Add COSE/JOSE Algorithms Support - Address issue #64

fdamato · fdamato · commit e00537618cc9 · 2025-09-16T15:22:19.000-07:00
Signed-off-by: Fabrizio Damato &lt;fabrizio.damato@amd.com&gt;
diff --git a/specifications/ietf-eat-profile/bibliography.yaml b/specifications/ietf-eat-profile/bibliography.yaml
@@ -55,3 +55,10 @@ references:
       year: 2020
       month: 12
     url: "https://datatracker.ietf.org/doc/html/rfc8949"
+  - id: "ietf-cose-dilithium"
+    title: "ML-DSA for JOSE and COSE"
+    publisher: "IETF"
+    issued:
+      year: 2025
+      month: 9
+    url: "https://datatracker.ietf.org/doc/draft-ietf-cose-dilithium/"
diff --git a/specifications/ietf-eat-profile/spec.ocp b/specifications/ietf-eat-profile/spec.ocp
@@ -185,7 +185,7 @@ and provide the minimum necessary information for verifier appraisal policies:
     * This claim is used by the attester to identify the profile. It **MUST** be present and **SHALL** contain the OID assigned to the OCP Profile. **TODO: OCP to assign OID Value**
 
 6. **Measurements** (claim key: 273, encoded as 0x190111)
-    * This claim is used by the attester to present the target environment claims that verifier will consume for the appraisal policy. It **MUST** be present and **SHALL** encapsulate a "concise-evidence" as a serialized CBOR byte string using the appropriate IANA media type. The serialized concise-evidence **SHALL NOT** exceed 128kB in size.
+    * This claim is used by the attester to present the target environment claims that verifier will consume for the appraisal policy. It **MUST** be present and **SHALL** encapsulate a "concise-evidence" as a serialized CBOR byte string using the appropriate IANA media type.
 
 **Optional Claims (7-14)**: These claims are **OPTIONAL** and provide additional
 platform information that may be useful for audit purposes but are not strictly
@@ -267,7 +267,101 @@ Additionally, an Attester has the option to include a complete certificate path
 within the x5-chain, extending from a recognized Trusted Anchor (such as a
 Vendor Root CA) or up to the Initial Device Identity (IDEVID).
 
-The signed-cwt CDDL is defined in the following manner:
+## COSE Algorithm Requirements
+
+This profile defines specific cryptographic algorithms that **MUST** be
+supported for CWT signing to ensure interoperability and appropriate security
+levels for data center environments.
+
+### Supported Algorithms
+
+Implementations of this profile **SHALL** support **one** of the
+following COSE algorithms for the COSE_Sign1 signature:
+
+1. **ECDSA with P-384 and SHA-384** (COSE Algorithm ID: -51)
+    * **Algorithm**: ES384 as defined in [@{ietf-rfc9052}]
+    * **Curve**: NIST P-384
+    * **Hash**: SHA-384
+    * **Key Size**: 384 bits
+    * **Security Level**: 192-bit classical security
+    * **Signature Size**: ~96 bytes
+    * **Public Key Size**: 97 bytes (uncompressed point)
+    * **Private Key Size**: 48 bytes
+    * **Status**: **REQUIRED** - Implementations MUST support either this
+      algorithm or ML-DSA-87
+
+2. **ML-DSA-87** (COSE Algorithm ID: -50)
+    * **Algorithm**: ML-DSA-87 (FIPS 204) as defined in
+      [@{ietf-cose-dilithium}]
+    * **Security Level**: Category 5 (256-bit classical, 128-bit quantum)
+    * **Signature Size**: ~4,627 bytes
+    * **Public Key Size**: 2,592 bytes
+    * **Private Key Size**: 4,896 bytes
+    * **Hash**: SHAKE256
+    * **Status**: **REQUIRED** - Implementations MUST support either this
+      algorithm or ECDSA-P384
+
+
+### Algorithm Selection Guidelines
+
+**Default Algorithm**: Implementations **SHOULD** use ECDSA-P384 as the
+default signing algorithm unless specifically configured otherwise or when
+post-quantum security is explicitly required.
+
+**Algorithm Negotiation**: When both algorithms are supported, the choice
+of algorithm **SHALL** be determined by:
+
+1. Verifier policy requirements
+2. Attester capabilities
+3. Deployment security requirements (classical vs. post-quantum)
+4. Size constraints and bandwidth considerations
+
+**Certificate Chain Consistency**: The algorithm used for CWT signing
+**SHOULD** be consistent with the algorithm used in the Attestation Key
+certificate chain, though this is not strictly required.
+
+### Size Implications
+
+Implementations **MUST** account for the following signature size
+implications when calculating total CWT size against the 64kB limit:
+
+* **ECDSA-P384**: ~96 bytes signature size
+* **ML-DSA-87**: ~4,627 bytes signature size
+
+**Note**: When using ML-DSA-87, implementors should carefully consider the
+available space for claims and certificate chains within the 64kB total
+size limit. The large signature size may necessitate more compact
+certificate chains or reduced optional claims.
+
+### COSE Header Requirements
+
+The COSE_Sign1 protected header **MUST** include:
+
+* **alg** (label 1): The COSE algorithm identifier (-35 for ES384 or -50
+  for ML-DSA-87)
+* Additional algorithm-specific parameters as required by the chosen
+  algorithm
+
+The COSE_Sign1 unprotected header **MUST** include:
+
+* **x5chain** (label 33): Certificate chain as specified in the main
+  specification
+
+### Implementation Notes
+
+**Interoperability**: Attesters **MAY** choose which algorithm to use
+based on their capabilities and deployment requirements.
+
+**Migration Path**: The dual algorithm support provides a clear migration
+path from classical to post-quantum cryptography while maintaining current
+security levels during the transition period.
+
+### Future Algorithm Support
+
+This profile may be updated to include additional COSE algorithms as they
+become standardized and relevant for data center attestation use cases.
+Any future algorithm additions will maintain backward compatibility with
+existing implementations.
 
 ## Concise Evidence
 
