1、BSI Standards PublicationWB11885_BSI_StandardCovs_2013_AW.indd 1 15/05/2013 15:06Universal Serial Bus interfaces for data and powerPart 1-4: Common components - USB Type-CTMAuthentication SpecificationBS EN IEC 62680-1-4:2018EUROPEAN STANDARD NORME EUROPENNE EUROPISCHE NORM EN IEC 62680-1-4 June 201
2、8 ICS 35.200 English Version Universal Serial Bus interfaces for data and power - Part 1-4: Common Components - USB Type-C(tm) Authentication Specification (IEC 62680-1-4:2018) Interfaces de bus srie universel (USB) pour les donnes et lalimentation - Partie 1-4 : Composants communs - Spcification da
3、uthentification USB Type-C(tm) (IEC 62680-1-4:2018) Schnittstellen des Universellen Seriellen Busses fr Daten und Energie - Teil 1-4: Gemeinsame Bauteile - Festlegung fr USB-Typ-CTM-Authentifizierung (IEC 62680-1-4:2018) This European Standard was approved by CENELEC on 2018-05-15. CENELEC members a
4、re bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to
5、 the CEN-CENELEC Management Centre or to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Mana
6、gement Centre has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ir
7、eland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. European Committee for Electrotechnical Standardization Comit Europen de Normalisation Electrotechnique Europ
8、isches Komitee fr Elektrotechnische Normung CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels 2018 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members. Ref. No. EN IEC 62680-1-4:2018 E National forewordThis British Standard is the
9、 UK implementation of EN IEC 62680-1-4:2018. It is identical to IEC 62680-1-4:2018.The UK participation in its preparation was entrusted to Technical Committee EPL/100, Audio, video and multimedia systems and equipment.A list of organizations represented on this committee can be obtained on request
10、to its secretary.This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application. The British Standards Institution 2018 Published by BSI Standards Limited 2018ISBN 978 0 580 99499 9ICS 35.200Compliance with a British Standar
11、d cannot confer immunity from legal obligations.This British Standard was published under the authority of the Standards Policy and Strategy Committee on 30 June 2018.Amendments/corrigenda issued since publicationDate Text affectedBRITISH STANDARDBS EN IEC 62680-1-4:2018EUROPEAN STANDARD NORME EUROP
12、ENNE EUROPISCHE NORM EN IEC 62680-1-4 June 2018 ICS 35.200 English Version Universal Serial Bus interfaces for data and power - Part 1-4: Common Components - USB Type-C(tm) Authentication Specification (IEC 62680-1-4:2018) Interfaces de bus srie universel (USB) pour les donnes et lalimentation - Par
13、tie 1-4 : Composants communs - Spcification dauthentification USB Type-C(tm) (IEC 62680-1-4:2018) Schnittstellen des Universellen Seriellen Busses fr Daten und Energie - Teil 1-4: Gemeinsame Bauteile - Festlegung fr USB-Typ-CTM-Authentifizierung (IEC 62680-1-4:2018) This European Standard was approv
14、ed by CENELEC on 2018-05-15. CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such nation
15、al standards may be obtained on application to the CEN-CENELEC Management Centre or to any CENELEC member. This European Standard exists in three official versions (English, French, German). A version in any other language made by translation under the responsibility of a CENELEC member into its own
