@@ -204,6 +204,19 @@ in the command-specific "ABI" sections in @sec:abi-structure-definitions.
204204
205205Full structure definitions are provided at the end of this document.
206206
207+ ## Multi-part Operations
208+
209+ This profile supports multi-part operations for commands that return large
210+ amounts of data. This functionality is currently limited to the response data of
211+ `CertifyKey`, `GetCertificateChain`, and `DeriveContext` when exporting a CDI.
212+ Unlike the DPE specification [@{tcg-dpe}], which uses a `more-data` flag, this
213+ profile uses the `OP_HANDLE` field to indicate availability of additional data.
214+ When an operation has more data to return, the `OP_HANDLE` in the response will
215+ be non-zero. To retrieve the remaining data, the caller SHALL issue a subsequent
216+ request with the `OP_HANDLE` set to the value received in the preceding
217+ response, while keeping all other input parameters identical to the initial
218+ request. The operation is complete when the returned `OP_HANDLE` is all zeros.
219+
207220## Supported Commands
208221
209222This section describes commands supported by this profile.
@@ -499,18 +512,6 @@ The CDI derivation scheme “ocp.derive.kdf-cdi-384” is defined as follows:
499512* Outputs
500513 * 48-byte key
501514
502- ### ocp.derive.kdf-cdi-512
503-
504- The CDI derivation scheme “ocp.derive.kdf-cdi-512” is defined as follows:
505-
506- * This derivation scheme SHALL use a cryptographically secure KDF or DRBG.
507- * Inputs
508- * CDI
509- * `MEASUREMENT_DATA`
510- * ASCII Bytes "DPE"
511- * Outputs
512- * 64-byte key
513-
514515## CDI Export
515516
516517### ocp.export-cdi.raw-256
@@ -525,12 +526,6 @@ The CDI export scheme "ocp.export-cdi.raw" is a raw 384-bit secret
525526
526527To generate exported keypair, use asymmetric-derivation for the relevant profile.
527528
528- ### ocp.export-cdi.raw-512
529-
530- The CDI export scheme "ocp.export-cdi.raw" is a raw 512-bit secret
531-
532- To generate exported keypair, use asymmetric-derivation for the relevant profile.
533-
534529## Key Derivation
535530
536531* `LABEL`: LABEL parameter passed to Sign and CertifyKey
@@ -573,13 +568,19 @@ follows:
573568
574569* The asymmetric key type is ML-DSA-87
575570* Signature scheme is ML-DSA
576- * This derivation scheme SHALL use a cryptographically secure KDF or DRBG.
571+ * This derivation scheme SHALL use the following sequence.
572+ * Use a cryptographically secure KDF or DRBG to derive 32-byte seed 𝜉 (xi).
577573* Inputs
578574 * CDI
579575 * `LABEL`
580576 * ASCII Bytes "MLDSA"
581577* Outputs
582- * 64-byte key
578+ * 32-byte xi
579+ * Use ML-DSA.KeyGen_internal (Algorithm 6) to derive the private key [@{fips204}].
580+ * Inputs
581+ * 32-byte xi
582+ * Outputs
583+ * 4,896-byte key
583584
584585### ocp.key-format.p384.raw
585586
@@ -852,7 +853,7 @@ The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:
852853
853854* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
854855* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
855- SHA2-512 OID.
856+ SHA2-384 OID.
856857* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
857858* For the Signature field, DPE SHALL use the ML-DSA-87 OID.
858859
@@ -886,7 +887,7 @@ The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:
886887
887888* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
888889* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
889- SHA2-512 OID.
890+ SHA2-384 OID.
890891* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
891892* For the Signature field, DPE SHALL use the ML-DSA-87 OID.
892893
@@ -920,7 +921,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
920921
921922* SHALL follow all "Requirements for CSRs" in @sec:csr-requirements
922923* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
923- SHA2-512 OID.
924+ SHA2-384 OID.
