>-65534</c>
</texttable>
</section>
<section anchor="suit-sha256-es256-ecdh-a128ctr"><name>Current Constrained Asymmetric MTI Profile 1: suit-sha256-es256-ecdh-a128ctr</name>
<texttable>
<ttcol align='left'>Algorithm Type</ttcol>
<ttcol align='left'>Algorithm</ttcol>
<ttcol align='left'>COSE Key</ttcol>
<c>Digest</c>
<c>SHA-256</c>
<c>-16</c>
<c>Authentication</c>
<c>ES256</c>
<c>-7</c>
<c>Key Exchange</c>
<c>ECDH-ES + A128KW</c>
<c>-29</c>
<c>Encryption</c>
<c>A128CTR</c>
<c>-65534</c>
</texttable>
</section>
<section anchor="suit-sha256-eddsa-ecdh-a128ctr"><name>Current Constrained Asymmetric MTI Profile 2: suit-sha256-eddsa-ecdh-a128ctr</name>
<texttable>
<ttcol align='left'>Algorithm Type</ttcol>
<ttcol align='left'>Algorithm</ttcol>
<ttcol align='left'>COSE Key</ttcol>
<c>Digest</c>
<c>SHA-256</c>
<c>-16</c>
<c>Authentication</c>
<c>EDDSA</c>
<c>-8</c>
<c>Key Exchange</c>
<c>ECDH-ES + A128KW</c>
<c>-29</c>
<c>Encryption</c>
<c>A128CTR</c>
<c>-65534</c>
</texttable>
</section>
<section anchor="suit-sha256-es256-ecdh-a128gcm"><name>Current AEAD Asymmetric MTI Profile 1: suit-sha256-es256-ecdh-a128gcm</name>
<texttable>
<ttcol align='left'>Algorithm Type</ttcol>
<ttcol align='left'>Algorithm</ttcol>
<ttcol align='left'>COSE Key</ttcol>
<c>Digest</c>
<c>SHA-256</c>
<c>-16</c>
<c>Authentication</c>
<c>ES256</c>
<c>-7</c>
<c>Key Exchange</c>
<c>ECDH-ES + A128KW</c>
<c>-29</c>
<c>Encryption</c>
<c>A128GCM</c>
<c>1</c>
</texttable>
</section>
<section anchor="suit-sha256-eddsa-ecdh-chacha-poly"><name>Current AEAD Asymmetric MTI Profile 2: suit-sha256-eddsa-ecdh-chacha-poly</name>
<texttable>
<ttcol align='left'>Algorithm Type</ttcol>
<ttcol align='left'>Algorithm</ttcol>
<ttcol align='left'>COSE Key</ttcol>
<c>Digest</c>
<c>SHA-256</c>
<c>-16</c>
<c>Authentication</c>
<c>EDDSA</c>
<c>-8</c>
<c>Key Exchange</c>
<c>ECDH-ES + A128KW</c>
<c>-29</c>
<c>Encryption</c>
<c>ChaCha20/Poly1305</c>
<c>24</c>
</texttable>
</section>
<section anchor="suit-sha256-hsslms-a256kw-a256ctr"><name>Future Constrained Asymmetric MTI Profile 1: suit-sha256-hsslms-a256kw-a256ctr</name>
<texttable>
<ttcol align='left'>Algorithm Type</ttcol>
<ttcol align='left'>Algorithm</ttcol>
<ttcol align='left'>COSE Key</ttcol>
<c>Digest</c>
<c>SHA-256</c>
<c>-16</c>
<c>Authentication</c>
<c>HSS-LMS</c>
<c>-46</c>
<c>Key Exchange</c>
<c>A256KW</c>
<c>-5</c>
<c>Encryption</c>
<c>A256CTR</c>
<c>-65532</c>
</texttable>
<t>This draft does not specify a particular set of HSS-LMS parameters. Deep trees are RECOMMENDED due to key lifetimes in IoT devices.</t>
</section>
</section>
<section anchor="reporting-profiles"><name>Reporting Profiles</name>
<t>When using reverse-direction communication, particularly data structures that are designed for reporting of update capabilities, status, progress, or success, the same profile as the is used on the SUIT manifest SHOULD be used. There are cases where this is not possible, such as suit-sha256-hsslms-a256kw-a256ctr. In this case, the closest equivalent profile SHOULD be used, for example suit-sha256-es256-ecdh-a128ctr.</t>
</section>
<section anchor="security-considerations"><name>Security Considerations</name>
<t>For the avoidance of doubt, there are scenarios where payload or manifest encryption are not required. In these scenarios, the encryption element of the selected profile is simply not used.</t>
