Skip to content

dpe: Resolve feedback items from #66 #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zhalvorsen wants to merge 1 commit into
base: main
Choose a base branch
from
Open

dpe: Resolve feedback items from #66 #88

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
69 changes: 35 additions & 34 deletions specifications/dpe-irot-profile/spec.ocp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,17 @@ in the command-specific "ABI" sections in @sec:abi-structure-definitions.

Full structure definitions are provided at the end of this document.

## Multi-part Operations

This profile supports multi-part operations for commands that return large
amounts of data. This functionality is currently limited to the response data of
CertifyKey and GetCertificateChain. When an operation has additional data to
return, the `OperationHandle` in the response will be non-zero. Once all data
has been transmitted, the `OperationHandle` will be 16 null bytes. For
subsequent multi-part requests, all input parameters SHALL remain identical to
the initial request, except for the `OperationHandle`, which SHALL be populated
with the value received in the preceding response.

## Supported Commands

This section describes commands supported by this profile.
Expand Down Expand Up @@ -499,18 +510,6 @@ The CDI derivation scheme “ocp.derive.kdf-cdi-384” is defined as follows:
* Outputs
* 48-byte key

### ocp.derive.kdf-cdi-512

The CDI derivation scheme “ocp.derive.kdf-cdi-512” is defined as follows:

* This derivation scheme SHALL use a cryptographically secure KDF or DRBG.
* Inputs
* CDI
* `MEASUREMENT_DATA`
* ASCII Bytes "DPE"
* Outputs
* 64-byte key

## CDI Export

### ocp.export-cdi.raw-256
Expand All @@ -525,12 +524,6 @@ The CDI export scheme "ocp.export-cdi.raw" is a raw 384-bit secret

To generate exported keypair, use asymmetric-derivation for the relevant profile.

### ocp.export-cdi.raw-512

The CDI export scheme "ocp.export-cdi.raw" is a raw 512-bit secret

To generate exported keypair, use asymmetric-derivation for the relevant profile.

## Key Derivation

* `LABEL`: LABEL parameter passed to Sign and CertifyKey
Expand Down Expand Up @@ -573,13 +566,19 @@ follows:

* The asymmetric key type is ML-DSA-87
* Signature scheme is ML-DSA
* This derivation scheme SHALL use a cryptographically secure KDF or DRBG.
* This derivation scheme SHALL use the following sequence.
* Use a cryptographically secure KDF or DRBG to derive 32-byte seed 𝜉 (xi).
* Inputs
* CDI
* `LABEL`
* ASCII Bytes "MLDSA"
* Outputs
* 64-byte key
* 32-byte xi
* Use ML-DSA.KeyGen_internal (Algorithm 6) to derive the private key [@{fips204}].
* Inputs
* 32-byte xi
* Outputs
* 4,896-byte key

### ocp.key-format.p384.raw

Expand Down Expand Up @@ -852,7 +851,7 @@ The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:

* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
SHA2-512 OID.
SHA2-384 OID.
* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
* For the Signature field, DPE SHALL use the ML-DSA-87 OID.

Expand Down Expand Up @@ -886,7 +885,7 @@ The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:

* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
SHA2-512 OID.
SHA2-384 OID.
* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
* For the Signature field, DPE SHALL use the ML-DSA-87 OID.

Expand Down Expand Up @@ -920,7 +919,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:

* SHALL follow all "Requirements for CSRs" in @sec:csr-requirements
* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
SHA2-512 OID.
SHA2-384 OID.
* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
* For the Signature of both the CMS message and the CertificationRequest, DPE SHALL
use the ML-DSA-87 OID.
Expand All @@ -942,7 +941,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
+-------------------------------+------------------------------------------------------------------+
| max-message-size | 6144 |
+-------------------------------+------------------------------------------------------------------+
| uses-multi-part-messages | False |
| uses-multi-part-messages | True. See @sec:multi-part-operations for more information. |
+-------------------------------+------------------------------------------------------------------+
| supports-concurrent-operation | False |
+-------------------------------+------------------------------------------------------------------+
Expand Down Expand Up @@ -1286,7 +1285,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
+-------------------------------+------------------------------------------------------------------+
| ========================================= Derivation =========================================== |
+-------------------------------+------------------------------------------------------------------+
| dice-derivation | ocp.derive.kdf-cdi-512 |
| dice-derivation | ocp.derive.kdf-cdi-384 |
+-------------------------------+------------------------------------------------------------------+
| asymmetric-derivation | ocp.derive.kdf-asymmetric-mldsa87 |
+-------------------------------+------------------------------------------------------------------+
Expand All @@ -1306,7 +1305,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
+-------------------------------+------------------------------------------------------------------+
| =========================================== Export ============================================= |
+-------------------------------+------------------------------------------------------------------+
| export-cdi-format | ocp.export-cdi.raw-512 |
| export-cdi-format | ocp.export-cdi.raw-384 |
+-------------------------------+------------------------------------------------------------------+

