I'm working on a P11 3.0 implementation and I have a question about EdDSA.
When phFlag is set to true inÂCK_EDDSA_PARAMS, what does that mean regarding the input to C_Sign?
Should the hash be computed outside, and provided as the input to C_Sign?
Or should the message itself must be used as input to C_Sign, and the token must compute the hash internally?
The first option makes more sense since the whole point of prehashed is to be able to compute the hash outside. However, from what I've read this is not explicitly mentioned in the spec, so it seems ambiguous. It would be good to clarify this in the next revision.
Also, a somewhat related question: in sections 2.3.5 and 2.3.6 regarding Edwards private/public objects, the spec says "Note that keys defined by RFC 8032 and RFC 8410 are incompatible." Why isÂthis so? RFC 8032 is a normative reference inÂ8410 and they do not contradict anywhere.