--- 1/draft-ietf-teep-opentrustprotocol-02.txt 2019-05-15 19:13:16.402355602 -0700 +++ 2/draft-ietf-teep-opentrustprotocol-03.txt 2019-05-15 19:13:16.578360054 -0700 @@ -1,75 +1,75 @@ TEEP M. Pei Internet-Draft Symantec Intended status: Informational A. Atyeo -Expires: April 26, 2019 Intercede +Expires: November 16, 2019 Intercede N. Cook ARM Ltd. M. Yoo IoTrust H. Tschofenig ARM Ltd. - October 23, 2018 + May 15, 2019 The Open Trust Protocol (OTrP) - draft-ietf-teep-opentrustprotocol-02.txt + draft-ietf-teep-opentrustprotocol-03.txt Abstract This document specifies the Open Trust Protocol (OTrP), a protocol that follows the Trust Execution Environment Provisioning (TEEP) architecture and provides a message protocol that provisions and manages Trusted Applications into a device with a Trusted Execution Environment (TEE). Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- - Drafts is at http://datatracker.ietf.org/drafts/current/. + Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on April 26, 2019. + This Internet-Draft will expire on November 16, 2019. Copyright Notice - Copyright (c) 2018 IETF Trust and the persons identified as the + Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents - (http://trustee.ietf.org/license-info) in effect on the date of + (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 5 2. Requirements Language . . . . . . . . . . . . . . . . . . . . 6 3. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.1. Definitions . . . . . . . . . . . . . . . . . . . . . . . 6 3.2. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 6 4. OTrP Entities and Trust Model . . . . . . . . . . . . . . . . 6 - 4.1. System Components . . . . . . . . . . . . . . . . . . . . 7 + 4.1. System Components . . . . . . . . . . . . . . . . . . . . 6 4.2. Trust Anchors in TEE . . . . . . . . . . . . . . . . . . 7 4.3. Trust Anchors in TAM . . . . . . . . . . . . . . . . . . 7 4.4. Keys and Certificate Types . . . . . . . . . . . . . . . 7 5. Protocol Scope and Entity Relations . . . . . . . . . . . . . 10 5.1. A Sample Device Setup Flow . . . . . . . . . . . . . . . 12 5.2. Derived Keys in The Protocol . . . . . . . . . . . . . . 12 5.3. Security Domain Hierarchy and Ownership . . . . . . . . . 13 5.4. SD Owner Identification and TAM Certificate Requirements 13 5.5. Service Provider Container . . . . . . . . . . . . . . . 14 6. OTrP Broker . . . . . . . . . . . . . . . . . . . . . . . . . 15 @@ -109,95 +109,93 @@ 9.1.3.1. Supported Firmware Signature Methods . . . . . . 33 9.1.4. Post Conditions . . . . . . . . . . . . . . . . . . . 33 9.1.5. GetDeviceStateResponse Message . . . . . . . . . . . 33 9.1.6. Error Conditions . . . . . . . . . . . . . . . . . . 38 9.1.7. TAM Processing Requirements . . . . . . . . . . . . . 39 9.2. Security Domain Management . . . . . . . . . . . . . . . 40 9.2.1. CreateSD . . . . . . . . . . . . . . . . . . . . . . 40 9.2.1.1. CreateSDRequest Message . . . . . . . . . . . . . 40 9.2.1.2. Request Processing Requirements at a TEE . . . . 43 9.2.1.3. CreateSDResponse Message . . . . . . . . . . . . 44 - 9.2.1.4. Error Conditions . . . . . . . . . . . . . . . . 46 + 9.2.1.4. Error Conditions . . . . . . . . . . . . . . . . 45 9.2.2. UpdateSD . . . . . . . . . . . . . . . . . . . . . . 46 9.2.2.1. UpdateSDRequest Message . . . . . . . . . . . . . 