16、 language and notified to the CEN-CENELEC Management Centre has the same status as the official versions. CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia,
17、 France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the United Kingdom. European Committee for Electrotechnical Standardization Comit E
18、uropen de Normalisation Electrotechnique Europisches Komitee fr Elektrotechnische Normung CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels 2018 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members. Ref. No. EN IEC 62680-1-4:2018 E
19、 BS EN IEC 62680-1-4:2018EN IEC 62680-1-4:2018 (E) 2 European foreword The text of document 100/2981/CDV, future edition 1 of IEC 62680-1-4, prepared by technical area 14: “Interfaces and methods of measurement for personal computing equipment“, of IEC/TC 100: “Audio, video and multimedia systems an
20、d equipment“ was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as EN IEC 62680-1-4:2018. The following dates are fixed: latest date by which the document has to be implemented at national level by publication of an identical national standard or by endorsement (dop) 2019-02-15 l
21、atest date by which the national standards conflicting with the document have to be withdrawn (dow) 2021-05-15 Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights. CENELEC shall not be held responsible for identifying any or all such p
22、atent rights. Endorsement notice The text of the International Standard IEC 62680-1-4:2018 was approved by CENELEC as a European Standard without any modification. BS EN IEC 62680-1-4:2018IEC 62680-1-4:2018 IEC 2018 7 USB-IF:2017 Copyright 2017 USB 3.0 Promoter Group. All rights reserved. CONTENTS S
23、pecification Work Group Chairs / Specification Editors . 12 Specification Work Group Contributors . 12 Revision History 14 1 Introduction . 15 1.1 Scope . 15 1.2 Overview 15 1.3 Related Documents 16 1.4 Terms and Abbreviations 18 1.5 Conventions . 19 1.5.1 Precedence . 19 1.5.2 Keywords 19 1.5.3 Num
24、bering 20 1.5.4 Byte Ordering 20 2 Overview . 20 2.1 Topology 20 2.2 Cryptographic Methods 21 2.2.1 Random Numbers . 21 2.3 Security Overview 22 2.3.1 Periodic Re-Authentication 22 2.3.2 Secret Key Storage and Protection . 22 2.3.3 Security Evaluation Criteria . 22 2.4 Impact to Existing Ecosystem .
25、 22 2.4.1 Proxy Capabilities (PD traversing the Hub topology) . 23 3 Authentication Architecture . 23 3.1 Certificates . 23 3.1.1 Format 23 3.1.2 Textual Format 23 3.1.3 Attributes and Extensions 23 3.2 Certificate Chains . 25 3.2.1 Provisioning 25 3.3 Private Keys . 26 4 Authentication Protocol . 2
26、6 4.1 Digest Query 26 4.2 Certificate Chain Read . 26 4.3 Authentication Challenge 27 4.4 Errors and Alerts 27 4.4.1 Invalid Request . 27 4.4.2 Unsupported Protocol Version . 27 4.4.3 Busy . 27 BS EN IEC 62680-1-4:2018 8 IEC 62680-1-4:2018 IEC 2018 USB-IF:2017 Copyright 2017 USB 3.0 Promoter Group.
27、All rights reserved. 4.4.4 Unspecified . 27 5 Authentication Messages 27 5.1 Header . 28 5.1.1 USB Type-C Authentication Protocol Version 28 5.1.2 Message Type 28 5.1.3 Param1 . 28 5.1.4 Param2 . 28 5.2 Authentication Requests . 28 5.2.1 GET_DIGESTS . 29 5.2.2 GET_CERTIFICATE 29 5.2.3 CHALLENGE 30 5
