From 55645dca50c179dcd31c058ee8c68187fb9b96f6 Mon Sep 17 00:00:00 2001 From: Jordan Hand Date: Fri, 29 Aug 2025 15:08:55 -0700 Subject: [PATCH] Add ML-DSA-87 DPE profile Additionally, add a P384-SHA512 profile. This is to provide a classical profile whose measurement format is compatible with ML-DSA-87. Signed-off-by: Jordan Hand --- .../dpe-irot-profile/bibliography.yaml | 6 + specifications/dpe-irot-profile/spec.ocp | 180 +++++++++++++++++- 2 files changed, 180 insertions(+), 6 deletions(-) diff --git a/specifications/dpe-irot-profile/bibliography.yaml b/specifications/dpe-irot-profile/bibliography.yaml index e1899d0..442b0d1 100644 --- a/specifications/dpe-irot-profile/bibliography.yaml +++ b/specifications/dpe-irot-profile/bibliography.yaml @@ -1,4 +1,10 @@ references: + - id: "fips204" + title: "FIPS 204: Module-Lattice-Based Digital Signature Standard" + publisher: "NIST" + issued: + year: 2024 + month: 8 - id: "ietf-rfc2986" title: "PKCS #10: Certification Request Syntax Specification" publisher: "IETF" diff --git a/specifications/dpe-irot-profile/spec.ocp b/specifications/dpe-irot-profile/spec.ocp index 89ed765..a8287c6 100644 --- a/specifications/dpe-irot-profile/spec.ocp +++ b/specifications/dpe-irot-profile/spec.ocp @@ -103,6 +103,12 @@ This document defines multiple variants of the DPE iRoT profile: * `DPE_PROFILE_IROT_P384_SHA384` * `DPE_PROFILE_IROT_MIN_P256_SHA256` * `DPE_PROFILE_IROT_MIN_P384_SHA384` +* `DPE_PROFILE_IROT_MIN_P384_SHA512` +* `DPE_PROFILE_IROT_MLDSA_87_SHA512` + +Names follow the format: + +`DPE_PROFILE_IROT{_OPTIONAL_VARIANT}_{SIGNING_ALGORITHM}_{MEASUREMENT_DIGEST_ALGORITHM}` The profile name will be embedded as ASCII within the version field of the TCBInfo(s), enabling a verifier to confirm that the evidence originates from this profile. @@ -447,6 +453,18 @@ cryptographic algorithms: * ECDSA P-384 * SHA2-384 +Profile `DPE_PROFILE_IROT_P384_SHA512` requires support for the following +cryptographic algorithms: + +* ECDSA P-384 +* SHA2-512 + +Profile `DPE_PROFILE_IROT_MLDSA87_SHA512` requires support for the following +cryptographic algorithms: + +* ML-DSA-87 +* SHA2-512 + This profile defines the following derivation schemes for use in Profile Attributes. @@ -532,11 +550,20 @@ follows: * Outputs * 48-byte key -### ocp.key-format.p256.raw +### ocp.derive.kdf-asymmetric-mldsa87 -The concatenation of the 32-byte X value and 32-byte Y value of the ECDSA public key. +The asymmetric key derivation scheme “ocp.derive.kdf-asymmetric-mldsa87” is defined as +follows: -Both the X and Y value SHALL be big-endian and left-padded with zeros. +* The asymmetric key type is ML-DSA-87 +* Signature scheme is ML-DSA +* This derivation scheme SHALL use a cryptographically secure KDF or DRBG. +* Inputs + * CDI + * `LABEL` + * ASCII Bytes "ECC" +* Outputs + * 48-byte key ### ocp.key-format.p384.raw @@ -544,6 +571,10 @@ The concatenation of the 48-byte X value and 48-byte Y value of the ECDSA public Both the X and Y value SHALL be big-endian and left-padded with zeros. +### ocp.key-format.mldsa87.raw + +A raw ML-DSA-87 key, encoded as using the pkEncode function in FIPS 204 + ## Sign Format ### ocp.tbs-format.digest-sha256 @@ -562,6 +593,29 @@ The format “ocp.tbs-format.digest-sha384” is defined as additional processing. The size of the value SHALL be a SHA2-384 digest of size 48 bytes. +### ocp.tbs-format.digest-sha512 + +The format “ocp.tbs-format.digest-sha384” is defined as + +* A digest which will be signed directly using the signing scheme with no + additional processing. The size of the value SHALL be a SHA2-384 digest of + size 48 bytes. + +### ocp.tbs-format.mldsa87-external-mu + +The format “ocp.tbs-format.mldsa87-mu” is defined as + +The mu parameter as described in FIPS 204. + +* tr = SHAKE256(public_key, 64) +* mu = SHAKE256(tr || message, 64) + +### ocp.tbs-format.raw-message + +The format “ocp.tbs-format.mldsa87-mu” is defined as a full raw message to +be signed. This format is only supported by profiles whose signing algorithms +support signing raw data (e.g. Pure ML-DSA). + ### ocp.signature-format.p256.raw The concatenation of the 32-byte R value and 32-byte S value of the ECDSA signature. @@ -743,7 +797,7 @@ following requirements: * version: The version of the CSR specification - the version SHALL be 0 * subject: The subject name of the CSR * subjectPKInfo: This field SHALL contain the subject public key and the - OID for the EC public key algorithm used by the DPE profile + OID for the public key algorithm used by the DPE profile * attributes: An "Extension Request" attribute as defined in RFC 2985 [@{ietf-rfc2985}] SHALL adhere to the following requirements * The BasicConstraints extension SHALL be included @@ -786,6 +840,16 @@ The format “ocp.certificate.irot-eca.p384” is defined as follows: * For the Signature field, DPE SHALL use the ECDSA-with-SHA384 OID with NIST curve P-384. +### ocp.certificate.irot-eca.mldsa87 + +The format “ocp.certificate.irot-eca.mldsa87” is defined as follows: + +* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements +* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the + SHA2-512 OID. +* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID. +* For the Signature field, DPE SHALL use the ML-DSA-87 OID. + ### ocp.certificate.irot-leaf.p256 The format ocp.certificate.irot-leaf.p256” is defined as follows: @@ -810,6 +874,16 @@ The format “ocp.certificate.irot.p384” is defined as follows: * For the Signature field, DPE SHALL use the ECDSA-with-SHA384 OID with NIST curve P-384. +### ocp.certificate.irot-leaf.mldsa87 + +The format “ocp.certificate.irot-eca.mldsa87” is defined as follows: + +* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements +* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the + SHA2-512 OID. +* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID. +* For the Signature field, DPE SHALL use the ML-DSA-87 OID. + ### ocp.csr.irot-leaf.p256 The format “ocp.csr.irot-leaf.p256” is defined as follows: @@ -834,6 +908,17 @@ The format “ocp.csr.irot-leaf.p384” is defined as follows: * For the Signature of both the CMS message and the CertificationRequest, DPE SHALL use the ECDSA-with-SHA384 OID with NIST curve P-384. +### ocp.csr.irot-leaf.mldsa87 + +The format “ocp.csr.irot-eca.mldsa87” is defined as follows: + +* SHALL follow all "Requirements for CSRs" in @sec:csr-requirements +* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the + SHA2-512 OID. +* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID. +* For the Signature of both the CMS message and the CertificationRequest, DPE SHALL + use the ML-DSA-87 OID. + ## Profile Attributes ### ocp.profile.irot.p256 @@ -1178,6 +1263,63 @@ The format “ocp.csr.irot-leaf.p384” is defined as follows: | supports-symmetric-sign | False | +-------------------------------+------------------------------------------------------------------+ +### ocp.profile.irot.p384-sha512 + ++-------------------------------+------------------------------------------------------------------+ +| **Attribute** | **Value** | ++===============================+==================================================================+ +| =========================================== General ============================================ | ++-------------------------------+------------------------------------------------------------------+ +| name | ocp.profile.irot.p384-sha512 | ++-------------------------------+------------------------------------------------------------------+ +| inherits | ocp.profile.irot.p384 | ++-------------------------------+------------------------------------------------------------------+ +| ============================================ Input ============================================= | ++-------------------------------+------------------------------------------------------------------+ +| input-format | ocp.format.digest-sha512 | ++-------------------------------+------------------------------------------------------------------+ + +### ocp.profile.irot.mldsa87 + ++-------------------------------+------------------------------------------------------------------+ +| **Attribute** | **Value** | ++===============================+==================================================================+ +| =========================================== General ============================================ | ++-------------------------------+------------------------------------------------------------------+ +| name | ocp.profile.irot.ml-dsa-87 | ++-------------------------------+------------------------------------------------------------------+ +| inherits | ocp.profile.irot.p256 | ++-------------------------------+------------------------------------------------------------------+ +| ============================================ Input ============================================= | ++-------------------------------+------------------------------------------------------------------+ +| input-format | ocp.format.digest-sha512 | ++-------------------------------+------------------------------------------------------------------+ +| ========================================= Derivation =========================================== | ++-------------------------------+------------------------------------------------------------------+ +| dice-derivation | ocp.derive.kdf-cdi-512 | ++-------------------------------+------------------------------------------------------------------+ +| asymmetric-derivation | ocp.derive.kdf-asymmetric-mldsa87 | ++-------------------------------+------------------------------------------------------------------+ +| ======================================== Certificates ========================================== | ++-------------------------------+------------------------------------------------------------------+ +| leaf-certificate-format | ocp.certificate.irot-leaf.mldsa87 | ++-------------------------------+------------------------------------------------------------------+ +| eca-certificate-format | ocp.certificate.irot-eca.mldsa87 | ++-------------------------------+------------------------------------------------------------------+ +| ========================================= Signatures =========================================== | ++-------------------------------+------------------------------------------------------------------+ +| to-be-signed-format | If Sign FULL_MESSAGE flag is set, ocp.format.mldsa87-external-mu.| +| | Else, ocp.format.raw-message. | ++-------------------------------+------------------------------------------------------------------+ +| public-key-format | ocp.key-format.mldsa87.raw | ++-------------------------------+------------------------------------------------------------------+ +| signature-format | ocp.signature-format.mldsa87.raw | ++-------------------------------+------------------------------------------------------------------+ +| =========================================== Export ============================================= | ++-------------------------------+------------------------------------------------------------------+ +| export-cdi-format | ocp.export-cdi.raw-512 | ++-------------------------------+------------------------------------------------------------------+ + ## ABI Structure Definitions {#sec:abi-structure-definitions} All structures are fixed size for a given profile. In some cases, command/response structures differ @@ -1237,6 +1379,8 @@ Table: Profile Constants `DPE_PROFILE_IROT_MIN_P384_SHA384` | 0x2 `DPE_PROFILE_IROT_P256_SHA256` | 0x3 `DPE_PROFILE_IROT_P384_SHA384` | 0x4 +`DPE_PROFILE_IROT_P384_SHA512` | 0x5 +`DPE_PROFILE_IROT_MLDSA87_SHA512` | 0x6 Table: Certificate Formats @@ -1297,6 +1441,15 @@ Table: Profile-dependant ABI constants for `DPE_PROFILE_IROT_P384_SHA384` `S` | Signature Size | 96 `C` | Certificate Size | 6144 +Table: Profile-dependant ABI constants for `DPE_PROFILE_IROT_MLDSA87_SHA512` + +**Name** | **Description** | **Value** +------------ | --------------------- | -------- +`H` | Hash Size | 64 +`P` | Public Key Size | 2592 +`S` | Signature Size | 4697 +`C` | Certificate Size | TODO + ### Types Table: ABI Types @@ -1459,7 +1612,7 @@ Table: `CERTIFY_KEY_OUTPUT_ARGS` struct #### Sign ABI -Table: `SIGN_INPUT_ARGS` struct +Table: `SIGN_INPUT_ARGS` struct if `FULL_MESSAGE` **is not** set | **Byte Offset** | **Type** | **Bits** | **Name** | **Description** | ------- | ------------- | ------- | -------------------- | ------------------------------------------------------- @@ -1468,9 +1621,24 @@ Table: `SIGN_INPUT_ARGS` struct | 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_IROT_SHA256_P256`. | 0x0C | `BYTES` | 127:0 | `CONTEXT_HANDLE` | A numeric handle referring to a DPE context. | 0x1C | `HASH` | | `LABEL` | Digest measurement label used in key derivation. -| 0x1C + H | `BITFIELD` | 31:0 | `RESERVED` | Reserved +| 0x1C + H | `BITFIELD` | 31 | `FULL_MESSAGE` | If set, `TO_BE_SIGNED` contains the full message. This flag is only supported where explicitly specified in `to-be-signed-format`. +| | | 30:0 | `RESERVED` | Reserved | 0x20 + H | `HASH` | | `TO_BE_SIGNED` | Hash to be signed. +Table: `SIGN_INPUT_ARGS` struct if `FULL_MESSAGE` **is** set + +| **Byte Offset** | **Type** | **Bits** | **Name** | **Description** +| ------- | ------------- | ------- | -------------------- | ------------------------------------------------------- +| 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_COMMAND_MAGIC`. +| 0x04 | `U32` | 31:0 | `COMMAND_ID` | `DPE_COMMAND_SIGN`. +| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_IROT_SHA256_P256`. +| 0x0C | `BYTES` | 127:0 | `CONTEXT_HANDLE` | A numeric handle referring to a DPE context. +| 0x1C | `HASH` | | `LABEL` | Digest measurement label used in key derivation. +| 0x1C + H | `BITFIELD` | 31 | `FULL_MESSAGE` | If set, `TO_BE_SIGNED` contains the full message. This flag is only supported where explicitly specified in `to-be-signed-format`. +| | | 30:0 | `RESERVED` | Reserved +| 0x20 + H | `U32` | 31:0 | `TO_BE_SIGNED_SIZE` | Number of bytes populated in `TO_BE_SIGNED` +| 0x20 + H | `BYTES` | 8191:0 | `TO_BE_SIGNED` | Message to be signed. + Table: `SIGN_OUTPUT_ARGS` struct | **Byte Offset** | **Type** | **Bits** | **Name** | **Description**