Skip to content

dpe: Resolve feedback items from #66 #88

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zhalvorsen wants to merge 1 commit into
base: main
Choose a base branch
from
Open

dpe: Resolve feedback items from #66 #88

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 18 additions & 29 deletions specifications/dpe-irot-profile/spec.ocp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -499,18 +499,6 @@ The CDI derivation scheme “ocp.derive.kdf-cdi-384” is defined as follows:
* Outputs
* 48-byte key

### ocp.derive.kdf-cdi-512

The CDI derivation scheme “ocp.derive.kdf-cdi-512” is defined as follows:

* This derivation scheme SHALL use a cryptographically secure KDF or DRBG.
* Inputs
* CDI
* `MEASUREMENT_DATA`
* ASCII Bytes "DPE"
* Outputs
* 64-byte key

## CDI Export

### ocp.export-cdi.raw-256
Expand All @@ -525,12 +513,6 @@ The CDI export scheme "ocp.export-cdi.raw" is a raw 384-bit secret

To generate exported keypair, use asymmetric-derivation for the relevant profile.

### ocp.export-cdi.raw-512

The CDI export scheme "ocp.export-cdi.raw" is a raw 512-bit secret

To generate exported keypair, use asymmetric-derivation for the relevant profile.

## Key Derivation

* `LABEL`: LABEL parameter passed to Sign and CertifyKey
Expand Down Expand Up @@ -573,13 +555,19 @@ follows:

* The asymmetric key type is ML-DSA-87
* Signature scheme is ML-DSA
* This derivation scheme SHALL use a cryptographically secure KDF or DRBG.
* This derivation scheme SHALL use the following sequence.
* Use a cryptographically secure KDF or DRBG to derive 32-byte seed 𝜉 (xi).
* Inputs
* CDI
* `LABEL`
* ASCII Bytes "MLDSA"
* Outputs
* 64-byte key
* 32-byte xi
* Use ML-DSA.KeyGen_internal (Algorithm 6) to derive the private key [@{fips204}].
* Inputs
* 32-byte xi
* Outputs
* 4,896-byte key

### ocp.key-format.p384.raw

Expand Down Expand Up @@ -852,7 +840,7 @@ The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:

* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
SHA2-512 OID.
SHA2-384 OID.
* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
* For the Signature field, DPE SHALL use the ML-DSA-87 OID.

Expand Down Expand Up @@ -886,7 +874,7 @@ The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:

* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
SHA2-512 OID.
SHA2-384 OID.
* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
* For the Signature field, DPE SHALL use the ML-DSA-87 OID.

Expand Down Expand Up @@ -920,7 +908,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:

* SHALL follow all "Requirements for CSRs" in @sec:csr-requirements
* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
SHA2-512 OID.
SHA2-384 OID.
* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
* For the Signature of both the CMS message and the CertificationRequest, DPE SHALL
use the ML-DSA-87 OID.
Expand Down Expand Up @@ -1286,7 +1274,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
+-------------------------------+------------------------------------------------------------------+
| ========================================= Derivation =========================================== |
+-------------------------------+------------------------------------------------------------------+
| dice-derivation | ocp.derive.kdf-cdi-512 |
| dice-derivation | ocp.derive.kdf-cdi-384 |
+-------------------------------+------------------------------------------------------------------+
| asymmetric-derivation | ocp.derive.kdf-asymmetric-mldsa87 |
+-------------------------------+------------------------------------------------------------------+
Expand All @@ -1306,7 +1294,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
+-------------------------------+------------------------------------------------------------------+
| =========================================== Export ============================================= |
+-------------------------------+------------------------------------------------------------------+
| export-cdi-format | ocp.export-cdi.raw-512 |
| export-cdi-format | ocp.export-cdi.raw-384 |
+-------------------------------+------------------------------------------------------------------+

## ABI Structure Definitions {#sec:abi-structure-definitions}
Expand Down Expand Up @@ -1433,10 +1421,10 @@ Table: Profile-dependant ABI constants for `DPE_PROFILE_IROT_MLDSA87_SHA384`

**Name** | **Description** | **Value**
------------ | --------------------- | --------
`H` | Hash Size | 64
`H` | Hash Size | 48
`P` | Public Key Size | 2592
`S` | Signature Size | 4697
`C` | Certificate Size | TODO
`C` | Certificate Size | 17408

### Types

Expand Down Expand Up @@ -1683,5 +1671,6 @@ Table: `GET_CERTIFICATE_CHAIN_OUTPUT_ARGS` struct
| 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_RESPONSE_MAGIC`.
| 0x04 | `U32` | 31:0 | `STATUS` | One of `DPE_STATUS_*`.
| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
| 0x0C | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read.
| 0x10 | `BYTES` | 16383:0 | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.
| 0x0C | `U32` | 31:0 | `REMAINING` | Number of bytes remaining after this portion of the certificate chain.
Copy link
Contributor Author

@zhalvorsen zhalvorsen Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jhand2 Instead of changing this ABI, what if we added a return status that was "There is still more data"?

Copy link
Contributor

@jhand2 jhand2 Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, ya I think that's how it works today: https://github.com/chipsalliance/caliptra-dpe/blob/main/verification/client/abi.go#L548-L551

Although in retrospect, InvalidArgument was probably a bad return code to choose :)

| 0x10 | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read.
| 0x14 | `BYTES` | 16383:0 | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.