## ABI Structure Definitions {#sec:abi-structure-definitions}
Expand Down Expand Up @@ -1433,10 +1432,10 @@ Table: Profile-dependant ABI constants for `DPE_PROFILE_IROT_MLDSA87_SHA384`

**Name** | **Description** | **Value**
------------ | --------------------- | --------
`H` | Hash Size | 64
`H` | Hash Size | 48
`P` | Public Key Size | 2592
`S` | Signature Size | 4697
`C` | Certificate Size | TODO
`C` | Certificate Size | 17408

### Types

Expand Down Expand Up @@ -1585,6 +1584,7 @@ Table: `CERTIFY_KEY_INPUT_ARGS` struct
| 0x1C | `BITFIELD` | 31:0 | `RESERVED` | Reserved
| 0x20 | `U32` | 31:0 | `ADD_FORMAT` | Output format of `CERTIFICATE`
| 0x24 | `HASH` | | `LABEL` | Public digest used in key derivation.
| 0x24 + H | `BYTES` | 127:0 | `OP_HANDLE` | A handle if continuing a multi-part operation, otherwise 0.

Table: `CERTIFY_KEY_OUTPUT_ARGS` struct

Expand All @@ -1595,8 +1595,9 @@ Table: `CERTIFY_KEY_OUTPUT_ARGS` struct
| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
| 0x0C | `BYTES` | 127:0 | `NEW_CONTEXT_HANDLE` | Numeric handle referring to the updated context.
| 0x1C | `PUBKEY` | | `DERIVED_PUBLIC_KEY` | Derived public key. This is the same public key as the Subject of the returned certificate.
| 0x1C + P | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`.
| 0x20 + P | `CERTIFICATE` | | `CERTIFICATE` | Returned leaf certificate.
| 0x1C + P | `BYTES` | 127:0 | `OP_HANDLE` | Contains a handle if more data remains in the certificate, otherwise 0.
| 0x2C + P | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`.
| 0x30 + P | `CERTIFICATE` | | `CERTIFICATE` | Returned leaf certificate.

#### Sign ABI

Expand Down Expand Up @@ -1673,8 +1674,7 @@ Table: `GET_CERTIFICATE_CHAIN_INPUT_ARGS` struct
| 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_COMMAND_MAGIC`.
| 0x04 | `U32` | 31:0 | `COMMAND_ID` | `DPE_COMMAND_GET_CERTIFICATE_CHAIN`.
| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
| 0x0C | `U32` | 31:0 | `OFFSET` | Offset of certificate chain to retrieve.
| 0x10 | `U32` | 31:0 | `SIZE` | Max number of bytes to return, starting at `OFFSET`.
| 0x0C | `BYTES` | 127:0 | `OP_HANDLE` | A handle if continuing a multi-part operation, otherwise 0.

Table: `GET_CERTIFICATE_CHAIN_OUTPUT_ARGS` struct

Expand All @@ -1683,5 +1683,6 @@ Table: `GET_CERTIFICATE_CHAIN_OUTPUT_ARGS` struct
| 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_RESPONSE_MAGIC`.
| 0x04 | `U32` | 31:0 | `STATUS` | One of `DPE_STATUS_*`.
| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
| 0x0C | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read.
| 0x10 | `BYTES` | 16383:0 | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.
| 0x0C | `BYTES` | 127:0 | `OP_HANDLE` | Contains a handle if more data remains in the certificate chain, otherwise 0.
| 0x10 | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read.
| 0x14 | `BYTES` | | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.