Skip to content

Add ML-DSA-87 DPE profile #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add ML-DSA-87 DPE profile #66

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions specifications/dpe-irot-profile/bibliography.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,10 @@
references:
- id: "fips204"
title: "FIPS 204: Module-Lattice-Based Digital Signature Standard"
publisher: "NIST"
issued:
year: 2024
month: 8
- id: "ietf-rfc2986"
title: "PKCS #10: Certification Request Syntax Specification"
publisher: "IETF"
Expand Down
133 changes: 127 additions & 6 deletions specifications/dpe-irot-profile/spec.ocp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,13 @@ This document defines multiple variants of the DPE iRoT profile:
* `DPE_PROFILE_IROT_P384_SHA384`
* `DPE_PROFILE_IROT_MIN_P256_SHA256`
* `DPE_PROFILE_IROT_MIN_P384_SHA384`
* `DPE_PROFILE_IROT_MLDSA_87_SHA384`

Names follow the format:

`DPE_PROFILE_IROT{_OPTIONAL_VARIANT}_{SIGNING_ALGORITHM}_{MEASUREMENT_DIGEST_ALGORITHM}`

Currently, the only supported optional variant is "MIN", which supports a smaller subset of the DPE commands.

The profile name will be embedded as ASCII within the version field of the TCBInfo(s), enabling a verifier to confirm that the evidence originates from this profile.

Expand Down Expand Up @@ -447,6 +454,13 @@ cryptographic algorithms:
* ECDSA P-384
* SHA2-384

Copy link

@xiaoyuruan xiaoyuruan Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"### GetCertificateChain" uses max cert size of 2048 bytes. Need to increase significantly (to 8192?) to accommodate ML-DSA-87.

Copy link
Author

@jhand2 jhand2 Oct 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we could change it or leave it. The current design of GetCertificateChain isn't necessarily intended to return full certificates. It just returns chunks of up to 2KiB.

So the main downside of keeping the 2KiB size with ML-DSA is that it will take more calls to get the full cert chain.

Copy link

@xiaoyuruan xiaoyuruan Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is a (new) field "remaining size" needed in OUTPUT?

One could argue that if (OUTPUT) CERTIFICATE_SIZE < (INPUT) SIZE then it implies the end of cert chain, but what if (OUTPUT) CERTIFICATE_SIZE happens to be same as (INPUT) SIZE...

Or the caller can parse X.509 and figure out the size of a single cert, but caller still does not know the total number of certs.

Profile `DPE_PROFILE_IROT_MLDSA87_SHA384` requires support for the following
cryptographic algorithms:

* ML-DSA-87
* SHAKE256
* SHA2-384


This profile defines the following derivation schemes for use in Profile
Attributes.
Expand Down Expand Up @@ -532,18 +546,31 @@ follows:
* Outputs
* 48-byte key

Copy link

@xiaoyuruan xiaoyuruan Sep 25, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After "### ocp.derive.kdf-cdi-384", there should be added a new subsection "### ocp.derive.kdf-cdi-512" for CDI of MLDSA87.

After "### ocp.export-cdi.raw-384", there should be added a new subsection "### ocp.export-cdi.raw-512" for CDI of MLDSA87.

### ocp.key-format.p256.raw
### ocp.derive.kdf-asymmetric-mldsa87

The concatenation of the 32-byte X value and 32-byte Y value of the ECDSA public key.
The asymmetric key derivation scheme “ocp.derive.kdf-asymmetric-mldsa87” is defined as
follows:

Both the X and Y value SHALL be big-endian and left-padded with zeros.
* The asymmetric key type is ML-DSA-87
* Signature scheme is ML-DSA
* This derivation scheme SHALL use a cryptographically secure KDF or DRBG.
Copy link

@xiaoyuruan xiaoyuruan Sep 25, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

KDF or DRBG alone cannot derive MLDSA key from CDI. Two steps here:

  1. From 512b CDI to 256b \xi (KDF or DRBG)
  2. From \xi to MLDSA key (Algorithm 6 ML-DSA.KeyGen_internal of FIPS 204).

* Inputs
* CDI
* `LABEL`
* ASCII Bytes "MLDSA"
* Outputs
* 48-byte key
Copy link

@clundin25 clundin25 Aug 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be a 64 byte key?

