CKM_EDDSA
Firmware 7.8.4 and Newer Summary
FIPS approved? | No |
Supported functions | Sign | Verify |
Functions restricted from FIPS use | N/A |
Minimum key length (bits) | 256 |
Minimum key length for FIPS use (bits) | N/A |
Minimum legacy key length for FIPS use (bits) | N/A |
Maximum key length (bits) | 456 |
Block size | 0 |
Digest size | 0 |
Key types | EDDSA |
Algorithms | SHA512 |
Modes | None |
Flags | Extractable |
Firmware 7.8.2 and Older Summary
FIPS approved? | No |
Supported functions | Sign | Verify |
Functions restricted from FIPS use | N/A |
Minimum key length (bits) | 256 |
Minimum key length for FIPS use (bits) | N/A |
Minimum legacy key length for FIPS use (bits) | N/A |
Maximum key length (bits) | 256 |
Block size | 0 |
Digest size | 0 |
Key types | EDDSA |
Algorithms | SHA512 |
Modes | None |
Flags | Extractable |
This mechanism makes use of keys generated by CKM_EC_EDWARDS_KEY_PAIR_GEN (using keys generated over Edwards curves) for EDDSA signing. The keys used by this mechanism are of type CKK_EC_EDWARDS. For Luna HSM, the EDDSA algorithm is compliant with “PureEDDSA” as defined in RFC 8032 and “EdDSA for more curves, July 2015”.
Mechanism Parameters
Mechanism parameters are optional; not using the parameters selects the PureEdDSA algorithm ed25519. Setting the prehashed flag (phFlag) to TRUE will select the prehashed ed25519ph curve variant.
typedef struct CK_EDDSA_PARAMS { CK_BBOOL phFlag; CK_ULONG ulContextDataLen; CK_BYTE_PTR pContextData; } CK_EDDSA_PARAMS; CK_EDDSA_PARAMS eddsaParams; eddsaParams.phFlag = CK_TRUE; // Set prehashed flag to true for Ed25519ph. Setting it to false or not using mechanism parameters does Ed25519. eddsaParams.ulContextDataLen = 0; // Context length must be 0 eddsaParams.pContextData = NULL; // Context must be NULL CK_MECHANISM mechanism; mechanism.mechanism = CKM_EDDSA; mechanism.pParameter = &eddsaParams; mechanism.ulParameterLen = sizeof(eddsaParams); C_SignInit(hSession, &mechanism, hKey); // or C_VerifyInit // followed by C_Sign, C_SignUpdate/C_SignFinal or verify equivalents.
OIDs and Algorithm Identifiers for 25519 Keys
New OIDs and algorithm identifiers are as follows. Curve identifiers, including the plaintext curve names, must be ASN.1-encoded.
Edwards 25519 (sign/verify)
Curve Identifier (CKA_ECDSA_PARAMS):
>“edwards25519” (RFC7748)
>“Ed25519” (RFC8410)
>1.3.6.1.4.1.11591.15.1 (https://www.alvestrand.no/objectid/1.3.6.1.4.1.11591.15.1.html)
Key OIDs (wrap/unwrap):
>1.3.101.100 (https://tools.ietf.org/html/draft-josefsson-pkix-eddsa-04)
>1.3.101.112 (RFC8410)
Curve 25519 (ECDH)
Curve Identifier (CKA_ECDSA_PARAMS):
>“curve25519” (RFC7748)
>“X25519” (RFC8410)
>1.3.6.1.4.1.3029.1.5.1 (http://oidref.com/1.3.6.1.4.1.3029.1.5.1)
Key OIDs (wrap/unwrap):
>1.3.6.1.4.1.11591.7 (https://tools.ietf.org/html/draft-josefsson-pkix-newcurves-00)
>1.3.101.110 (RFC8410)