924925* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
925926* For the Signature of both the CMS message and the CertificationRequest, DPE SHALL
926927 use the ML-DSA-87 OID.
@@ -942,7 +943,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
942943+-------------------------------+------------------------------------------------------------------+
943944| max-message-size | 6144 |
944945+-------------------------------+------------------------------------------------------------------+
945- | uses-multi-part-messages | False |
946+ | uses-multi-part-messages | True. See @sec:multi-part-operations for more information. |
946947+-------------------------------+------------------------------------------------------------------+
947948| supports-concurrent-operation | False |
948949+-------------------------------+------------------------------------------------------------------+
@@ -1286,7 +1287,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
12861287+-------------------------------+------------------------------------------------------------------+
12871288| ========================================= Derivation =========================================== |
12881289+-------------------------------+------------------------------------------------------------------+
1289- | dice-derivation | ocp.derive.kdf-cdi-512 |
1290+ | dice-derivation | ocp.derive.kdf-cdi-384 |
12901291+-------------------------------+------------------------------------------------------------------+
12911292| asymmetric-derivation | ocp.derive.kdf-asymmetric-mldsa87 |
12921293+-------------------------------+------------------------------------------------------------------+
@@ -1306,7 +1307,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
13061307+-------------------------------+------------------------------------------------------------------+
13071308| =========================================== Export ============================================= |
13081309+-------------------------------+------------------------------------------------------------------+
1309- | export-cdi-format | ocp.export-cdi.raw-512 |
1310+ | export-cdi-format | ocp.export-cdi.raw-384 |
13101311+-------------------------------+------------------------------------------------------------------+
13111312
13121313## ABI Structure Definitions {#sec:abi-structure-definitions}
@@ -1433,10 +1434,10 @@ Table: Profile-dependant ABI constants for `DPE_PROFILE_IROT_MLDSA87_SHA384`
14331434
14341435**Name** | **Description** | **Value**
14351436------------ | --------------------- | --------
1436- `H` | Hash Size | 64
1437+ `H` | Hash Size | 48
14371438`P` | Public Key Size | 2592
14381439`S` | Signature Size | 4697
1439- `C` | Certificate Size | TODO
1440+ `C` | Certificate Size | 17408
14401441
14411442### Types
14421443
@@ -1548,6 +1549,7 @@ Table: `DERIVE_CONTEXT_INPUT_ARGS` struct
15481549| 0x20 + H | `BYTES` | 31:0 | `INPUT_TYPE` | 4-byte measurement type field
15491550| 0x24 + H | `U32` | 31:0 | `TARGET_LOCALITY` | Locality in which `NEW_CONTEXT_HANDLE` will be created if `CHANGE_LOCALITY` is set.
15501551| 0x28 + H | `U32` | 31:0 | `INPUT_SVN` | SVN added to TCI node. Callers SHOULD set this field to `0` when SVN is unused.
1552+ | 0x2C + H | `BYTES` | 127:0 | `OP_HANDLE` | A handle if continuing a multi-part operation, otherwise 0.
15511553
15521554Table: `DERIVE_CONTEXT_OUTPUT_ARGS` struct if `EXPORT_CDI` is **not** set
15531555
@@ -1569,8 +1571,9 @@ Table: `DERIVE_CONTEXT_OUTPUT_ARGS` struct if `EXPORT_CDI` is set
15691571| 0x0C | `BYTES` | 127:0 | `NEW_CONTEXT_HANDLE` | The handle for the created child context, or rotated context in case RECURSIVE is set.
15701572| 0x1C | `BYTES` | 127:0 | `PARENT_CONTEXT_HANDLE` | The handle for the parent context if `RETAIN_PARENT_CONTEXT` is set.
15711573| 0x2C | `EXPORTED_CDI` | 255:0 | `EXPORTED_CDI` | If EXPORT_CDI is true, holds exported CDI. Else, value is ignored.