28、.3 Authentication Responses 30 5.3.1 DIGESTS 31 5.3.2 CERTIFICATE . 31 5.3.3 CHALLENGE_AUTH . 32 5.3.4 ERROR . 33 6 Authentication of PD Products 34 6.1 Transfers less than or equal to MaxExtendedMsgLen . 34 6.2 Transfers greater than MaxExtendedMsgLen 35 6.3 Timing Requirements for PD Security Exte
29、nded Messages . 38 6.3.1 Authentication Initiator 38 6.3.2 Authentication Responder . 39 6.4 Context Hash . 40 7 Authentication of USB Products 40 7.1 Descriptors . 40 7.1.1 Authentication Capability Descriptor 40 7.2 Mapping Authentication Messages to USB . 41 7.2.1 Authentication IN 41 7.2.2 Authe
30、ntication OUT . 42 7.3 Authentication Protocol 42 7.3.1 Digest Query . 42 7.3.2 Certificate Read 43 7.3.3 Authentication Challenge 43 7.3.4 Errors 44 7.4 Timing Requirements for USB 44 7.4.1 USB Host Timing Requirements 44 7.4.2 USB Device Timing Requirements . 45 7.5 Context Hash . 46 8 Protocol Co
31、nstants 46 A ACD 47 A.1. ACD Formatting 47 BS EN IEC 62680-1-4:2018IEC 62680-1-4:2018 IEC 2018 9 USB-IF:2017 Copyright 2017 USB 3.0 Promoter Group. All rights reserved. A.1.1. Version TLV 47 A.1.2. XID TLV 48 A.1.3. Power Source Capabilities TLV . 48 A.1.4. Power Source Certifications TLV . 49 A.1.5
32、. Cable Capabilities TLV 50 A.1.6. Security Description TLV . 50 A.1.7. Playpen TLV . 54 A.1.8. Vendor Extension TLV 55 A.1.9. Extension TLV . 55 A.2. ACD for a PD Product 55 A.3. ACD for a USB Product 56 B Cryptographic Examples . 57 B.1. Example Authentication Sequence . 57 B.2. Example Certificat
33、e Chain Topology . 57 B.2.1. Certificate Chain . 57 B.2.2. Root Certificate . 62 B.2.3. Key Pairs 63 B.3. Example Authentication Signature Verification 64 B.3.1. CHALLENGE Request . 64 B.3.2. CHALLENGE_AUTH Response . 64 C Potential Attack Vectors 65 TABLES Table 1-1: Terms and Abbreviations . 18 Ta
34、ble 2-1: Summary of Cryptographic Methods 21 Table 3-1: Certificate Chain Format 25 Table 5-1: Authentication Message Header 28 Table 5-2: USB Type-C Authentication Protocol Version. 28 Table 5-3: Authentication Request Types . 29 Table 5-4: GET_DIGESTS Request Header 29 Table 5-5: GET_CERTIFICATE R
35、equest Header 29 Table 5-6: GET_CERTIFICATE Request Payload . 30 Table 5-7: CHALLENGE Request Header . 30 Table 5-8: CHALLENGE Request Payload 30 Table 5-9: Authentication Response Types. 30 Table 5-10: DIGESTS Response Header 31 Table 5-11: DIGESTS Response Payload . 31 Table 5-12: CERTIFICATE Resp
36、onse Header 31 Table 5-13: CERTIFICATE Response Payload . 32 BS EN IEC 62680-1-4:2018 10 IEC 62680-1-4:2018 IEC 2018 USB-IF:2017 Copyright 2017 USB 3.0 Promoter Group. All rights reserved. Table 5-14: CHALLENGE_AUTH Response Header . 32 Table 5-15: CHALLENGE_AUTH Response Payload 33 Table 5-16: Mess
37、age Contents for ECDSA Digital Signature 33 Table 5-17: ERROR Response Header . 34 Table 5-18: ERROR Codes 34 Table 6-1: Timeout Values for a PD Authentication Initiator 38 Table 6-2: Timing Requirements for PD Authentication Responder . 39 Table 7-1: Authentication Capability Descriptor 40 Table 7-
38、2: Authentication Capability Descriptor Types 41 Table 7-3: Authentication Message bRequest Values . 41 Table 7-4: Authentication IN Control Request Fields 41 Table 7-5: Authentication Message Header Mapping 41 Table 7-6: Authentication OUT Control Request Fields . 42 Table 7-7: GET_DIGESTS Authenti
39、cation IN Control Request Fields 42 Table 7-8: GET_CERTIFICATE Authentication OUT Control Request Fields 43 Table 7-9: CERTIFICATE Authentication IN Control Request Fields . 43 Table 7-10: CHALLENGE Authentication OUT Control Request Fields . 43 Table 7-11: CHALLENGE_AUTH Authentication IN Control R
