RE: [pkcs11] CKM_EC_EDWARDS_KEY_PAIR

Hi Jonathan,

The RFCs are quite clear in my opinion:

RFC 8032 states in section 5: This section instantiates the general EdDSA algorithm for the edwards25519 and edwards448 curves, …
RFC 7748 states in section 4.1 “… Montgomery curve v^2 = u^3 + A*u^2 + u, called "curve25519"… ”. And a bit further below in that same section “This curve is birationally equivalent to a twisted Edwards curve -x^2 + y^2 = 1 + d*x^2*y^2, called "edwards25519" …”

curve25519 is thus a Montgomery curve, and must be used with CKM_EC_MONTGOMERY_KEY_PAIR_GEN, and edwards25519 is an Edwards curve to be used with CKM_EC_EDWARDS_KEY_PAIR_GEN. That said, SoftHSM is right and nCipher is wrong in my opinion.

Best regards,

Dieter

From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org> On Behalf Of Jonathan Schulze-Hewett
Sent: Wednesday, December 23, 2020 8:20 PM
To: pkcs11@lists.oasis-open.org
Subject: [pkcs11] CKM_EC_EDWARDS_KEY_PAIR_GEN (WARNING!!! S/MIME with incorrect signature)

All,

For CKM_EC_EDWARDS_KEY_PAIR_GEN, what are the curveNames? SoftHSM2 wants edwards25519. nCipher wants curve25519. The spec simply refers me to the RFCs. The OIDs are pretty clear, but the curveName option appears to be open to interpretation. Considering it’s two values, perhaps the spec could just list what they are or otherwise provide some specificity?

Sincerely,

Jonathan

Jonathan Schulze-Hewett

Director of Development

Information Security Corp

708-445-1704 (o) | 708-822-2926 (m)

schulze-hewett@infoseccorp.com

pkcs11 message