@@ -499,18 +499,6 @@ The CDI derivation scheme “ocp.derive.kdf-cdi-384” is defined as follows:
499499* Outputs
500500 * 48-byte key
501501
502- ### ocp.derive.kdf-cdi-512
503-
504- The CDI derivation scheme “ocp.derive.kdf-cdi-512” is defined as follows:
505-
506- * This derivation scheme SHALL use a cryptographically secure KDF or DRBG.
507- * Inputs
508- * CDI
509- * `MEASUREMENT_DATA`
510- * ASCII Bytes "DPE"
511- * Outputs
512- * 64-byte key
513-
514502## CDI Export
515503
516504### ocp.export-cdi.raw-256
@@ -525,12 +513,6 @@ The CDI export scheme "ocp.export-cdi.raw" is a raw 384-bit secret
525513
526514To generate exported keypair, use asymmetric-derivation for the relevant profile.
527515
528- ### ocp.export-cdi.raw-512
529-
530- The CDI export scheme "ocp.export-cdi.raw" is a raw 512-bit secret
531-
532- To generate exported keypair, use asymmetric-derivation for the relevant profile.
533-
534516## Key Derivation
535517
536518* `LABEL`: LABEL parameter passed to Sign and CertifyKey
@@ -573,13 +555,19 @@ follows:
573555
574556* The asymmetric key type is ML-DSA-87
575557* Signature scheme is ML-DSA
576- * This derivation scheme SHALL use a cryptographically secure KDF or DRBG.
558+ * This derivation scheme SHALL use the following sequence.
559+ * Use a cryptographically secure KDF or DRBG to derive 32-byte seed 𝜉 (xi).
577560* Inputs
578561 * CDI
579562 * `LABEL`
580563 * ASCII Bytes "MLDSA"
581564* Outputs
582- * 64-byte key
565+ * 32-byte xi
566+ * Use ML-DSA.KeyGen_internal (Algorithm 6) to derive the private key [@{fips204}].
567+ * Inputs
568+ * 32-byte xi
569+ * Outputs
570+ * 4,896-byte key
583571
584572### ocp.key-format.p384.raw
585573
@@ -852,7 +840,7 @@ The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:
852840
853841* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
854842* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
855- SHA2-512 OID.
843+ SHA2-384 OID.
856844* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
857845* For the Signature field, DPE SHALL use the ML-DSA-87 OID.
858846
@@ -886,7 +874,7 @@ The format “ocp.certificate.irot-eca.mldsa87” is defined as follows:
886874
887875* SHALL follow all "Requirements for ECA Certificates" in @sec:eca-cert-requirements
888876* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
889- SHA2-512 OID.
877+ SHA2-384 OID.
890878* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
891879* For the Signature field, DPE SHALL use the ML-DSA-87 OID.
892880
@@ -920,7 +908,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
920908
921909* SHALL follow all "Requirements for CSRs" in @sec:csr-requirements
922910* For FWID hashAlg fields provided by DeriveContext, DPE SHALL use the
923- SHA2-512 OID.
911+ SHA2-384 OID.
924912* For the SubjectPublicKeyInfo field, DPE SHALL use the ML-DSA-87 OID.
925913* For the Signature of both the CMS message and the CertificationRequest, DPE SHALL
926914 use the ML-DSA-87 OID.
@@ -1286,7 +1274,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
12861274+-------------------------------+------------------------------------------------------------------+
12871275| ========================================= Derivation =========================================== |
12881276+-------------------------------+------------------------------------------------------------------+
1289- | dice-derivation | ocp.derive.kdf-cdi-512 |
1277+ | dice-derivation | ocp.derive.kdf-cdi-384 |
12901278+-------------------------------+------------------------------------------------------------------+
12911279| asymmetric-derivation | ocp.derive.kdf-asymmetric-mldsa87 |
12921280+-------------------------------+------------------------------------------------------------------+
@@ -1306,7 +1294,7 @@ The format “ocp.csr.irot-eca.mldsa87” is defined as follows:
13061294+-------------------------------+------------------------------------------------------------------+
13071295| =========================================== Export ============================================= |
13081296+-------------------------------+------------------------------------------------------------------+
1309- | export-cdi-format | ocp.export-cdi.raw-512 |
1297+ | export-cdi-format | ocp.export-cdi.raw-384 |
13101298+-------------------------------+------------------------------------------------------------------+
13111299
13121300## ABI Structure Definitions {#sec:abi-structure-definitions}
@@ -1433,10 +1421,10 @@ Table: Profile-dependant ABI constants for `DPE_PROFILE_IROT_MLDSA87_SHA384`
14331421
14341422**Name** | **Description** | **Value**
14351423------------ | --------------------- | --------
1436- `H` | Hash Size | 64
1424+ `H` | Hash Size | 48
14371425`P` | Public Key Size | 2592
14381426`S` | Signature Size | 4697
1439- `C` | Certificate Size | TODO
1427+ `C` | Certificate Size | 17408
14401428
14411429### Types
14421430
@@ -1683,5 +1671,6 @@ Table: `GET_CERTIFICATE_CHAIN_OUTPUT_ARGS` struct
16831671| 0x00 | `U32` | 31:0 | `MAGIC` | Magic number `DPE_RESPONSE_MAGIC`.
16841672| 0x04 | `U32` | 31:0 | `STATUS` | One of `DPE_STATUS_*`.
16851673| 0x08 | `U32` | 31:0 | `PROFILE` | One of `DPE_PROFILE_*`.
1686- | 0x0C | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read.
1687- | 0x10 | `BYTES` | 16383:0 | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.
1674+ | 0x0C | `U32` | 31:0 | `REMAINING` | Number of bytes remaining after this portion of the certificate chain.
1675+ | 0x10 | `U32` | 31:0 | `CERTIFICATE_SIZE` | Number of bytes used in `CERTIFICATE_CHAIN`. Can be smaller than requested if no bytes are left to read.
1676+ | 0x14 | `BYTES` | 16383:0 | `CERTIFICATE_CHAIN` | Returned certificate chain. This may be a partial certificate chain.
0 commit comments