Copy link
Contributor

@zhalvorsen zhalvorsen Sep 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* 48-byte key
* 4896-byte key


### ocp.key-format.p384.raw

The concatenation of the 48-byte X value and 48-byte Y value of the ECDSA public key.

Both the X and Y value SHALL be big-endian and left-padded with zeros.

### ocp.key-format.mldsa87.raw

A raw ML-DSA-87 key, encoded as using the pkEncode function in FIPS 204

## Sign Format

### ocp.tbs-format.digest-sha256
Expand All @@ -562,6 +589,15 @@ The format “ocp.tbs-format.digest-sha384” is defined as
additional processing. The size of the value SHALL be a SHA2-384 digest of
size 48 bytes.

### ocp.tbs-format.mldsa87-external-mu

The format “ocp.tbs-format.mldsa87-external-mu” is defined as

The mu parameter as described in FIPS 204.

* tr = SHAKE256(public_key, 64)
* mu = SHAKE256(tr || message, 64)

### ocp.signature-format.p256.raw

The concatenation of the 32-byte R value and 32-byte S value of the ECDSA signature.
Expand All @@ -574,6 +610,10 @@ The concatenation of the 48-byte R value and 48-byte S value of the ECDSA signat

Both the R and S value SHALL be big-endian and left-padded with zeros.

### ocp.signature-format.mldsa87.raw

TODO

## Recursive Derivation

### ocp.recursive-derivation.extend-tci
Expand Down Expand Up @@ -743,7 +783,7 @@ following requirements:
* version: The version of the CSR specification - the version SHALL be 0
* subject: The subject name of the CSR
* subjectPKInfo: This field SHALL contain the subject public key and the
OID for the EC public key algorithm used by the DPE profile
OID for the public key algorithm used by the DPE profile
* attributes: An "Extension Request" attribute as defined in RFC 2985
[@{ietf-rfc2985}] SHALL adhere to the following requirements
* The BasicConstraints extension SHALL be included
Expand Down Expand Up @@ -786,6 +826,16 @@ The format “ocp.certificate.irot-eca.p384” is defined as follows:
* For the Signature field, DPE SHALL use the ECDSA-with-SHA384 OID with NIST curve
P-384.

### ocp.certificate.irot-eca.mldsa87

The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:

* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
SHA2-512 OID.
* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
* For the Signature field, DPE SHALL use the ML-DSA-87 OID.

### ocp.certificate.irot-leaf.p256

The format ocp.certificate.irot-leaf.p256” is defined as follows:
Expand All @@ -810,6 +860,16 @@ The format “ocp.certificate.irot.p384” is defined as follows:
* For the Signature field, DPE SHALL use the ECDSA-with-SHA384 OID with NIST curve
P-384.

### ocp.certificate.irot-leaf.mldsa87

The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:

* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
SHA2-512 OID.
* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
* For the Signature field, DPE SHALL use the ML-DSA-87 OID.

### ocp.csr.irot-leaf.p256

The format “ocp.csr.irot-leaf.p256” is defined as follows:
Expand All @@ -834,6 +894,17 @@ The format “ocp.csr.irot-leaf.p384” is defined as follows:
* For the Signature of both the CMS message and the CertificationRequest, DPE SHALL
use the ECDSA-with-SHA384 OID with NIST curve P-384.

### ocp.csr.irot-leaf.mldsa87

The format “ocp.csr.irot-eca.mldsa87” is defined as follows:

* SHALL follow all "Requirements for CSRs" in @sec:csr-requirements
* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
SHA2-512 OID.
* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
* For the Signature of both the CMS message and the CertificationRequest, DPE SHALL
use the ML-DSA-87 OID.

## Profile Attributes

### ocp.profile.irot.p256
Expand Down Expand Up @@ -1178,6 +1249,46 @@ The format “ocp.csr.irot-leaf.p384” is defined as follows:
| supports-symmetric-sign | False |
+-------------------------------+------------------------------------------------------------------+

