Skip to content

Commit 55645dc

Browse files
committed
Add ML-DSA-87 DPE profile
Additionally, add a P384-SHA512 profile. This is to provide a classical profile whose measurement format is compatible with ML-DSA-87. Signed-off-by: Jordan Hand <[email protected]>
1 parent ac8a708 commit 55645dc

File tree

2 files changed

+180
-6
lines changed

2 files changed

+180
-6
lines changed

specifications/dpe-irot-profile/bibliography.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,10 @@
11
references:
2+
- id: "fips204"
3+
title: "FIPS 204: Module-Lattice-Based Digital Signature Standard"
4+
publisher: "NIST"
5+
issued:
6+
year: 2024
7+
month: 8
28
- id: "ietf-rfc2986"
39
title: "PKCS #10: Certification Request Syntax Specification"
410
publisher: "IETF"

specifications/dpe-irot-profile/spec.ocp

Lines changed: 174 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -103,6 +103,12 @@ This document defines multiple variants of the DPE iRoT profile:
103103
* `DPE_PROFILE_IROT_P384_SHA384`
104104
* `DPE_PROFILE_IROT_MIN_P256_SHA256`
105105
* `DPE_PROFILE_IROT_MIN_P384_SHA384`
106+
* `DPE_PROFILE_IROT_MIN_P384_SHA512`
107+
* `DPE_PROFILE_IROT_MLDSA_87_SHA512`
108+
109+
Names follow the format:
110+
111+
`DPE_PROFILE_IROT{_OPTIONAL_VARIANT}_{SIGNING_ALGORITHM}_{MEASUREMENT_DIGEST_ALGORITHM}`
106112

107113
The profile name will be embedded as ASCII within the version field of the TCBInfo(s), enabling a verifier to confirm that the evidence originates from this profile.
108114

@@ -447,6 +453,18 @@ cryptographic algorithms:
447453
* ECDSA P-384
448454
* SHA2-384
449455

456+
Profile `DPE_PROFILE_IROT_P384_SHA512` requires support for the following
457+
cryptographic algorithms:
458+
459+
* ECDSA P-384
460+
* SHA2-512
461+
462+
Profile `DPE_PROFILE_IROT_MLDSA87_SHA512` requires support for the following
463+
cryptographic algorithms:
464+
465+
* ML-DSA-87
466+
* SHA2-512
467+
450468

451469
This profile defines the following derivation schemes for use in Profile
452470
Attributes.
@@ -532,18 +550,31 @@ follows:
532550
* Outputs
533551
* 48-byte key
534552

535-
### ocp.key-format.p256.raw
553+
### ocp.derive.kdf-asymmetric-mldsa87
536554

537-
The concatenation of the 32-byte X value and 32-byte Y value of the ECDSA public key.
555+
The asymmetric key derivation scheme “ocp.derive.kdf-asymmetric-mldsa87” is defined as
556+
follows:
538557

539-
Both the X and Y value SHALL be big-endian and left-padded with zeros.
558+
* The asymmetric key type is ML-DSA-87
559+
* Signature scheme is ML-DSA
560+
* This derivation scheme SHALL use a cryptographically secure KDF or DRBG.
561+
* Inputs
562+
* CDI
563+
* `LABEL`
564+
* ASCII Bytes "ECC"
565+
* Outputs
566+
* 48-byte key
540567

541568
### ocp.key-format.p384.raw
542569

543570
The concatenation of the 48-byte X value and 48-byte Y value of the ECDSA public key.
544571

545572
Both the X and Y value SHALL be big-endian and left-padded with zeros.
546573

574+
### ocp.key-format.mldsa87.raw
575+
576+
A raw ML-DSA-87 key, encoded as using the pkEncode function in FIPS 204
577+
547578
## Sign Format
548579

549580
### ocp.tbs-format.digest-sha256
@@ -562,6 +593,29 @@ The format “ocp.tbs-format.digest-sha384” is defined as
562593
additional processing. The size of the value SHALL be a SHA2-384 digest of
563594
size 48 bytes.
564595