<t>AES-CTR mode is specified, see <xref target="RFC9459"/>. All of the AES-CTR security considerations in <xref target="RFC9459"/> apply. A non-AEAD encryption mode is specified in this draft due to the following mitigating circumstances:</t>
<t><list style="symbols">
<t>Streaming decryption must be supported. Therefore, there is no difference between AEAD and plaintext hash verification.</t>
<t>Out-of-order decryption must be supported. Therefore, we must use a stream cipher that supports random access.</t>
<t>There are no chosen plaintext attacks: the plaintext is authenticated prior to encryption.</t>
<t>Content Encryption Keys must be used to encrypt only once. See <xref target="I-D.ietf-suit-firmware-encryption"/>.</t>
</list></t>
<t>As a result of these mitigating circumstances, AES-CTR is the most appropriate cipher for typical software/firmware delivery scenarios.</t>
</section>
<section anchor="iana-considerations"><name>IANA Considerations</name>
<t>IANA is requested to create a page for COSE Algorithm Profiles within
the category for Software Update for the Internet of Things (SUIT)</t>
<t>IANA is also requested to create a registry for COSE Alforithm Profiles
within this page. The initial content of the registry is:</t>
<texttable>
<ttcol align='left'>Profile</ttcol>
<ttcol align='left'>Status</ttcol>
<ttcol align='left'>Digest</ttcol>
<ttcol align='left'>Auth</ttcol>
<ttcol align='left'>Key Exchange</ttcol>
<ttcol align='left'>Encryption</ttcol>
<ttcol align='left'>Descriptor Array</ttcol>
<ttcol align='left'>Reference</ttcol>
<c>suit-sha256-hmac-a128kw-a128ctr</c>
<c>MANDATORY</c>
<c>-16</c>
<c>5</c>
<c>-3</c>
<c>-65534</c>
<c>[-16, 5, -3, -65534]</c>
<c><xref target="suit-sha256-hmac-a128kw-a128ctr"/></c>
<c>suit-sha256-es256-ecdh-a128ctr</c>
<c>MANDATORY</c>
<c>-16</c>
<c>-7</c>
<c>-29</c>
<c>-65534</c>
<c>[-16, -7, -29, -65534]</c>
<c><xref target="suit-sha256-es256-ecdh-a128ctr"/></c>
<c>suit-sha256-eddsa-ecdh-a128ctr</c>
<c>MANDATORY</c>
<c>-16</c>
<c>-8</c>
<c>-29</c>
<c>-65534</c>
<c>[-16, -8, -29, -65534]</c>
<c><xref target="suit-sha256-eddsa-ecdh-a128ctr"/></c>
<c>suit-sha256-es256-ecdh-a128gcm</c>
<c>MANDATORY</c>
<c>-16</c>
<c>-7</c>
<c>-29</c>
<c>1</c>
<c>[-16, -7, -29, 1]</c>
<c><xref target="suit-sha256-es256-ecdh-a128gcm"/></c>
<c>suit-sha256-eddsa-ecdh-chacha-poly</c>
<c>MANDATORY</c>
<c>-16</c>
<c>-8</c>
<c>-29</c>
<c>24</c>
<c>[-16, -8, -29, 24]</c>
<c><xref target="suit-sha256-eddsa-ecdh-chacha-poly"/></c>
<c>suit-sha256-hsslms-a256kw-a256ctr</c>
<c>MANDATORY</c>
<c>-16</c>
<c>-46</c>
<c>-5</c>
<c>-65532</c>
<c>[-16, -46, -5, -65532]</c>
<c><xref target="suit-sha256-hsslms-a256kw-a256ctr"/></c>
</texttable>
<t>New entries to this registry require standards action.</t>
</section>
</middle>
<back>
<references title='Normative References'>
<reference anchor='RFC8152'>
<front>
<title>CBOR Object Signing and Encryption (COSE)</title>
<author fullname='J. Schaad' initials='J.' surname='Schaad'/>
<date month='July' year='2017'/>
<abstract>
<t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need for the ability to have basic security services defined for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.</t>
</abstract>
</front>
<seriesInfo name='RFC' value='8152'/>
<seriesInfo name='DOI' value='10.17487/RFC8152'/>
</reference>
<reference anchor='RFC8778'>
<front>
<title>Use of the HSS/LMS Hash-Based Signature Algorithm with CBOR Object Signing and Encryption (COSE)</title>
<author fullname='R. Housley' initials='R.' surname='Housley'/>
<date month='April' year='2020'/>
<abstract>