46 9.2.2.2. Request Processing Requirements at a TEE . . . . 49 9.2.2.3. UpdateSDResponse Message . . . . . . . . . . . . 51 9.2.2.4. Error Conditions . . . . . . . . . . . . . . . . 52 - 9.2.3. DeleteSD . . . . . . . . . . . . . . . . . . . . . . 53 + 9.2.3. DeleteSD . . . . . . . . . . . . . . . . . . . . . . 52 9.2.3.1. DeleteSDRequest Message . . . . . . . . . . . . . 53 9.2.3.2. Request Processing Requirements at a TEE . . . . 55 9.2.3.3. DeleteSDResponse Message . . . . . . . . . . . . 56 - 9.2.3.4. Error Conditions . . . . . . . . . . . . . . . . 58 - 9.3. Trusted Application Management . . . . . . . . . . . . . 58 - 9.3.1. InstallTA . . . . . . . . . . . . . . . . . . . . . . 59 - 9.3.1.1. InstallTARequest Message . . . . . . . . . . . . 60 - 9.3.1.2. InstallTAResponse Message . . . . . . . . . . . . 62 - 9.3.1.3. Error Conditions . . . . . . . . . . . . . . . . 64 - 9.3.2. UpdateTA . . . . . . . . . . . . . . . . . . . . . . 64 - 9.3.2.1. UpdateTARequest Message . . . . . . . . . . . . . 65 - 9.3.2.2. UpdateTAResponse Message . . . . . . . . . . . . 67 - 9.3.2.3. Error Conditions . . . . . . . . . . . . . . . . 69 - 9.3.3. DeleteTA . . . . . . . . . . . . . . . . . . . . . . 69 - 9.3.3.1. DeleteTARequest Message . . . . . . . . . . . . . 69 - 9.3.3.2. Request Processing Requirements at a TEE . . . . 71 - 9.3.3.3. DeleteTAResponse Message . . . . . . . . . . . . 72 - 9.3.3.4. Error Conditions . . . . . . . . . . . . . . . . 73 - 10. Response Messages a TAM May Expect . . . . . . . . . . . . . 73 - 11. Basic Protocol Profile . . . . . . . . . . . . . . . . . . . 74 - 12. Attestation Implementation Consideration . . . . . . . . . . 75 - 12.1. OTrP Trusted Firmware . . . . . . . . . . . . . . . . . 75 - 12.1.1. Attestation signer . . . . . . . . . . . . . . . . . 75 - 12.1.2. TFW Initial Requirements . . . . . . . . . . . . . . 75 - 12.2. TEE Loading . . . . . . . . . . . . . . . . . . . . . . 76 - 12.3. Attestation Hierarchy . . . . . . . . . . . . . . . . . 76 - 12.3.1. Attestation Hierarchy Establishment: Manufacture . . 77 - 12.3.2. Attestation Hierarchy Establishment: Device Boot . . 77 - 12.3.3. Attestation Hierarchy Establishment: TAM . . . . . . 77 - 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 77 - 13.1. Error Code List . . . . . . . . . . . . . . . . . . . . 78 - 13.1.1. TEE Signed Error Code List . . . . . . . . . . . . . 78 - 13.1.2. OTrP Broker Error Code List . . . . . . . . . . . . 79 - 14. Security Consideration . . . . . . . . . . . . . . . . . . . 79 - 14.1. Cryptographic Strength . . . . . . . . . . . . . . . . . 79 - 14.2. Message Security . . . . . . . . . . . . . . . . . . . . 80 - 14.3. TEE Attestation . . . . . . . . . . . . . . . . . . . . 80 - 14.4. TA Protection . . . . . . . . . . . . . . . . . . . . . 80 - 14.5. TA Personalization Data . . . . . . . . . . . . . . . . 81 - 14.6. TA Trust Check at TEE . . . . . . . . . . . . . . . . . 81 - 14.7. One TA Multiple SP Case . . . . . . . . . . . . . . . . 82 - 14.8. OTrP Broker Trust Model . . . . . . . . . . . . . . . . 82 - 14.9. OCSP Stapling Data for TAM Signed Messages . . . . . . . 82 - 14.10. Data Protection at TAM and TEE . . . . . . . . . . . . . 82 + 9.2.3.4. Error Conditions . . . . . . . . . . . . . . . . 