CKM_EDDSA
Firmware 7.8.4 and Newer Summary
| FIPS approved? | No |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | N/A |
| Minimum key length (bits) | 256 |
| Minimum key length for FIPS use (bits) | N/A |
| Minimum legacy key length for FIPS use (bits) | N/A |
| Maximum key length (bits) | 456 |
| Block size | 0 |
| Digest size | 0 |
| Key types | EDDSA |
| Algorithms | SHA512 |
| Modes | None |
| Flags | Extractable |
Firmware 7.8.2 and Older Summary
| FIPS approved? | No |
| Supported functions | Sign | Verify |
| Functions restricted from FIPS use | N/A |
| Minimum key length (bits) | 256 |
| Minimum key length for FIPS use (bits) | N/A |
| Minimum legacy key length for FIPS use (bits) | N/A |
| Maximum key length (bits) | 256 |
| Block size | 0 |
| Digest size | 0 |
| Key types | EDDSA |
| Algorithms | SHA512 |
| Modes | None |
| Flags | Extractable |
This mechanism makes use of keys generated by CKM_EC_EDWARDS_KEY_PAIR_GEN (using keys generated over Edwards curves) for EDDSA signing. The keys used by this mechanism are of type CKK_EC_EDWARDS. For Luna HSM, the EDDSA algorithm is compliant with “PureEDDSA” as defined in RFC 8032 and “EdDSA for more curves, July 2015”.
Mechanism Parameters
Mechanism parameters are optional; not using the parameters selects the PureEdDSA algorithm ed25519. Setting the prehashed flag (phFlag) to TRUE will select the prehashed ed25519ph curve variant.
typedef struct CK_EDDSA_PARAMS
{
CK_BBOOL phFlag;
CK_ULONG ulContextDataLen;
CK_BYTE_PTR pContextData;
}
CK_EDDSA_PARAMS;
CK_EDDSA_PARAMS eddsaParams;
eddsaParams.phFlag = CK_TRUE; // Set prehashed flag to true for Ed25519ph. Setting it to false or not using mechanism parameters does Ed25519.
eddsaParams.ulContextDataLen = 0; // Context length must be 0
eddsaParams.pContextData = NULL; // Context must be NULL
CK_MECHANISM mechanism;
mechanism.mechanism = CKM_EDDSA;
mechanism.pParameter = &eddsaParams;
mechanism.ulParameterLen = sizeof(eddsaParams);
C_SignInit(hSession, &mechanism, hKey); // or C_VerifyInit
// followed by C_Sign, C_SignUpdate/C_SignFinal or verify equivalents.
OIDs and Algorithm Identifiers for 25519 Keys
New OIDs and algorithm identifiers are as follows. Curve identifiers, including the plaintext curve names, must be ASN.1-encoded.
Edwards 25519 (sign/verify)
Curve Identifier (CKA_ECDSA_PARAMS):
>“edwards25519” (RFC7748)
>“Ed25519” (RFC8410)
>1.3.6.1.4.1.11591.15.1 (https://www.alvestrand.no/objectid/1.3.6.1.4.1.11591.15.1.html)
Key OIDs (wrap/unwrap):
>1.3.101.100 (https://tools.ietf.org/html/draft-josefsson-pkix-eddsa-04)
>1.3.101.112 (RFC8410)
Curve 25519 (ECDH)
Curve Identifier (CKA_ECDSA_PARAMS):
>“curve25519” (RFC7748)
>“X25519” (RFC8410)
>1.3.6.1.4.1.3029.1.5.1 (http://oidref.com/1.3.6.1.4.1.3029.1.5.1)
Key OIDs (wrap/unwrap):
>1.3.6.1.4.1.11591.7 (https://tools.ietf.org/html/draft-josefsson-pkix-newcurves-00)
>1.3.101.110 (RFC8410)
