CKM_EDDSA

Firmware 7.8.4 and Newer Summary

FIPS approved? No
Supported functions Sign | Verify
Functions restricted from FIPS use N/A
Minimum key length (bits) 256
Minimum key length for FIPS use (bits) N/A
Minimum legacy key length for FIPS use (bits) N/A
Maximum key length (bits) 456
Block size 0
Digest size 0
Key types EDDSA
Algorithms SHA512
Modes None
Flags Extractable

Firmware 7.8.2 and Older Summary

FIPS approved? No
Supported functions Sign | Verify
Functions restricted from FIPS use N/A
Minimum key length (bits) 256
Minimum key length for FIPS use (bits) N/A
Minimum legacy key length for FIPS use (bits) N/A
Maximum key length (bits) 256
Block size 0
Digest size 0
Key types EDDSA
Algorithms SHA512
Modes None
Flags Extractable

This mechanism makes use of keys generated by CKM_EC_EDWARDS_KEY_PAIR_GEN (using keys generated over Edwards curves) for EDDSA signing. The keys used by this mechanism are of type CKK_EC_EDWARDS. For Luna HSM, the EDDSA algorithm is compliant with “PureEDDSA” as defined in RFC 8032 and “EdDSA for more curves, July 2015”.

Mechanism Parameters

Mechanism parameters are optional; not using the parameters selects the PureEdDSA algorithm ed25519. Setting the prehashed flag (phFlag) to TRUE will select the prehashed ed25519ph curve variant.

typedef struct CK_EDDSA_PARAMS
{
     CK_BBOOL     phFlag;
     CK_ULONG     ulContextDataLen;
     CK_BYTE_PTR  pContextData; 
}

CK_EDDSA_PARAMS;

CK_EDDSA_PARAMS eddsaParams;
     eddsaParams.phFlag = CK_TRUE; // Set prehashed flag to true for Ed25519ph. Setting it to false or not using mechanism parameters does Ed25519.
     eddsaParams.ulContextDataLen = 0; // Context length must be 0
     eddsaParams.pContextData = NULL; // Context must be NULL

CK_MECHANISM mechanism;
     mechanism.mechanism = CKM_EDDSA;
     mechanism.pParameter = &eddsaParams;
     mechanism.ulParameterLen = sizeof(eddsaParams);

C_SignInit(hSession, &mechanism, hKey); // or C_VerifyInit
// followed by C_Sign, C_SignUpdate/C_SignFinal or verify equivalents.

OIDs and Algorithm Identifiers for 25519 Keys

New OIDs and algorithm identifiers are as follows. Curve identifiers, including the plaintext curve names, must be ASN.1-encoded.

Edwards 25519 (sign/verify)

Curve Identifier (CKA_ECDSA_PARAMS):

>“edwards25519” (RFC7748)

>“Ed25519” (RFC8410)

>1.3.6.1.4.1.11591.15.1 (https://www.alvestrand.no/objectid/1.3.6.1.4.1.11591.15.1.html)

Key OIDs (wrap/unwrap):

>1.3.101.100 (https://tools.ietf.org/html/draft-josefsson-pkix-eddsa-04)

>1.3.101.112 (RFC8410)

Curve 25519 (ECDH)

Curve Identifier (CKA_ECDSA_PARAMS):

>“curve25519” (RFC7748)

>“X25519” (RFC8410)

>1.3.6.1.4.1.3029.1.5.1 (http://oidref.com/1.3.6.1.4.1.3029.1.5.1)

Key OIDs (wrap/unwrap):

>1.3.6.1.4.1.11591.7 (https://tools.ietf.org/html/draft-josefsson-pkix-newcurves-00)

>1.3.101.110 (RFC8410)