<t>This document specifies the conventions for using the Hierarchical Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based signature algorithm with the CBOR Object Signing and Encryption (COSE) syntax. The HSS/LMS algorithm is one form of hash-based digital signature; it is described in RFC 8554.</t>
</abstract>
</front>
<seriesInfo name='RFC' value='8778'/>
<seriesInfo name='DOI' value='10.17487/RFC8778'/>
</reference>
<reference anchor='RFC9052'>
<front>
<title>CBOR Object Signing and Encryption (COSE): Structures and Process</title>
<author fullname='J. Schaad' initials='J.' surname='Schaad'/>
<date month='August' year='2022'/>
<abstract>
<t>Concise Binary Object Representation (CBOR) is a data format designed for small code size and small message size. There is a need to be able to define basic security services for this data format. This document defines the CBOR Object Signing and Encryption (COSE) protocol. This specification describes how to create and process signatures, message authentication codes, and encryption using CBOR for serialization. This specification additionally describes how to represent cryptographic keys using CBOR.</t>
<t>This document, along with RFC 9053, obsoletes RFC 8152.</t>
</abstract>
</front>
<seriesInfo name='STD' value='96'/>
<seriesInfo name='RFC' value='9052'/>
<seriesInfo name='DOI' value='10.17487/RFC9052'/>
</reference>
<reference anchor='RFC9459'>
<front>
<title>CBOR Object Signing and Encryption (COSE): AES-CTR and AES-CBC</title>
<author fullname='R. Housley' initials='R.' surname='Housley'/>
<author fullname='H. Tschofenig' initials='H.' surname='Tschofenig'/>
<date month='September' year='2023'/>
<abstract>
<t>The Concise Binary Object Representation (CBOR) data format is designed for small code size and small message size. CBOR Object Signing and Encryption (COSE) is specified in RFC 9052 to provide basic security services using the CBOR data format. This document specifies the conventions for using AES-CTR and AES-CBC as content encryption algorithms with COSE.</t>
</abstract>
</front>
<seriesInfo name='RFC' value='9459'/>
<seriesInfo name='DOI' value='10.17487/RFC9459'/>
</reference>
<reference anchor='I-D.ietf-suit-manifest'>
<front>
<title>A Concise Binary Object Representation (CBOR)-based Serialization Format for the Software Updates for Internet of Things (SUIT) Manifest</title>
<author fullname='Brendan Moran' initials='B.' surname='Moran'>
<organization>Arm Limited</organization>
</author>
<author fullname='Hannes Tschofenig' initials='H.' surname='Tschofenig'>
</author>
<author fullname='Henk Birkholz' initials='H.' surname='Birkholz'>
<organization>Fraunhofer SIT</organization>
</author>
<author fullname='Koen Zandberg' initials='K.' surname='Zandberg'>
<organization>Inria</organization>
</author>
<author fullname='Øyvind Rønningstad' initials='O.' surname='Rønningstad'>
<organization>Nordic Semiconductor</organization>
</author>
<date day='7' month='November' year='2024'/>
<abstract>
<t> This specification describes the format of a manifest. A manifest is
a bundle of metadata about code/data obtained by a recipient (chiefly
the firmware for an IoT device), where to find the code/data, the
devices to which it applies, and cryptographic information protecting
the manifest. Software updates and Trusted Invocation both tend to
use sequences of common operations, so the manifest encodes those
sequences of operations, rather than declaring the metadata.
