pkcs11-tool: add pure EdDSA support to sign/verify

Related OpenSC#2952

src/tools/pkcs11-tool.c

@@ -2264,10 +2264,13 @@ static void sign_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
 	unsigned char	in_buffer[1025], sig_buffer[512];
 	CK_MECHANISM	mech;
 	CK_RSA_PKCS_PSS_PARAMS pss_params;
+	CK_EDDSA_PARAMS eddsa_params = {
+		.phFlag = CK_FALSE,
+	};
 	CK_RV		rv;
 	CK_ULONG	sig_len;
 	int		fd, r;
-	unsigned long	hashlen;
+	unsigned long	hashlen = 0;
 
 	if (!opt_mechanism_used)
 		if (!find_mechanism(slot, CKF_SIGN|opt_allow_sw, NULL, 0, &opt_mechanism))
@@ -2276,7 +2279,26 @@ static void sign_data(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
 	fprintf(stderr, "Using signature algorithm %s\n", p11_mechanism_to_name(opt_mechanism));
 	memset(&mech, 0, sizeof(mech));
 	mech.mechanism = opt_mechanism;
-	hashlen = parse_pss_params(session, key, &mech, &pss_params);
+
+	if (opt_mechanism == CKM_RSA_PKCS_PSS) {
+		hashlen = parse_pss_params(session, key, &mech, &pss_params);
+	}
+
+	/* support pure EdDSA only */
+	if (opt_mechanism == CKM_EDDSA) {
+		CK_ULONG privkeylen = 0;
+
+		/* determine if we have ed25519 or ed448 keys */
+		if (getVALUE(session, key, &privkeylen) == NULL) {
+			util_fatal("Key has no CKA_VALUE attribute");
+		}
+
+		/* Ed448, need the params defined but default to false */
+		if (privkeylen == 57) {
+			mech.pParameter = &eddsa_params;
+			mech.ulParameterLen = (CK_ULONG)sizeof(eddsa_params);
+		}
+	}
 
 	if (opt_input == NULL)
 		fd = 0;
@@ -2370,10 +2392,13 @@ static void verify_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
 	unsigned char	in_buffer[1025], sig_buffer[512];
 	CK_MECHANISM	mech;
 	CK_RSA_PKCS_PSS_PARAMS pss_params;
+	CK_EDDSA_PARAMS eddsa_params = {
+		.phFlag = CK_FALSE,
+	};
 	CK_RV		rv;
 	CK_ULONG	sig_len;
 	int		fd, fd2, r, r2;
-	unsigned long   hashlen;
+	unsigned long   hashlen = 0;
 
 	if (!opt_mechanism_used)
 		if (!find_mechanism(slot, CKF_VERIFY|opt_allow_sw, NULL, 0, &opt_mechanism))
@@ -2382,18 +2407,38 @@ static void verify_signature(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
 	fprintf(stderr, "Using signature algorithm %s\n", p11_mechanism_to_name(opt_mechanism));
 	memset(&mech, 0, sizeof(mech));
 	mech.mechanism = opt_mechanism;
-	hashlen = parse_pss_params(session, key, &mech, &pss_params);
-	if (hashlen && opt_salt_len_given) {
-		if (opt_salt_len == -2) {
-			/* openssl allow us to set sLen to -2 for autodetecting salt length
-			 * here maximal CK_ULONG value is used to pass this special code
-			 * to openssl. For non OpenSC PKCS#11 module this is minimal limitation
-			 * because there is no need to use extra long salt length.
-			 */
-			pss_params.sLen = ((CK_ULONG) 1 ) << (sizeof(CK_ULONG) * CHAR_BIT -1);
-			fprintf(stderr, "Warning, requesting salt length recovery from signature (supported only in in opensc pkcs11 module).\n");
+
+	if (opt_mechanism == CKM_RSA_PKCS_PSS) {
+		hashlen = parse_pss_params(session, key, &mech, &pss_params);
+		if (hashlen && opt_salt_len_given) {
+			if (opt_salt_len == -2) {
+				/* openssl allow us to set sLen to -2 for autodetecting salt length
+				* here maximal CK_ULONG value is used to pass this special code
+				* to openssl. For non OpenSC PKCS#11 module this is minimal limitation
+				* because there is no need to use extra long salt length.
+				*/
+				pss_params.sLen = ((CK_ULONG) 1 ) << (sizeof(CK_ULONG) * CHAR_BIT -1);
+				fprintf(stderr, "Warning, requesting salt length recovery from signature (supported only in in opensc pkcs11 module).\n");
+			}
+		}
+	}
+
+	/* support pure EdDSA only */
+	if (opt_mechanism == CKM_EDDSA) {
+		CK_ULONG pubkeylen = 0;
+
+		/* determine if we have ed25519 or ed448 keys */
+		if (getEC_POINT(session, key, &pubkeylen) == NULL) {
+			util_fatal("Key has no CKA_EC_POINT attribute");
+		}
+
+		/* Ed448, need the params defined but default to false */
+		if (pubkeylen == 57) {
+			mech.pParameter = &eddsa_params;
+			mech.ulParameterLen = (CK_ULONG)sizeof(eddsa_params);
 		}
 	}
+
 	/* Open a signature file */
 	if (opt_signature_file == NULL)
 		util_fatal("No file with signature provided. Use --signature-file");