57 + 9.3. Trusted Application Management . . . . . . . . . . . . . 57 + 9.3.1. InstallTA . . . . . . . . . . . . . . . . . . . . . . 58 + 9.3.1.1. InstallTARequest Message . . . . . . . . . . . . 59 + 9.3.1.2. InstallTAResponse Message . . . . . . . . . . . . 61 + 9.3.1.3. Error Conditions . . . . . . . . . . . . . . . . 62 + 9.3.2. UpdateTA . . . . . . . . . . . . . . . . . . . . . . 63 + 9.3.2.1. UpdateTARequest Message . . . . . . . . . . . . . 64 + 9.3.2.2. UpdateTAResponse Message . . . . . . . . . . . . 66 + 9.3.2.3. Error Conditions . . . . . . . . . . . . . . . . 67 + 9.3.3. DeleteTA . . . . . . . . . . . . . . . . . . . . . . 68 + 9.3.3.1. DeleteTARequest Message . . . . . . . . . . . . . 68 + 9.3.3.2. Request Processing Requirements at a TEE . . . . 70 + 9.3.3.3. DeleteTAResponse Message . . . . . . . . . . . . 70 + 9.3.3.4. Error Conditions . . . . . . . . . . . . . . . . 71 + 10. Response Messages a TAM May Expect . . . . . . . . . . . . . 72 + 11. Basic Protocol Profile . . . . . . . . . . . . . . . . . . . 73 + 12. Attestation Implementation Consideration . . . . . . . . . . 73 + 12.1. OTrP Trusted Firmware . . . . . . . . . . . . . . . . . 74 + 12.1.1. Attestation signer . . . . . . . . . . . . . . . . . 74 + 12.1.2. TFW Initial Requirements . . . . . . . . . . . . . . 74 + 12.2. TEE Loading . . . . . . . . . . . . . . . . . . . . . . 74 + 12.3. Attestation Hierarchy . . . . . . . . . . . . . . . . . 75 + 12.3.1. Attestation Hierarchy Establishment: Manufacture . . 75 + 12.3.2. Attestation Hierarchy Establishment: Device Boot . . 75 + 12.3.3. Attestation Hierarchy Establishment: TAM . . . . . . 76 + 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 76 + 13.1. Error Code List . . . . . . . . . . . . . . . . . . . . 77 + 13.1.1. TEE Signed Error Code List . . . . . . . . . . . . . 77 + 14. Security Consideration . . . . . . . . . . . . . . . . . . . 78 + 14.1. Cryptographic Strength . . . . . . . . . . . . . . . . . 78 + 14.2. Message Security . . . . . . . . . . . . . . . . . . . . 79 + 14.3. TEE Attestation . . . . . . . . . . . . . . . . . . . . 79 + 14.4. TA Protection . . . . . . . . . . . . . . . . . . . . . 79 + 14.5. TA Personalization Data . . . . . . . . . . . . . . . . 80 + 14.6. TA Trust Check at TEE . . . . . . . . . . . . . . . . . 80 + 14.7. One TA Multiple SP Case . . . . . . . . . . . . . . . . 81 + 14.8. OTrP Broker Trust Model . . . . . . . . . . . . . . . . 81 + 14.9. OCSP Stapling Data for TAM Signed Messages . . . . . . . 81 + 14.10. Data Protection at TAM and TEE . . . . . . . . . . . . . 81 14.11. Privacy Consideration . . . . . . . . . . . . . . . . . 82 - 14.12. Threat Mitigation . . . . . . . . . . . . . . . . . . . 83 + 14.12. Threat Mitigation . . . . . . . . . . . . . . . . . . . 82 14.13. Compromised CA . . . . . . . . . . . . . . . . . . . . . 83 - 14.14. Compromised TAM . . . . . . . . . . . . . . . . . . . . 84 - 14.15. Certificate Renewal . . . . . . . . . . . . . . . . . . 84 - 15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 84 + 14.14. Compromised TAM . . . . . . . . . . . . . . . . . . . . 83 + 14.15. Certificate Renewal . . . . . . . . . . . . . . . . . . 83 + 15. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 83 16. References . . . . . . . . . . . . . . . . . . . . . . . . . 84 16.1. Normative References . . . . . . . . . . . . . . . . . . 