</t>
</abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-suit-manifest-29'/>
</reference>
</references>
<references title='Informative References'>
<reference anchor='I-D.ietf-suit-firmware-encryption'>
<front>
<title>Encrypted Payloads in SUIT Manifests</title>
<author fullname='Hannes Tschofenig' initials='H.' surname='Tschofenig'>
<organization>University of Applied Sciences Bonn-Rhein-Sieg</organization>
</author>
<author fullname='Russ Housley' initials='R.' surname='Housley'>
<organization>Vigil Security, LLC</organization>
</author>
<author fullname='Brendan Moran' initials='B.' surname='Moran'>
<organization>Arm Limited</organization>
</author>
<author fullname='David Brown' initials='D.' surname='Brown'>
<organization>Linaro</organization>
</author>
<author fullname='Ken Takayama' initials='K.' surname='Takayama'>
<organization>SECOM CO., LTD.</organization>
</author>
<date day='21' month='October' year='2024'/>
<abstract>
<t> This document specifies techniques for encrypting software, firmware,
machine learning models, and personalization data by utilizing the
IETF SUIT manifest. Key agreement is provided by ephemeral-static
(ES) Diffie-Hellman (DH) and AES Key Wrap (AES-KW). ES-DH uses
public key cryptography while AES-KW uses a pre-shared key.
Encryption of the plaintext is accomplished with conventional
symmetric key cryptography.
</t>
</abstract>
</front>
<seriesInfo name='Internet-Draft' value='draft-ietf-suit-firmware-encryption-21'/>
</reference>
<reference anchor="IANA-COSE" target="https://www.iana.org/assignments/cose/cose.xhtml">
<front>
<title>CBOR Object Signing and Encryption (COSE)</title>
<author >
<organization></organization>
</author>
<date year="2022"/>
</front>
</reference>
</references>
<section anchor="full-cddl"><name>A. Full CDDL</name>
<t>The following CDDL creates a subset of COSE for use with SUIT. Both tagged and untagged messages are defined. SUIT only uses tagged COSE messages, but untagged messages are also defined for use in protocols that share a ciphersuite with SUIT.</t>
<t>To be valid, the following CDDL MUST have the COSE CDDL appended to it. The COSE CDDL can be obtained by following the directions in <xref section="1.4" sectionFormat="comma" target="RFC9052"/>.</t>
