@@ -204,6 +204,17 @@ in the command-specific "ABI" sections in @sec:abi-structure-definitions.
204204
205205Full structure definitions are provided at the end of this document.
206206
207+ ## Multi-part Operations
208+
209+ This profile supports multi-part operations for commands that return large
210+ amounts of data. This functionality is currently limited to the response data of
211+ CertifyKey and GetCertificateChain. When an operation has additional data to
212+ return, the `OperationHandle` in the response will be non-zero. Once all data
213+ has been transmitted, the `OperationHandle` will be 16 null bytes. For
214+ subsequent multi-part requests, all input parameters SHALL remain identical to
215+ the initial request, except for the `OperationHandle`, which SHALL be populated
216+ with the value received in the preceding response.
217+
207218## Supported Commands
208219
209220This section describes commands supported by this profile.
@@ -499,18 +510,6 @@ The CDI derivation scheme “ocp.derive.kdf-cdi-384” is defined as follows:
499510* Outputs
500511 * 48-byte key
501512
502- ### ocp.derive.kdf-cdi-512
503-
504- The CDI derivation scheme “ocp.derive.kdf-cdi-512” is defined as follows:
505-
506- * This derivation scheme SHALL use a cryptographically secure KDF or DRBG.
507- * Inputs
508- * CDI
509- * `MEASUREMENT_DATA`
510- * ASCII Bytes "DPE"
511- * Outputs
512- * 64-byte key
513-
514513## CDI Export
515514
516515### ocp.export-cdi.raw-256
@@ -525,12 +524,6 @@ The CDI export scheme "ocp.export-cdi.raw" is a raw 384-bit secret
525524
526525To generate exported keypair, use asymmetric-derivation for the relevant profile.
527526
528- ### ocp.export-cdi.raw-512
529-
530- The CDI export scheme "ocp.export-cdi.raw" is a raw 512-bit secret
531-
532- To generate exported keypair, use asymmetric-derivation for the relevant profile.
533-
534527## Key Derivation
535528
536529* `LABEL`: LABEL parameter passed to Sign and CertifyKey
@@ -573,13 +566,19 @@ follows:
573566
574567* The asymmetric key type is ML-DSA-87
575568* Signature scheme is ML-DSA
576- * This derivation scheme SHALL use a cryptographically secure KDF or DRBG.
569+ * This derivation scheme SHALL use the following sequence.
570+ * Use a cryptographically secure KDF or DRBG to derive 32-byte seed 𝜉 (xi).
577571* Inputs
578572 * CDI
579573 * `LABEL`
580574 * ASCII Bytes "MLDSA"
581575* Outputs
582- * 64-byte key
576+ * 32-byte xi
577+ * Use ML-DSA.KeyGen_internal (Algorithm 6) to derive the private key [@{fips204}].
578+ * Inputs
579+ * 32-byte xi
580+ * Outputs
581+ * 4,896-byte key
583582
584583### ocp.key-format.p384.raw
585584
@@ -852,7 +851,7 @@ The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:
852851
853852* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
854853* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
855- SHA2-512 OID.
854+ SHA2-384 OID.
856855* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
857856* For the Signature field, DPE SHALL use the ML-DSA-87 OID.
858857
@@ -886,7 +885,7 @@ The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:
886885
887886* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
888887* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
889- SHA2-512 OID.
888+ SHA2-384 OID.
890889* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
891890* For the Signature field, DPE SHALL use the ML-DSA-87 OID.
892891
@@ -920,7 +919,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
920919
921920* SHALL follow all "Requirements for CSRs" in @sec:csr-requirements
922921* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
923- SHA2-512 OID.
922+ SHA2-384 OID.
924923* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
925924* For the Signature of both the CMS message and the CertificationRequest, DPE SHALL
926925 use the ML-DSA-87 OID.