1572- | 0x4C | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `NEW_CERTIFICATE`.
1573- | 0x50 | `BYTES` | | `NEW_CERTIFICATE` | If CREATE_CERTIFICATE is set, holds the new ECA certificate. Else, value is ignored.
1574+ | 0x4C | `BYTES` | 127:0 | `OP_HANDLE` | Contains a handle if more data remains in the certificate, otherwise 0.
1575+ | 0x5C | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `NEW_CERTIFICATE`.
1576+ | 0x60 | `BYTES` | | `NEW_CERTIFICATE` | If CREATE_CERTIFICATE is set, holds the new ECA certificate. Else, value is ignored.
15741577
15751578#### CertifyKey ABI
15761579
@@ -1585,6 +1588,7 @@ Table: `CERTIFY_KEY_INPUT_ARGS` struct
15851588| 0x1C | `BITFIELD` | 31:0 | `RESERVED` | Reserved
15861589| 0x20 | `U32` | 31:0 | `ADD_FORMAT` | Output format of `CERTIFICATE`
15871590| 0x24 | `HASH` | | `LABEL` | Public digest used in key derivation.
1591+ | 0x24 + H | `BYTES` | 127:0 | `OP_HANDLE` | A handle if continuing a multi-part operation, otherwise 0.
15881592
15891593Table: `CERTIFY_KEY_OUTPUT_ARGS` struct
15901594
@@ -1595,8 +1599,9 @@ Table: `CERTIFY_KEY_OUTPUT_ARGS` struct
15951599| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
15961600| 0x0C | `BYTES` | 127:0 | `NEW_CONTEXT_HANDLE` | Numeric handle referring to the updated context.
15971601| 0x1C | `PUBKEY` | | `DERIVED_PUBLIC_KEY` | Derived public key. This is the same public key as the Subject of the returned certificate.
1598- | 0x1C + P | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`.
1599- | 0x20 + P | `CERTIFICATE` | | `CERTIFICATE` | Returned leaf certificate.
1602+ | 0x1C + P | `BYTES` | 127:0 | `OP_HANDLE` | Contains a handle if more data remains in the certificate, otherwise 0.
1603+ | 0x2C + P | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`.
1604+ | 0x30 + P | `CERTIFICATE` | | `CERTIFICATE` | Returned leaf certificate.
16001605
16011606#### Sign ABI
16021607
@@ -1673,8 +1678,7 @@ Table: `GET_CERTIFICATE_CHAIN_INPUT_ARGS` struct
16731678| 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_COMMAND_MAGIC`.
16741679| 0x04 | `U32` | 31:0 | `COMMAND_ID` | `DPE_COMMAND_GET_CERTIFICATE_CHAIN`.
16751680| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
1676- | 0x0C | `U32` | 31:0 | `OFFSET` | Offset of certificate chain to retrieve.
1677- | 0x10 | `U32` | 31:0 | `SIZE` | Max number of bytes to return, starting at `OFFSET`.
1681+ | 0x0C | `BYTES` | 127:0 | `OP_HANDLE` | A handle if continuing a multi-part operation, otherwise 0.
16781682
16791683Table: `GET_CERTIFICATE_CHAIN_OUTPUT_ARGS` struct
16801684
@@ -1683,5 +1687,6 @@ Table: `GET_CERTIFICATE_CHAIN_OUTPUT_ARGS` struct
16831687| 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_RESPONSE_MAGIC`.
16841688| 0x04 | `U32` | 31:0 | `STATUS` | One of `DPE_STATUS_*`.
16851689| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
1686- | 0x0C | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read.
1687- | 0x10 | `BYTES` | 16383:0 | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.
1690+ | 0x0C | `BYTES` | 127:0 | `OP_HANDLE` | Contains a handle if more data remains in the certificate chain, otherwise 0.
1691+ | 0x10 | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read.
1692+ | 0x14 | `BYTES` | | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.
0 commit comments