<figure><sourcecode type="CDDL"><![CDATA[
SUIT_COSE_tool_tweak /= suit-sha256-hmac-a128kw-a128ctr
SUIT_COSE_tool_tweak /= suit-sha256-es256-ecdh-a128ctr
SUIT_COSE_tool_tweak /= suit-sha256-eddsa-ecdh-a128ctr
SUIT_COSE_tool_tweak /= suit-sha256-es256-ecdh-a128gcm
SUIT_COSE_tool_tweak /= suit-sha256-eddsa-ecdh-chacha-poly
SUIT_COSE_tool_tweak /= suit-sha256-hsslms-a256kw-a256ctr
SUIT_COSE_tool_tweak /= SUIT_COSE_Profiles
SUIT_COSE_Profiles /= SUIT_COSE_Profile_HMAC_A128KW_A128CTR
SUIT_COSE_Profiles /= SUIT_COSE_Profile_ES256_ECDH_A128CTR
SUIT_COSE_Profiles /= SUIT_COSE_Profile_EDDSA_ECDH_A128CTR
SUIT_COSE_Profiles /= SUIT_COSE_Profile_ES256_ECDH_A128GCM
SUIT_COSE_Profiles /= SUIT_COSE_Profile_EDDSA_ECDH_CHACHA20_POLY1304
SUIT_COSE_Profiles /= SUIT_COSE_Profile_HSSLMS_A256KW_A256CTR
suit-sha256-hmac-a128kw-a128ctr = [-16, 5, -3, -65534]
suit-sha256-es256-ecdh-a128ctr = [-16, -7, -29, -65534]
suit-sha256-eddsa-ecdh-a128ctr = [-16, -8, -29, -65534]
suit-sha256-es256-ecdh-a128gcm = [-16, -7, -29, 1]
suit-sha256-eddsa-ecdh-chacha-poly = [-16, -8, -29, 24]
suit-sha256-hsslms-a256kw-a256ctr = [-16, -46, -5, -65532]
SUIT_COSE_Profile_HMAC_A128KW_A128CTR = SUIT_COSE_Profile<5, -65534> .and COSE_Messages
SUIT_COSE_Profile_ES256_ECDH_A128CTR = SUIT_COSE_Profile<-7,-65534> .and COSE_Messages
SUIT_COSE_Profile_EDDSA_ECDH_A128CTR = SUIT_COSE_Profile<-8,-65534> .and COSE_Messages
SUIT_COSE_Profile_ES256_ECDH_A128GCM = SUIT_COSE_Profile<-7,1> .and COSE_Messages
SUIT_COSE_Profile_EDDSA_ECDH_CHACHA20_POLY1304 = SUIT_COSE_Profile<-8,24> .and COSE_Messages
SUIT_COSE_Profile_HSSLMS_A256KW_A256CTR = SUIT_COSE_Profile<-46,-65532> .and COSE_Messages
SUIT_COSE_Profile<authid, encid> = SUIT_COSE_Messages<authid,encid>
SUIT_COSE_Messages<authid, encid> = SUIT_COSE_Untagged_Message<authid, encid> /
SUIT_COSE_Tagged_Message<authid, encid>
SUIT_COSE_Untagged_Message<authid, encid> = SUIT_COSE_Sign<authid> /
SUIT_COSE_Sign1<authid> / SUIT_COSE_Encrypt<encid> /
SUIT_COSE_Encrypt0<encid> / SUIT_COSE_Mac<authid> /
SUIT_COSE_Mac0<authid>
SUIT_COSE_Tagged_Message<authid, encid> = SUIT_COSE_Sign_Tagged<authid> /
SUIT_COSE_Sign1_Tagged<authid> / SUIT_COSE_Encrypt_Tagged<encid> /
SUIT_COSE_Encrypt0_Tagged<encid> / SUIT_COSE_Mac_Tagged<authid> /
SUIT_COSE_Mac0_Tagged<authid>