@@ -942,7 +941,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
942941+-------------------------------+------------------------------------------------------------------+
943942| max-message-size | 6144 |
944943+-------------------------------+------------------------------------------------------------------+
945- | uses-multi-part-messages | False |
944+ | uses-multi-part-messages | True. See @sec:multi-part-operations for more information. |
946945+-------------------------------+------------------------------------------------------------------+
947946| supports-concurrent-operation | False |
948947+-------------------------------+------------------------------------------------------------------+
@@ -1286,7 +1285,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
12861285+-------------------------------+------------------------------------------------------------------+
12871286| ========================================= Derivation =========================================== |
12881287+-------------------------------+------------------------------------------------------------------+
1289- | dice-derivation | ocp.derive.kdf-cdi-512 |
1288+ | dice-derivation | ocp.derive.kdf-cdi-384 |
12901289+-------------------------------+------------------------------------------------------------------+
12911290| asymmetric-derivation | ocp.derive.kdf-asymmetric-mldsa87 |
12921291+-------------------------------+------------------------------------------------------------------+
@@ -1306,7 +1305,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
13061305+-------------------------------+------------------------------------------------------------------+
13071306| =========================================== Export ============================================= |
13081307+-------------------------------+------------------------------------------------------------------+
1309- | export-cdi-format | ocp.export-cdi.raw-512 |
1308+ | export-cdi-format | ocp.export-cdi.raw-384 |
13101309+-------------------------------+------------------------------------------------------------------+
13111310
13121311## ABI Structure Definitions {#sec:abi-structure-definitions}
@@ -1433,10 +1432,10 @@ Table: Profile-dependant ABI constants for `DPE_PROFILE_IROT_MLDSA87_SHA384`
14331432
14341433**Name** | **Description** | **Value**
14351434------------ | --------------------- | --------
1436- `H` | Hash Size | 64
1435+ `H` | Hash Size | 48
14371436`P` | Public Key Size | 2592
14381437`S` | Signature Size | 4697
1439- `C` | Certificate Size | TODO
1438+ `C` | Certificate Size | 17408
14401439
14411440### Types
14421441
@@ -1585,6 +1584,7 @@ Table: `CERTIFY_KEY_INPUT_ARGS` struct
15851584| 0x1C | `BITFIELD` | 31:0 | `RESERVED` | Reserved
15861585| 0x20 | `U32` | 31:0 | `ADD_FORMAT` | Output format of `CERTIFICATE`
15871586| 0x24 | `HASH` | | `LABEL` | Public digest used in key derivation.
1587+ | 0x24 + H | `BYTES` | 127:0 | `OP_HANDLE` | A handle if continuing a multi-part operation, otherwise 0.
15881588
15891589Table: `CERTIFY_KEY_OUTPUT_ARGS` struct
15901590
@@ -1595,8 +1595,9 @@ Table: `CERTIFY_KEY_OUTPUT_ARGS` struct
15951595| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
15961596| 0x0C | `BYTES` | 127:0 | `NEW_CONTEXT_HANDLE` | Numeric handle referring to the updated context.
15971597| 0x1C | `PUBKEY` | | `DERIVED_PUBLIC_KEY` | Derived public key. This is the same public key as the Subject of the returned certificate.
1598- | 0x1C + P | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`.
1599- | 0x20 + P | `CERTIFICATE` | | `CERTIFICATE` | Returned leaf certificate.
1598+ | 0x1C + P | `BYTES` | 127:0 | `OP_HANDLE` | Contains a handle if more data remains in the certificate, otherwise 0.
1599+ | 0x2C + P | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`.
1600+ | 0x30 + P | `CERTIFICATE` | | `CERTIFICATE` | Returned leaf certificate.
16001601
16011602#### Sign ABI
16021603
@@ -1673,8 +1674,7 @@ Table: `GET_CERTIFICATE_CHAIN_INPUT_ARGS` struct
16731674| 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_COMMAND_MAGIC`.
16741675| 0x04 | `U32` | 31:0 | `COMMAND_ID` | `DPE_COMMAND_GET_CERTIFICATE_CHAIN`.
16751676| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
1676- | 0x0C | `U32` | 31:0 | `OFFSET` | Offset of certificate chain to retrieve.
1677- | 0x10 | `U32` | 31:0 | `SIZE` | Max number of bytes to return, starting at `OFFSET`.
1677+ | 0x0C | `BYTES` | 127:0 | `OP_HANDLE` | A handle if continuing a multi-part operation, otherwise 0.
16781678
16791679Table: `GET_CERTIFICATE_CHAIN_OUTPUT_ARGS` struct
16801680
@@ -1683,5 +1683,6 @@ Table: `GET_CERTIFICATE_CHAIN_OUTPUT_ARGS` struct
16831683| 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_RESPONSE_MAGIC`.
16841684| 0x04 | `U32` | 31:0 | `STATUS` | One of `DPE_STATUS_*`.
16851685| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
1686- | 0x0C | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read.
1687- | 0x10 | `BYTES` | 16383:0 | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.
1686+ | 0x0C | `BYTES` | 127:0 | `OP_HANDLE` | Contains a handle if more data remains in the certificate chain, otherwise 0.
1687+ | 0x10 | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read.
1688+ | 0x14 | `BYTES` | | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.
0 commit comments