596+
### ocp.tbs-format.digest-sha512
597+
598+
The format “ocp.tbs-format.digest-sha384” is defined as
599+
600+
* A digest which will be signed directly using the signing scheme with no
601+
additional processing. The size of the value SHALL be a SHA2-384 digest of
602+
size 48 bytes.
603+
604+
### ocp.tbs-format.mldsa87-external-mu
605+
606+
The format “ocp.tbs-format.mldsa87-mu” is defined as
607+
608+
The mu parameter as described in FIPS 204.
609+
610+
* tr = SHAKE256(public_key, 64)
611+
* mu = SHAKE256(tr || message, 64)
612+
613+
### ocp.tbs-format.raw-message
614+
615+
The format “ocp.tbs-format.mldsa87-mu” is defined as a full raw message to
616+
be signed. This format is only supported by profiles whose signing algorithms
617+
support signing raw data (e.g. Pure ML-DSA).
618+
565619
### ocp.signature-format.p256.raw
566620

567621
The concatenation of the 32-byte R value and 32-byte S value of the ECDSA signature.
@@ -743,7 +797,7 @@ following requirements:
743797
* version: The version of the CSR specification - the version SHALL be 0
744798
* subject: The subject name of the CSR
745799
* subjectPKInfo: This field SHALL contain the subject public key and the
746-
OID for the EC public key algorithm used by the DPE profile
800+
OID for the public key algorithm used by the DPE profile
747801
* attributes: An "Extension Request" attribute as defined in RFC 2985
748802
[@{ietf-rfc2985}] SHALL adhere to the following requirements
749803
* The BasicConstraints extension SHALL be included
@@ -786,6 +840,16 @@ The format “ocp.certificate.irot-eca.p384” is defined as follows:
786840
* For the Signature field, DPE SHALL use the ECDSA-with-SHA384 OID with NIST curve
787841
P-384.
788842

843+
### ocp.certificate.irot-eca.mldsa87
844+
845+
The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:
846+
847+
* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
848+
* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
849+
SHA2-512 OID.
850+
* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
851+
* For the Signature field, DPE SHALL use the ML-DSA-87 OID.
852+
789853
### ocp.certificate.irot-leaf.p256
790854

791855
The format ocp.certificate.irot-leaf.p256” is defined as follows:
@@ -810,6 +874,16 @@ The format “ocp.certificate.irot.p384” is defined as follows:
810874
* For the Signature field, DPE SHALL use the ECDSA-with-SHA384 OID with NIST curve
811875
P-384.
812876

877+
### ocp.certificate.irot-leaf.mldsa87
878+
879+
The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:
880+
881+
* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
882+
* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
883+
SHA2-512 OID.
884+
* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
885+
* For the Signature field, DPE SHALL use the ML-DSA-87 OID.
886+
813887
### ocp.csr.irot-leaf.p256
814888

815889
The format “ocp.csr.irot-leaf.p256” is defined as follows:
@@ -834,6 +908,17 @@ The format “ocp.csr.irot-leaf.p384” is defined as follows:
834908
* For the Signature of both the CMS message and the CertificationRequest, DPE SHALL
835909
use the ECDSA-with-SHA384 OID with NIST curve P-384.
836910

911+
### ocp.csr.irot-leaf.mldsa87
912+
913+
The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
914+
915+
* SHALL follow all "Requirements for CSRs" in @sec:csr-requirements
916+
* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
917+
SHA2-512 OID.
918+
* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
919+
* For the Signature of both the CMS message and the CertificationRequest, DPE SHALL
920+
use the ML-DSA-87 OID.
921+
837922
## Profile Attributes
838923

839924
### ocp.profile.irot.p256
@@ -1178,6 +1263,63 @@ The format “ocp.csr.irot-leaf.p384” is defined as follows:
11781263
| supports-symmetric-sign | False |
11791264
+-------------------------------+------------------------------------------------------------------+
11801265