; Note: This is not the same definition as is used in COSE.
; It restricts a COSE header definition further without
; repeating the COSE definition. It should be merged
; with COSE by using the CDDL .and operator.
SUIT_COSE_Profile_Headers<algid> = (
protected : bstr .cbor SUIT_COSE_alg_map<algid>,
unprotected : SUIT_COSE_header_map
)
SUIT_COSE_alg_map<algid> = {
1 => algid,
* int => any
}
SUIT_COSE_header_map = {
* int => any
}
SUIT_COSE_Sign_Tagged<authid> = #6.98(SUIT_COSE_Sign<authid>)
SUIT_COSE_Sign<authid> = [
SUIT_COSE_Profile_Headers<authid>,
payload : bstr / nil,
signatures : [+ SUIT_COSE_Signature<authid>]
]
SUIT_COSE_Signature<authid> = [
SUIT_COSE_Profile_Headers<authid>,
signature : bstr
]
SUIT_COSE_Sign1_Tagged<authid> = #6.18(SUIT_COSE_Sign1<authid>)
SUIT_COSE_Sign1<authid> = [
SUIT_COSE_Profile_Headers<authid>,
payload : bstr / nil,
signature : bstr
]
SUIT_COSE_Encrypt_Tagged<encid> = #6.96(SUIT_COSE_Encrypt<encid>)
SUIT_COSE_Encrypt<encid> = [
SUIT_COSE_Profile_Headers<encid>,
ciphertext : bstr / nil,
recipients : [+SUIT_COSE_recipient<encid>]
]
SUIT_COSE_recipient<encid> = [
SUIT_COSE_Profile_Headers<encid>,
ciphertext : bstr / nil,
? recipients : [+SUIT_COSE_recipient<encid>]
]
SUIT_COSE_Encrypt0_Tagged<encid> = #6.16(SUIT_COSE_Encrypt0<encid>)
SUIT_COSE_Encrypt0<encid> = [
SUIT_COSE_Profile_Headers<encid>,
ciphertext : bstr / nil,
]
SUIT_COSE_Mac_Tagged<authid> = #6.97(SUIT_COSE_Mac<authid>)
SUIT_COSE_Mac<authid> = [
SUIT_COSE_Profile_Headers<authid>,
payload : bstr / nil,
tag : bstr,
recipients :[+SUIT_COSE_recipient<authid>]
]
SUIT_COSE_Mac0_Tagged<authid> = #6.17(SUIT_COSE_Mac0<authid>)
SUIT_COSE_Mac0<authid> = [
SUIT_COSE_Profile_Headers<authid>,
payload : bstr / nil,
tag : bstr,
]
]]></sourcecode></figure>
</section>
</back>
<!-- ##markdown-source:
H4sIAAAAAAAAA9Va3XLbNha+51NgkpskNWVJsRNH23Sr2E7jaRxnLGc6nTbj
gUhIQk0RLAlaUeP0OXq5j7HX2xfb7wDgj0TKP5mmM/UktkScc3Dw4fxLvu97
WupIDNgxj0OuVbr0tfKP5kkk5iLWbBhNVSr1bJ6xiUrZMNczlWYMxOxUBDKR
IMqYmrCRmugFTwV7l0COMNR6JthRrEUaC000ZzMZTzM257GciExnHh+PU3GJ
zc+O2Ojd0VltOy9UQczn0CxM+UT7UuiJn+VS+3Mt/e6eF2AXEC8HLNOh52Fr
PmAjEeTgX3oLlV5MU5UnAyPYuxBLPAoHpT7+AYn1PJmkA6bTPNP9bvdZt+95
gYozEWd5NmCx8rxM47DnPFIxdFmKzEvkwGMsnQQizPQyck8Z0yqovZRxCGiK
B5lKdSomWfl+OV95q1MZlMSBmhP25aqMIxlX24gP2o9kpn0IGasIZL569BVW