84 - 16.2. Informative References . . . . . . . . . . . . . . . . . 85 + 16.2. Informative References . . . . . . . . . . . . . . . . . 84 Appendix A. Sample Messages . . . . . . . . . . . . . . . . . . 85 A.1. Sample Security Domain Management Messages . . . . . . . 85 A.1.1. Sample GetDeviceState . . . . . . . . . . . . . . . . 85 A.1.1.1. Sample GetDeviceStateRequest . . . . . . . . . . 85 - A.1.1.2. Sample GetDeviceStateResponse . . . . . . . . . . 86 + A.1.1.2. Sample GetDeviceStateResponse . . . . . . . . . . 85 A.1.2. Sample CreateSD . . . . . . . . . . . . . . . . . . . 89 A.1.2.1. Sample CreateSDRequest . . . . . . . . . . . . . 89 A.1.2.2. Sample CreateSDResponse . . . . . . . . . . . . . 92 A.1.3. Sample UpdateSD . . . . . . . . . . . . . . . . . . . 93 A.1.3.1. Sample UpdateSDRequest . . . . . . . . . . . . . 94 A.1.3.2. Sample UpdateSDResponse . . . . . . . . . . . . . 95 A.1.4. Sample DeleteSD . . . . . . . . . . . . . . . . . . . 95 A.1.4.1. Sample DeleteSDRequest . . . . . . . . . . . . . 95 A.1.4.2. Sample DeleteSDResponse . . . . . . . . . . . . . 97 - A.2. Sample TA Management Messages . . . . . . . . . . . . . . 99 A.2.1. Sample InstallTA . . . . . . . . . . . . . . . . . . 99 A.2.1.1. Sample InstallTARequest . . . . . . . . . . . . . 99 A.2.1.2. Sample InstallTAResponse . . . . . . . . . . . . 100 A.2.2. Sample UpdateTA . . . . . . . . . . . . . . . . . . . 102 A.2.2.1. Sample UpdateTARequest . . . . . . . . . . . . . 102 A.2.2.2. Sample UpdateTAResponse . . . . . . . . . . . . . 103 A.2.3. Sample DeleteTA . . . . . . . . . . . . . . . . . . . 106 A.2.3.1. Sample DeleteTARequest . . . . . . . . . . . . . 106 A.2.3.2. Sample DeleteTAResponse . . . . . . . . . . . . . 108 @@ -1694,24 +1694,20 @@ ERR_TAM_NOT_TRUSTED The TEE needs to make sure whether the TAM is trustworthy by checking the validity of the TAM certificate and OCSP stapling data and so on. If the TEE finds the TAM is not reliable, it returns this error code. ERR_TEE_FAIL If the TEE fails to process a request because of its internal error but is able to sign an error response message, it will return this error code. - ERR_AGENT_TEE_FAIL The TEE failed to respond to a TAM request. The - OTrP Broker will construct an error message in responding to the - TAM's request. The error message will not be signed. - The response message will look like the following if the TEE signing can work to sign the error response message. { "GetDeviceTEEStateTBSResponse": { "ver": "1.0", "status": "fail", "rid": "", "tid": "", "reason": {"error-code":""} @@ -1997,49 +1993,35 @@ "CreateSDResponse": { "payload": "", "protected": { "" }, "signature": "" } } - A response message type "status" will be returned when the TEE fails - to respond. The OTrP Broker is responsible to create this message. - - { - "status": { - "result": "fail", - "error-code": "ERR_AGENT_TEE_FAIL", - "error-message": "TEE fails to respond" - } - } + When the TEE fails to respond, the OTrP Broker will not provide a + subsequent response to the TAM. The TAM should treat this as if the + device has gone offline where a response is never delivered back. 9.2.1.4. Error Conditions An error might occur if a request isn't valid or the TEE runs into some error. The list of possible errors are as follows. Refer