1266+
### ocp.profile.irot.p384-sha512
1267+
1268+
+-------------------------------+------------------------------------------------------------------+
1269+
| **Attribute** | **Value** |
1270+
+===============================+==================================================================+
1271+
| =========================================== General ============================================ |
1272+
+-------------------------------+------------------------------------------------------------------+
1273+
| name | ocp.profile.irot.p384-sha512 |
1274+
+-------------------------------+------------------------------------------------------------------+
1275+
| inherits | ocp.profile.irot.p384 |
1276+
+-------------------------------+------------------------------------------------------------------+
1277+
| ============================================ Input ============================================= |
1278+
+-------------------------------+------------------------------------------------------------------+
1279+
| input-format | ocp.format.digest-sha512 |
1280+
+-------------------------------+------------------------------------------------------------------+
1281+
1282+
### ocp.profile.irot.mldsa87
1283+
1284+
+-------------------------------+------------------------------------------------------------------+
1285+
| **Attribute** | **Value** |
1286+
+===============================+==================================================================+
1287+
| =========================================== General ============================================ |
1288+
+-------------------------------+------------------------------------------------------------------+
1289+
| name | ocp.profile.irot.ml-dsa-87 |
1290+
+-------------------------------+------------------------------------------------------------------+
1291+
| inherits | ocp.profile.irot.p256 |
1292+
+-------------------------------+------------------------------------------------------------------+
1293+
| ============================================ Input ============================================= |
1294+
+-------------------------------+------------------------------------------------------------------+
1295+
| input-format | ocp.format.digest-sha512 |
1296+
+-------------------------------+------------------------------------------------------------------+
1297+
| ========================================= Derivation =========================================== |
1298+
+-------------------------------+------------------------------------------------------------------+
1299+
| dice-derivation | ocp.derive.kdf-cdi-512 |
1300+
+-------------------------------+------------------------------------------------------------------+
1301+
| asymmetric-derivation | ocp.derive.kdf-asymmetric-mldsa87 |
1302+
+-------------------------------+------------------------------------------------------------------+
1303+
| ======================================== Certificates ========================================== |
1304+
+-------------------------------+------------------------------------------------------------------+
1305+
| leaf-certificate-format | ocp.certificate.irot-leaf.mldsa87 |
1306+
+-------------------------------+------------------------------------------------------------------+
1307+
| eca-certificate-format | ocp.certificate.irot-eca.mldsa87 |
1308+
+-------------------------------+------------------------------------------------------------------+
1309+
| ========================================= Signatures =========================================== |
1310+
+-------------------------------+------------------------------------------------------------------+
1311+
| to-be-signed-format | If Sign FULL_MESSAGE flag is set, ocp.format.mldsa87-external-mu.|
1312+
| | Else, ocp.format.raw-message. |
1313+
+-------------------------------+------------------------------------------------------------------+
1314+
| public-key-format | ocp.key-format.mldsa87.raw |
1315+
+-------------------------------+------------------------------------------------------------------+
1316+
| signature-format | ocp.signature-format.mldsa87.raw |
1317+
+-------------------------------+------------------------------------------------------------------+
1318+
| =========================================== Export ============================================= |
1319+
+-------------------------------+------------------------------------------------------------------+
1320+
| export-cdi-format | ocp.export-cdi.raw-512 |
1321+
+-------------------------------+------------------------------------------------------------------+
1322+
11811323
## ABI Structure Definitions {#sec:abi-structure-definitions}
11821324

11831325
All structures are fixed size for a given profile. In some cases, command/response structures differ
@@ -1237,6 +1379,8 @@ Table: Profile Constants
12371379
`DPE_PROFILE_IROT_MIN_P384_SHA384` | 0x2
12381380
`DPE_PROFILE_IROT_P256_SHA256` | 0x3
12391381
`DPE_PROFILE_IROT_P384_SHA384` | 0x4
1382+
`DPE_PROFILE_IROT_P384_SHA512` | 0x5
1383+
`DPE_PROFILE_IROT_MLDSA87_SHA512` | 0x6
12401384

