From 0913e48697633e78c71fc8aece4669ac57c37fae Mon Sep 17 00:00:00 2001 From: Zach Halvorsen Date: Wed, 17 Dec 2025 23:54:44 +0000 Subject: [PATCH] dpe: Resolve feedback items from #66 Fixes #86 * Adds maximum certificate size for ML-DSA * Adds a remaining field to GetCertificateChain to fix the corner case where GetCertificateChainResponse.size == the size of the certificate * Adds detail about ML-DSA private key derivation Signed-off-by: Zach Halvorsen --- specifications/dpe-irot-profile/spec.ocp | 47 +++++++++--------------- 1 file changed, 18 insertions(+), 29 deletions(-) diff --git a/specifications/dpe-irot-profile/spec.ocp b/specifications/dpe-irot-profile/spec.ocp index d1a5f4f..988d027 100644 --- a/specifications/dpe-irot-profile/spec.ocp +++ b/specifications/dpe-irot-profile/spec.ocp @@ -499,18 +499,6 @@ The CDI derivation scheme “ocp.derive.kdf-cdi-384” is defined as follows: * Outputs * 48-byte key -### ocp.derive.kdf-cdi-512 - -The CDI derivation scheme “ocp.derive.kdf-cdi-512” is defined as follows: - -* This derivation scheme SHALL use a cryptographically secure KDF or DRBG. -* Inputs - * CDI - * `MEASUREMENT_DATA` - * ASCII Bytes "DPE" -* Outputs - * 64-byte key - ## CDI Export ### ocp.export-cdi.raw-256 @@ -525,12 +513,6 @@ The CDI export scheme "ocp.export-cdi.raw" is a raw 384-bit secret To generate exported keypair, use asymmetric-derivation for the relevant profile. -### ocp.export-cdi.raw-512 - -The CDI export scheme "ocp.export-cdi.raw" is a raw 512-bit secret - -To generate exported keypair, use asymmetric-derivation for the relevant profile. - ## Key Derivation * `LABEL`: LABEL parameter passed to Sign and CertifyKey @@ -573,13 +555,19 @@ follows: * The asymmetric key type is ML-DSA-87 * Signature scheme is ML-DSA -* This derivation scheme SHALL use a cryptographically secure KDF or DRBG. +* This derivation scheme SHALL use the following sequence. +* Use a cryptographically secure KDF or DRBG to derive 32-byte seed 𝜉 (xi). * Inputs * CDI * `LABEL` * ASCII Bytes "MLDSA" * Outputs - * 64-byte key + * 32-byte xi +* Use ML-DSA.KeyGen_internal (Algorithm 6) to derive the private key [@{fips204}]. +* Inputs + * 32-byte xi +* Outputs + * 4,896-byte key ### ocp.key-format.p384.raw @@ -852,7 +840,7 @@ The format “ocp.certificate.irot-eca.mldsa87” is defined as follows: * SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements * For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the - SHA2-512 OID. + SHA2-384 OID. * For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID. * For the Signature field, DPE SHALL use the ML-DSA-87 OID. @@ -886,7 +874,7 @@ The format “ocp.certificate.irot-eca.mldsa87” is defined as follows: * SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements * For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the - SHA2-512 OID. + SHA2-384 OID. * For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID. * For the Signature field, DPE SHALL use the ML-DSA-87 OID. @@ -920,7 +908,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows: * SHALL follow all "Requirements for CSRs" in @sec:csr-requirements * For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the - SHA2-512 OID. + SHA2-384 OID. * For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID. * For the Signature of both the CMS message and the CertificationRequest, DPE SHALL use the ML-DSA-87 OID. @@ -1286,7 +1274,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows: +-------------------------------+------------------------------------------------------------------+ | ========================================= Derivation =========================================== | +-------------------------------+------------------------------------------------------------------+ -| dice-derivation | ocp.derive.kdf-cdi-512 | +| dice-derivation | ocp.derive.kdf-cdi-384 | +-------------------------------+------------------------------------------------------------------+ | asymmetric-derivation | ocp.derive.kdf-asymmetric-mldsa87 | +-------------------------------+------------------------------------------------------------------+ @@ -1306,7 +1294,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows: +-------------------------------+------------------------------------------------------------------+ | =========================================== Export ============================================= | +-------------------------------+------------------------------------------------------------------+ -| export-cdi-format | ocp.export-cdi.raw-512 | +| export-cdi-format | ocp.export-cdi.raw-384 | +-------------------------------+------------------------------------------------------------------+ ## ABI Structure Definitions {#sec:abi-structure-definitions} @@ -1433,10 +1421,10 @@ Table: Profile-dependant ABI constants for `DPE_PROFILE_IROT_MLDSA87_SHA384` **Name** | **Description** | **Value** ------------ | --------------------- | -------- -`H` | Hash Size | 64 +`H` | Hash Size | 48 `P` | Public Key Size | 2592 `S` | Signature Size | 4697 -`C` | Certificate Size | TODO +`C` | Certificate Size | 17408 ### Types @@ -1683,5 +1671,6 @@ Table: `GET_CERTIFICATE_CHAIN_OUTPUT_ARGS` struct | 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_RESPONSE_MAGIC`. | 0x04 | `U32` | 31:0 | `STATUS` | One of `DPE_STATUS_*`. | 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`. -| 0x0C | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read. -| 0x10 | `BYTES` | 16383:0 | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain. +| 0x0C | `U32` | 31:0 | `REMAINING` | Number of bytes remaining after this portion of the certificate chain. +| 0x10 | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read. +| 0x14 | `BYTES` | 16383:0 | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.