Encrypted Personalization Data

[kentakayama]

Current personalization data SUIT manifest distributes plaintext json as an example.
We can encrypt it, and deliver it with decryption keys using AES-KW and ECDH.
I'll create a PR after libcsuit support to encode it.

Plan for personalization data SUIT manifest

As the personalization data could be relatively small, we can reverage suit-parameter-content and suit-directive-write. They are like integrated payload and much easier for manifest parsers to process.

I will talk with @hannestschofenig and @bremoran extending suit-directive-write to consume the suit-parameter-encryption-info in draft-suit-firmware-encryption .
In my opinion suit-directive-fetch, suit-directive-copy and suit-directive-write MUST consume it.

[dthaler]

@kentakayama Is there any issue in the TEEP protocol draft that would need a change?

[kentakayama]

@dthaler
It took a while, but I made a SUIT manifest for encrypted Personalization Data with AES-KW .
The TEEP Protocol seems to use not AES-KW but ECDH, but current libcsuit doesn't support it now.
Please merge the PR #334 but keep this issue open.

To be changed texts are around

• https://github.com/ietf-teep/teep-protocol/pull/334/files#diff-9d507246b0ed4c5e8f3f79b83d7cea6cdfd22f457e1b4752da5a9898483f1ae8R885-R886
• https://github.com/ietf-teep/teep-protocol/pull/334/files#diff-9d507246b0ed4c5e8f3f79b83d7cea6cdfd22f457e1b4752da5a9898483f1ae8R902-R933