Clarify key derivation from an exported CDI #30
Description
From a discussion in the PR to upload the iRoT DPE profile specification:
@bluegate010 bluegate010 last week
Is this basically saying that the caller can derive a keypair from the CDI, and if they do then they must use the same asymmetric key derivation scheme that the profile defines? (Else there's no way to tie the exported CDI back to DPE?)
If that's the case then I think the profile is under-specified, since tcg.derive.kdf-asymmetric-p256 says "This derivation scheme shall use a cryptographically secure KDF or DRBG", so a caller can't really know how the key was derived under the hood.
Or is there no expectation that the exported CDI has to be turned into an asymmetric keypair using any particular method? In which case what does "the relevant profile" mean?
@jhand2 jhand2 3 days ago
Yes and yes. I agree it's underspecified. The challenge is that different HW has different KDF support so I wanted to avoid excluding some HW.
But maybe the base profile should just take a stand and then an implementation can inherit from this profile + override the KDF.