40、equest Fields 44 Table 7-12: Authentication Initiator Timeout Values 44 Table 7-13: Authentication Responder Response Times . 45 Table 8-1: Protocol Constants 46 Table A-1: TLV General Format 47 Table A-2: TLV Types. 47 Table A-3: Version TLV Fields 47 Table A-4: ACD Version Encoding 48 Table A-5: X
41、ID TLV Fields 48 Table A-6: Power Source Capabilities TLV Fields . 48 Table A-7: Power Source Capabilities TLV Data . 49 Table A-8: Power Source Certifications TLV Fields. 49 Table A-9: Cable Capabilities TLV Fields . 50 Table A-10: Cable Capabilities TLV Data 50 Table A-11: Security Description TLV
42、 Fields . 50 Table A-12: Security Data 50 Table A-13: FIPS/ISO Level Identifiers . 51 Table A-14: Vulnerability Assessment 51 Table A-15: EAL Encodings 52 Table A-16: Protection Profile Encoding . 52 BS EN IEC 62680-1-4:2018IEC 62680-1-4:2018 IEC 2018 11 USB-IF:2017 Copyright 2017 USB 3.0 Promoter G
43、roup. All rights reserved. Table A-17: Development Security . 53 Table A-18: Certification Maintenance 53 Table A-19: Testing Method Encoding 54 Table A-20: Vulnerability Assessment 54 Table A-21: Playpen TLV Fields . 55 Table A-22: Vendor Extension TLV Fields 55 Table A-23: Vendor Extension TLV Dat
44、a 55 Table A-24: Extension TLV Fields 55 Table A-25: PD Product ACD TLVs 56 Table A-26: USB Product ACD TLVs 56 Table B-1: Version TLV Fields 61 Table B-2: XID TLV Fields 61 Table B-3: Power Source Capabilities TLV Fields . 61 Table B-4: Security Description TLV Fields 61 Table B-5: Playpen TLV Fiel
45、ds . 62 Table B-6: Vendor Extension TLV Fields 62 FIGURES Figure 2-1 Sample Topology 21 Figure 6-1 Example Security Transfer Process for an Authentication Initiator . 36 Figure 6-2 Example Security Transfer Process for an Authentication Responder 37 Figure 6-3 Example 612-Byte Certificate Chain Read
46、 . 38 Figure A-1: Bitmap of Version TLV Data . 48 Figure A-2: Bitmap of the Common Criteria Identifier 51 Figure A-3: Bitmap of the Security Analysis Identifier . 53 BS EN IEC 62680-1-4:2018 12 IEC 62680-1-4:2018 IEC 2018 USB-IF:2017 Copyright 2017 USB 3.0 Promoter Group. All rights reserved. Specif
47、ication Work Group Chairs / Specification Editors Renesas Electronics Corp. Co-Chair Bob Dunstan Intel Corporation Co-Chair Abdul Ismail Editor Stephanie Wallick Specification Work Group Contributors Advanced Micro Devices Jason Hawken Joseph Scanlon Apple Colin Whitby-Strevens Robert Walsh Reese Sc
48、hreiber David Conroy David Sekowski Atmel Corporation Kerry Maletsky Stephen Clark Michel Guellec Ronald Ih Cypress Semiconductor Subu Sankaran Jagadeesan Raj Anup Nayak Jan-Willem van der Waert Dell Inc. Sean ONeal Mohammed Hijazi Frank Molsberry Dan Hamlin Rick Martinez DisplayLink (UK) Ltd. Richa
49、rd Petrie Pete Burgers Dan Ellis Fresco Logic Inc. Bob McVay Tom Burton Christopher Meyers Thomas Huang Google Inc. Adam Langley William Richardson Adam Rodriguez David Schneider Mark Hayter Ken Wu Will Drewry Jerry Parson Sanjay Krishnan HP Inc. Alan Berkema Jim Waldron Daniel Hong Infineon Technologies Thomas Poeppelmann Wolfgang Furtner Harald Hewel Wieland Fischer Sie Boo Chiang Intel Corporation Brad Saunders David Johnston Chia-Hung Kuo Christine Krause Rolf Kuhnis Steve McGowan Andrew R