### ocp.profile.irot.mldsa87

+-------------------------------+------------------------------------------------------------------+
| **Attribute** | **Value** |
+===============================+==================================================================+
| =========================================== General ============================================ |
+-------------------------------+------------------------------------------------------------------+
| name | ocp.profile.irot.ml-dsa-87 |
+-------------------------------+------------------------------------------------------------------+
| inherits | ocp.profile.irot.p256 |
+-------------------------------+------------------------------------------------------------------+
| ============================================ Input ============================================= |
+-------------------------------+------------------------------------------------------------------+
| input-format | ocp.format.digest-sha384 |
+-------------------------------+------------------------------------------------------------------+
| ========================================= Derivation =========================================== |
+-------------------------------+------------------------------------------------------------------+
| dice-derivation | ocp.derive.kdf-cdi-512 |
+-------------------------------+------------------------------------------------------------------+
| asymmetric-derivation | ocp.derive.kdf-asymmetric-mldsa87 |
+-------------------------------+------------------------------------------------------------------+
| ======================================== Certificates ========================================== |
+-------------------------------+------------------------------------------------------------------+
| leaf-certificate-format | ocp.certificate.irot-leaf.mldsa87 |
+-------------------------------+------------------------------------------------------------------+
| eca-certificate-format | ocp.certificate.irot-eca.mldsa87 |
+-------------------------------+------------------------------------------------------------------+
| ========================================= Signatures =========================================== |
+-------------------------------+------------------------------------------------------------------+
| to-be-signed-format | ocp.format.mldsa87-external-mu. |
+-------------------------------+------------------------------------------------------------------+
| public-key-format | ocp.key-format.mldsa87.raw |
+-------------------------------+------------------------------------------------------------------+
| signature-format | ocp.signature-format.mldsa87.raw |
+-------------------------------+------------------------------------------------------------------+
| =========================================== Export ============================================= |
+-------------------------------+------------------------------------------------------------------+
| export-cdi-format | ocp.export-cdi.raw-512 |
+-------------------------------+------------------------------------------------------------------+

## ABI Structure Definitions {#sec:abi-structure-definitions}

All structures are fixed size for a given profile. In some cases, command/response structures differ
Expand Down Expand Up @@ -1237,6 +1348,7 @@ Table: Profile Constants
`DPE_PROFILE_IROT_MIN_P384_SHA384` | 0x2
`DPE_PROFILE_IROT_P256_SHA256` | 0x3
`DPE_PROFILE_IROT_P384_SHA384` | 0x4
`DPE_PROFILE_IROT_MLDSA87_SHA384` | 0x5

Table: Certificate Formats

Expand Down Expand Up @@ -1297,6 +1409,15 @@ Table: Profile-dependant ABI constants for `DPE_PROFILE_IROT_P384_SHA384`
`S` | Signature Size | 96
`C` | Certificate Size | 6144

Table: Profile-dependant ABI constants for `DPE_PROFILE_IROT_MLDSA87_SHA384`

**Name** | **Description** | **Value**
------------ | --------------------- | --------
`H` | Hash Size | 64
`P` | Public Key Size | 2592
`S` | Signature Size | 4697
`C` | Certificate Size | TODO
Copy link
Author

@jhand2 jhand2 Aug 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still open


### Types

Table: ABI Types
Expand Down Expand Up @@ -1465,7 +1586,7 @@ Table: `SIGN_INPUT_ARGS` struct
| ------- | ------------- | ------- | -------------------- | -------------------------------------------------------
| 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_COMMAND_MAGIC`.
| 0x04 | `U32` | 31:0 | `COMMAND_ID` | `DPE_COMMAND_SIGN`.
| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_IROT_SHA256_P256`.
| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
| 0x0C | `BYTES` | 127:0 | `CONTEXT_HANDLE` | A numeric handle referring to a DPE context.
| 0x1C | `HASH` | | `LABEL` | Digest measurement label used in key derivation.
| 0x1C + H | `BITFIELD` | 31:0 | `RESERVED` | Reserved
Expand All @@ -1477,7 +1598,7 @@ Table: `SIGN_OUTPUT_ARGS` struct
| ------- | ---------- | ------- | ---------------------- | -------------------------------------------------
| 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_RESPONSE_MAGIC`.
| 0x04 | `U32` | 31:0 | `STATUS` | One of `DPE_STATUS_*`.
| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_IROT_SHA256_P256`.
| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
| 0x0C | `BYTES` | 127:0 | `NEW_CONTEXT_HANDLE` | Numeric handle referring to the updated context.
| 0x1C | `SIGNATURE` | | `SIGNATURE` | Signature over `TO_BE_SIGNED`

Expand Down