[gnutls-devel] GnuTLS | Add support for loading Ed25519 keys from PKCS#11 and using them (!1200)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Mar 10 10:24:28 CET 2020

Dmitry Baryshkov commented on a discussion on lib/pkcs11_write.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1200#note_302292176

>  		break;
>  	}
>  	case GNUTLS_PK_EDDSA_ED25519: {
> -		gnutls_datum_t params;
> +		gnutls_datum_t params, ecpoint;
> +		/* XXX This is wrong -- we need encode the curve name
> +		 * not OID according to the last PKCS #11 3.0 draft */

According to [PKCS#11 spec](https://docs.oasis-open.org/pkcs11/pkcs11-curr/v3.0/cs01/pkcs11-curr-v3.0-cs01.html#_Toc30061182):

> Edwards EC public keys only support the use of the curveName selection to specify a curve name as defined in [RFC 8032] and the use of the oID selection to specify a curve through an EdDSA algorithm as defined in [RFC 8410]. Note that keys defined by RFC 8032 and RFC 8410 are incompatible.

So ideally we should support buth curveName and OID.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1200#note_302292176
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200310/3c0f6600/attachment.html>

More information about the Gnutls-devel mailing list