12411385
Table: Certificate Formats
12421386

@@ -1297,6 +1441,15 @@ Table: Profile-dependant ABI constants for `DPE_PROFILE_IROT_P384_SHA384`
12971441
`S` | Signature Size | 96
12981442
`C` | Certificate Size | 6144
12991443

1444+
Table: Profile-dependant ABI constants for `DPE_PROFILE_IROT_MLDSA87_SHA512`
1445+
1446+
**Name** | **Description** | **Value**
1447+
------------ | --------------------- | --------
1448+
`H` | Hash Size | 64
1449+
`P` | Public Key Size | 2592
1450+
`S` | Signature Size | 4697
1451+
`C` | Certificate Size | TODO
1452+
13001453
### Types
13011454

13021455
Table: ABI Types
@@ -1459,7 +1612,7 @@ Table: `CERTIFY_KEY_OUTPUT_ARGS` struct
14591612

14601613
#### Sign ABI
14611614

1462-
Table: `SIGN_INPUT_ARGS` struct
1615+
Table: `SIGN_INPUT_ARGS` struct if `FULL_MESSAGE` **is not** set
14631616

14641617
| **Byte Offset** | **Type** | **Bits** | **Name** | **Description**
14651618
| ------- | ------------- | ------- | -------------------- | -------------------------------------------------------
@@ -1468,9 +1621,24 @@ Table: `SIGN_INPUT_ARGS` struct
14681621
| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_IROT_SHA256_P256`.
14691622
| 0x0C | `BYTES` | 127:0 | `CONTEXT_HANDLE` | A numeric handle referring to a DPE context.
14701623
| 0x1C | `HASH` | | `LABEL` | Digest measurement label used in key derivation.
1471-
| 0x1C + H | `BITFIELD` | 31:0 | `RESERVED` | Reserved
1624+
| 0x1C + H | `BITFIELD` | 31 | `FULL_MESSAGE` | If set, `TO_BE_SIGNED` contains the full message. This flag is only supported where explicitly specified in `to-be-signed-format`.
1625+
| | | 30:0 | `RESERVED` | Reserved
14721626
| 0x20 + H | `HASH` | | `TO_BE_SIGNED` | Hash to be signed.
14731627

1628+
Table: `SIGN_INPUT_ARGS` struct if `FULL_MESSAGE` **is** set
1629+
1630+
| **Byte Offset** | **Type** | **Bits** | **Name** | **Description**
1631+
| ------- | ------------- | ------- | -------------------- | -------------------------------------------------------
1632+
| 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_COMMAND_MAGIC`.
1633+
| 0x04 | `U32` | 31:0 | `COMMAND_ID` | `DPE_COMMAND_SIGN`.
1634+
| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_IROT_SHA256_P256`.
1635+
| 0x0C | `BYTES` | 127:0 | `CONTEXT_HANDLE` | A numeric handle referring to a DPE context.
1636+
| 0x1C | `HASH` | | `LABEL` | Digest measurement label used in key derivation.
1637+
| 0x1C + H | `BITFIELD` | 31 | `FULL_MESSAGE` | If set, `TO_BE_SIGNED` contains the full message. This flag is only supported where explicitly specified in `to-be-signed-format`.
1638+
| | | 30:0 | `RESERVED` | Reserved
1639+
| 0x20 + H | `U32` | 31:0 | `TO_BE_SIGNED_SIZE` | Number of bytes populated in `TO_BE_SIGNED`
1640+
| 0x20 + H | `BYTES` | 8191:0 | `TO_BE_SIGNED` | Message to be signed.
1641+
14741642
Table: `SIGN_OUTPUT_ARGS` struct
14751643

14761644
| **Byte Offset** | **Type** | **Bits** | **Name** | **Description**

0 commit comments

Comments
 (0)