gNicJwkwrulxHolLQUQ7wMjcHrT3sUY/MsbCiw47VimP3TML+otUwB7ilRWV
TnFzv3EtVTxgw3TOXsu51CJ062LOZTRgY8vamRNrh+7t2ymtdHCuta3//KPD
Tv/8bxyTXWgerqjw5x/LS0l21iRY1eQNLlYGuPu5xN2FeQAzXlVJGUmdVJWC
Nqo07LCzLL/gc6XVijrDC5nyxtqKJqubcmLo6ILhWx7xD/hv9vRilc7BdCmI
6fTl/l5vt1+8fPp0z7181sVT2EMm3Pud3Wd4r9NgHODJkX/QqfmFc6sBjDqe
1OWv0k1kOidP9UUcpMuk0Pxo+Gbo75+MDu0xXFi4t//i5JSdjH8RgWYjOSX8
jPcflszsAXE9vGfYShPDD8WBAet3+30rkadTASOfaZ1kg+3txWLRkTzmHWC4
zbMMwo3Zb9N5za/Oh5meR57n+z7jYzgJD+CxiCIZ2XpuAlSWIAxNpEBMKmIH
S1I1kZGwIcvElQIblvA0Ey6AcRfMtGLk74hdY6ERHWAI+K0SkfKxjBBNYBIz
kYlKLrwsWhZbBzzCGwjhjEIHtIS3hogdoYDfu6iY26iYQ0rAcTJ7qLkMw0h4
3n1GcSlVZLtA1PPKaFydiuLmkgUzHk8FU5dQU8u5YGEuzN4xE5cquqTr0TPE
Qs0iyMgCnohOPYqTMiYwQkWcU7XBRk+DQOWA14ZxmXXY22KV1BhjY5GkgoJw
WGnTsWgvZBRhfQIc2AQ2CK2VDITJExTq3UarANJON+HXvIgUBu49YifYabRE
2KRAWt8Da2cLBTPOU4QlfY/t17YYZm0sWYNneDg8uIaYNr/3MtewoNvI97wh
LkdwWCNyilmp7kDiHnkwY0V2Y8fvRmcE98ujtyP2a84jMvYQ9vMC4JM5GcRx
FZnJxLADXu1KmSSPAbDxU7f/Fu5Hz1iiFiKd5BE8jbL9h8pHeC3J12+kJEjL
zL9lcnwqfs1lagoG63O10oCElFUDLjKUk4kgWHGEGtnx8EeyEjg9W8wkAKjb
CfZYQulsRpYpi9qkw440Qyg4Pdw/OT4+fHNweABKGL4hL8mMhuX1tF9Jh62p
UnHzeMnifD6GhcN6FYSl5d032NwJYqVXNDXeWcXL2m1PiueAN+HLSPEws+4T
C3KqsQkZdN0FhsYeapJBWjfHTgn2HY4B6WThwBJ2hNtJC5/OY5+MAQKk9fTq
FB32A2TAFRUi9xiXhDMaKcWljV6dvHt9QCfIRITsgVOwfZFq2NKKVR2pMxNP
nZVmhTVRUST4nAJaKIpdt5x1xALhJJMaSsGsAHjsm81FE2SYycTYQG0TOipd
0mrEDsUlopQ1aY0AUD+ONd6aqQG0E4Mi7senkG6rYHJGQt5FP1BIIL6IV92c
IL9fL3aR1EQ91Bs7phwOFZGyTPVMapXaWPkUwk14rvLhenw34fFATslvaxs+
MnbiLpYQWVn7Hg50+MHlmlryeHDy9uzo5M3w9UMQ1SqAdhIcsUgaxtcVqoff
yNDrkBYHGYtILQiW+//7T2skR51P1Us24/3dJ/5szgOf9/p7FwvzBzUR+3j/
BopPnndV6crOlolg9QdXjCoZc/or7+p57QdvCxCvYNlDHzvgld97QpTrWF6x
V8fDfUezayhWEAUDFPr+B/P0h5QnJOqxoauBaqn2z05p9cnu7uMdUAAf5vLS
danG4c56q6iJzPwOwtkG0JoEfx9mhyNH8LQNscP9g1f+4Yh9VWAHwv6zL4FZ
fw2zMMz4tZg1CP5GzA4ORkMi2PuCmLWVP7czsGkwv97AQPBPNLDv9o/xqncH
nDYbFRTAPz9RqIE3GlaN6J9mXPszjn/97vZbKN973EU8ZH1jYoSdrcs+I5TN
siyaZz69pgCPPy0poI3mb0wCo5H/+nhEJDtPWrMABFjgdlvsDIs1p+wTYrb1
pcEVEr6wNYxtopauUJBBHvEUJZcpGQoNsMIBKRrfDjsQImEorZolTdFLXkBL
tBmCOrqMKgwq0WxxZAuXU5EobIXKrMrvqAZj1EL0MKXSFVVRiCrO9LOrfchW
TVHYPPo6TrUeWl9Ygit9bGVAIwEYBHUUabkljuWaafS2tkFH978FEVzn+Ity
YQo5eAW2LA8C85qKpwwYlOUpz8wz4EkFNjox83Z1WFCVsKYIp+YTepFutuBb
mPem/nIFZVENb9HOM9rkRntEfepqOBJqNQ0itBFQgCrhSx5RcGmW1aTTlgFH