to the Error Code List (Section 13.1) for detailed causes and actions. - ERR_AGENT_TEE_BUSY - - ERR_AGENT_TEE_FAIL - - ERR_AGENT_TEE_UNKNOWN - ERR_REQUEST_INVALID ERR_UNSUPPORTED_MSG_VERSION ERR_UNSUPPORTED_CRYPTO_ALG - ERR_DEV_STATE_MISMATCH ERR_SD_ALREADY_EXIST ERR_SD_NOT_FOUND ERR_SPCERT_INVALID ERR_TEE_FAIL @@ -2286,43 +2268,30 @@ "UpdateSDResponse": { "payload": "", "protected": { "" }, "signature": "" } } - A response message type "status" will be returned when the TEE fails - to respond. The OTrP Broker is responsible to create this message. - - { - "status": { - "result": "fail", - "error-code": "ERR_AGENT_TEE_FAIL", - "error-message": "" - } - } + When the TEE fails to respond, the OTrP Broker will not provide a + subsequent response to the TAM. The TAM should treat this as if the + device has gone offline where a response is never delivered back. 9.2.2.4. Error Conditions An error may occur if a request isn't valid or the TEE runs into some error. The list of possible errors are as follows. Refer to the Error Code List (Section 13.1) for detailed causes and actions. - ERR_AGENT_TEE_BUSY - - ERR_AGENT_TEE_FAIL - - ERR_AGENT_TEE_UNKNOWN - ERR_REQUEST_INVALID ERR_UNSUPPORTED_MSG_VERSION ERR_UNSUPPORTED_CRYPTO_ALG ERR_DEV_STATE_MISMATCH ERR_SD_NOT_FOUND @@ -2537,43 +2506,30 @@ "DeleteSDResponse": { "payload": "", "protected": { "" }, "signature": "" } } - A response message type "status" will be returned when the TEE fails - to respond. The OTrP Broker is responsible to create this message. - - { - "status": { - "result": "fail", - "error-code": "ERR_AGENT_TEE_FAIL", - "error-message": "TEE fails to respond" - } - } + When the TEE fails to respond, the OTrP Broker will not provide a + subsequent response to the TAM. The TAM should treat this as if the + device has gone offline where a response is never delivered back. 9.2.3.4. Error Conditions An error may occur if a request isn't valid or the TEE runs into some error. The list of possible errors is as follows. Refer to the Error Code List (Section 13.1) for detailed causes and actions. - ERR_AGENT_TEE_BUSY - - ERR_AGENT_TEE_FAIL - - ERR_AGENT_TEE_UNKNOWN - ERR_REQUEST_INVALID ERR_UNSUPPORTED_MSG_VERSION ERR_UNSUPPORTED_CRYPTO_ALG ERR_DEV_STATE_MISMATCH ERR_SD_NOT_EMPTY @@ -2789,47 +2744,33 @@ "InstallTAResponse": { "payload":"", "protected": { "" }, "signature": "" } } - A response message type "status" will be returned when the TEE fails - to respond. The OTrP Broker is responsible to create this message. - - { - "status": { - "result": "fail", - "error-code": "ERR_AGENT_TEE_FAIL", - "error-message": "TEE fails to respond" - } - } + When the TEE fails to respond, the OTrP Broker will not provide a + subsequent response to the TAM. The TAM should treat this as if the + device has gone offline where a response is never delivered back. 9.3.1.3. Error Conditions An error may occur if a request isn't valid or the TEE runs into some error. The list of possible errors are as follows. Refer to the Error Code List (Section 13.1) for detailed causes and actions. - ERR_AGENT_TEE_BUSY - - ERR_AGENT_TEE_FAIL - - ERR_AGENT_TEE_UNKNOWN - ERR_REQUEST_INVALID ERR_UNSUPPORTED_MSG_VERSION - ERR_UNSUPPORTED_CRYPTO_ALG ERR_DEV_STATE_MISMATCH ERR_SD_NOT_FOUND ERR_TA_INVALID ERR_TA_ALREADY_INSTALLED @@ -3014,47 +2954,33 @@ "UpdateTAResponse": { "payload":"", "protected": { "" }, "signature": "" } } - A response message type "status" will be returned when the TEE fails - to respond. The OTrP Broker is responsible to create this message. - - { - "status": { - "result": "fail", - "error-code": "ERR_AGENT_TEE_FAIL", - "error-message": "TEE fails to respond" - } - } + When the TEE fails to respond, the OTrP Broker will not provide a + subsequent response to the TAM. The TAM should treat this as if the + device has gone offline where a response is never delivered back. 9.3.2.3. Error Conditions An error may occur if a request isn't valid or the TEE runs into some error. The list of possible errors are as follows. Refer to the Error Code List (Section 13.1) for detailed causes and actions. - ERR_AGENT_TEE_BUSY - - ERR_AGENT_TEE_FAIL - - ERR_AGENT_TEE_UNKNOWN - ERR_REQUEST_INVALID ERR_UNSUPPORTED_MSG_VERSION - ERR_UNSUPPORTED_CRYPTO_ALG ERR_DEV_STATE_MISMATCH ERR_SD_NOT_FOUND ERR_TA_INVALID ERR_TA_NOT_FOUND @@ -3198,47 +3125,33 @@ "DeleteTAResponse": { "payload": "", "protected": { "" }, "signature": "" } } - A response message type "status" will be returned when the TEE fails - to respond. The OTrP Broker is responsible to create this message. - - { - "status": { - "result": "fail", - "error-code": "ERR_AGENT_TEE_FAIL", - "error-message": "TEE fails to respond" - } - } + When the TEE fails to respond, the OTrP Broker will not provide a + subsequent response to the TAM. The TAM should treat this as if the + device has gone offline where a response is never delivered back. 9.3.3.4. Error Conditions An error may occur if a request isn't valid or the TEE runs into some error. The list of possible errors are as follows. Refer to the Error Code List (Section 13.1) for detailed causes and actions. - ERR_AGENT_TEE_BUSY - - ERR_AGENT_TEE_FAIL - - ERR_AGENT_TEE_UNKNOWN - ERR_REQUEST_INVALID ERR_UNSUPPORTED_MSG_VERSION - ERR_UNSUPPORTED_CRYPTO_ALG ERR_DEV_STATE_MISMATCH ERR_SD_NOT_FOUND ERR_TA_NOT_FOUND ERR_TEE_FAIL @@ -3439,20 +3352,67 @@ 12.3.3. Attestation Hierarchy Establishment: TAM Before a TAM can begin operation in the marketplace to support devices of a given TEE, it must obtain a TAM certificate from a CA that is registered in the trust store of devices with that TEE. In this way, the TEE can check the intermediate and root CA and verify that it trusts this TAM to perform operations on the TEE. 13. IANA Considerations + There are two IANA requests: a media type and list of error codes. + + This section first requests that IANA assign a media type: + application/otrp+json. + + Type name: application + + Subtype name: otrp+json + + Required parameters: none + + Optional parameters: none + + Encoding considerations: Same as encoding considerations of + application/json as specified in Section 11 of [RFC7159] + + Security considerations: See Section 12 of [RFC7159] and Section 14 + of this document + + Interoperability considerations: Same as interoperability + considerations of application/json as specified in [RFC7159] + + Published specification: [TEEPArch] + + Applications that use this media type: OTrP implementations + + Fragment identifier considerations: N/A + Additional information: + + Deprecated alias names for this type: N/A + + Magic number(s): N/A + + File extension(s): N/A + + Macintosh file type code(s): N/A + + Person to contact for further information: teep@ietf.org + + Intended usage: COMMON + + Restrictions on usage: none + + Author: See the "Authors' Addresses" section of this document + + Change controller: IETF + The error code listed in the next section will be registered. 