fOBU6N+Q6s3VFQNS43EyFKktuj3vpZvX8kslQx4HgoAOVT7WRiV37iwQMU+l
Ks7uehaCukSt3umkthlyJX3ozkotfCnJnrjGJFzL4kreonsoEQBSGTU2SyO6
aI8ORz55y5ymBkThxkJAKBOCffzo26nZp080DYkK4QVbVsASrMBCxl9jtXMf
CKg1HJXeja2r4tx6rPUu2naiIlS7ZM1zWO+UG8MOZIoansbNMFlTto9aOiA2
z4ExdVV5Qi5R2iUMQRRXZayxbLUDM9haCOE6NGrJk4jTlOuDZjOOvhoOawYx
prOjkUaufTXxVQoobr/5QlgCGktw17/hWAm1ScatHRt6POig5jRlgnfShpVr
QXG00RmUrXTkWvPgIhvYHqh8jGOutqcJDCq187yyT4Vw2Lomi6rFV0TirDyN
iQAVF4IBjEsBtw78hYznxgEqzAo2SK0oQk8eFcYLHDZd8FZpe9JGormi0UsC
K8cpTHizwJkJ3DKhKVk5DtsuVMDdRBKXt6z8ybg5DXMbLm4eSttgw1HtmQOa
FQqTPab2UxuT/qp8WM79aGokY8/Ep2I6ZQast//k5wHF14esUoVHmdqgTyqm
Eia0rOs0WdPJszpZL6MDGHOE3wF0wBW4e3fOXkqU5F5XZWWBZG5yB6uld0rm
rFnz1BP0gciCVCaaPhZLU45yAYnROZwtHCin39S04ueKHQ/fHAzPTk5/LMoJ
dI3MNoW1opz9/BMWt7Cyi1/+4y238vN7rH38eFPz+2lNm5ZmcJM2qJiL8q6p
jf90i5au0aalq2wo0+yyNiqzd50yezcq02zXbkCGupjbINNjjqyBjPnp3YwM
tUPXIFNvFW5CBiX2mjJ7NWX6NyBT7zfWFWqvvNsV2nliq9taFVsohDXSatdd
Vb/NilvrdxTwb8QCwRotgv2wwrh/6d3V/JA+RElDRJnAZgLzmcsYmcRM3zpo
PlAJ7B8cvEbfMMFrPwjD6JMdxlUp2hDYsEQBPsvHrro2QYmiE+U7M1On8NZh
LxReaj6dIqJRrs1j9wbldIYgtTL4ch+ZmJSTU1HpaI3wgmGLjXO9QY4JocUU
rdBGmmm/VoGKXEUNSInYZRVCua4zzqwoE6LYlOHWWo1iADBz5xm/NDNNq515
jowl4tDGbqlt/K1WAx6TWDXWtrcbL2tySVDZI5S1lqIieOQah15nx6TW33//
3Qj0SNtzkn+ulYrOUdXwC7b9/KYweyu+Zpi6HVsjoHzObnD9u+5Wc9Lb4dLm
Ths5q+dVk9d81kp5TuPPczsWOHfDpVvzminNOU0X7s5KA4vPZF3d9bv948/Z
df/VEP/63fO3J69/7D3u7twesdEIjfq5nQicu97f825RPTxnNp5SIC1Lgvfe
LTJ9wbmWwNd42xNzybt3HW97Hm3s29u4ZT3jNbbsr223ITGVfJRwqnzzvsWc
2wyXtVzX14WUnW9Yh0K8WTx2YblFbtOoW8UCkbuJbRh8u9i9O4ptOMMmbXt3
V7ThI5tU7t9W3VbfaZcKE7C33yq6Kftr6i8pI6Kol+E3K0ILtoLGktSFrFO0
SXnnknpBvE67bb47U9GfXUvtvoHk3V5+XRf6fo9bb25Mi71qtbbiuqKvC43Z
Gqdb71YENYh4sHFHrHXLxTqu12OwfiJHfv3BGkRN/QuSDRdTnHKdbPVANylD
Z16j8bx/sTeKvkp1Vps0lgNNU/pJO27LynkmiimS1wHvEc3f7DcMqX41xdlM
cDvZKXkneWo+zqaaUOUafKlIhB1clBVfRW++fJGBMqKPblGRptAYTKakNLTj
pRsHG24qBo3Hma9VoWfutDmy0QruEk3tRT4w6FAla0eAA0bfAmOdYOy+2GX5
QX8+54nj2zJMeVxnq2jtyYnce+htEoGtPxopPfb8G2aeWamP6DN18yxeep/q
NlnJLZk3E7eZ5XN2/0nn2d6Ddnd86K3z1xh/WjOiBp6W0h6hGNk6LLdZLCO7
QuN2bofwA/bTV2suYlYKUe+99w2FVgig1a3VcjFrRQWnXss2DVc1wPXWgett
Rq73BaFr17s9gtgbf/JgUyR92CajYr5JdUto9bNdnxmaNpWvvs5l7r2SWC44
Weu3vr5OSpVX+Rco9u/PV21DNLa20gJ59zrMu38x6KuqtmQFaxlPH6wQtRt0
PYE69e7icRtNGlWDe2je1i+i/R42RIaWhOZuYe143Y3n637xA76nAYP3f8eD
ap8OMQAA
-->
</rfc>