13.1. Error Code List This section lists error codes that could be reported by a TA or TEE in a device in responding to a TAM request, and a separate list that OTrP Broker may return when the TEE fails to respond. 13.1.1. TEE Signed Error Code List @@ -3506,33 +3466,20 @@ validity of the TAM certificate, etc. If the TEE finds that the TAM is not trustworthy, then it will return this error code. ERR_UNSUPPORTED_CRYPTO_ALG - This error will occur if a TEE receives a request message encoded with cryptographic algorithms that the TEE doesn't support. ERR_UNSUPPORTED_MSG_VERSION - This error will occur if a TEE receives a message version that the TEE can't deal with. -13.1.2. OTrP Broker Error Code List - - ERR_AGENT_TEE_UNKNOWN - This error will occur if the receiver TEE is - not supposed to receive the request. That will be determined by - checking the TEE name or device id in the request message. - - ERR_AGENT_TEE_BUSY - The device TEE is busy. The request can be - generally sent again to retry. - - ERR_AGENT_TEE_FAIL - The TEE fails to respond to a TAM request. The - OTrP Broker will construct an error message in responding to the - TAM's request. - 14. Security Consideration 14.1. Cryptographic Strength The strength of the cryptographic algorithms, using the measure of 'bits of security' defined in NIST SP800-57 allowed for OTrP is: o At a minimum, 112 bits of security. The limiting factor for this is the RSA-2048 algorithm, which is indicated as providing 112 bits of symmetric key strength in SP800-57. It is important that @@ -3767,48 +3714,52 @@ flow diagrams. We also thank the following people (in alphabetical order) for their input and review: Sangsu Baek, Rob Coombs, Dapeng Liu, Dave Thaler, and Pengfei Zhao. 16. References 16.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, - DOI 10.17487/RFC2119, March 1997, . + DOI 10.17487/RFC2119, March 1997, + . [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006, . + [RFC7159] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data + Interchange Format", RFC 7159, DOI 10.17487/RFC7159, March + 2014, . + [RFC7515] Jones, M., Bradley, J., and N. Sakimura, "JSON Web Signature (JWS)", RFC 7515, DOI 10.17487/RFC7515, May 2015, . [RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", RFC 7516, DOI 10.17487/RFC7516, May 2015, . [RFC7517] Jones, M., "JSON Web Key (JWK)", RFC 7517, - DOI 10.17487/RFC7517, May 2015, . + DOI 10.17487/RFC7517, May 2015, + . [RFC7518] Jones, M., "JSON Web Algorithms (JWA)", RFC 7518, - DOI 10.17487/RFC7518, May 2015, . + DOI 10.17487/RFC7518, May 2015, + . [TEEPArch] Pei, M., Tschofenig, H., Atyeo, A., and D. Liu, "Trusted Execution Environment Provisioning (TEEP) Architecture", - 2018, . + 2018, . 16.2. Informative References [GPTEE] Global Platform, "Global Platform, GlobalPlatform Device Technology: TEE System Architecture, v1.0", 2013. [GPTEECLAPI] Global Platform, "Global Platform, GlobalPlatform Device Technology: TEE Client API Specification, v1.0", 2013.