wip

On branch X25519-improvements Changes to be committed: modified: libopensc/card-openpgp.c modified: libopensc/pkcs15-prkey.c modified: libopensc/pkcs15-pubkey.c modified: libopensc/pkcs15.h modified: pkcs11/framework-pkcs15.c modified: pkcs15init/pkcs15-lib.c modified: tools/pkcs11-tool.c modified: tools/pkcs15-tool.c
dengert · Dec 6, 2023 · d3c44be · d3c44be
1 parent 63d2bf2
commit d3c44be
Show file tree

Hide file tree

Showing 8 changed files with 65 additions and 164 deletions.
diff --git a/src/libopensc/card-openpgp.c b/src/libopensc/card-openpgp.c
@@ -89,8 +89,8 @@ static struct sc_card_driver pgp_drv = {
 
 static pgp_ec_curves_t  ec_curves_openpgp34[] = {
 	/* OpenPGP 3.4+ Ed25519 and Curve25519 */
-	{{{1, 3, 6, 1, 4, 1, 3029, 1, 5, 1, -1}}, 256}, /* curve25519 for encryption => CKK_EC_MONTGOMERY */
-	{{{1, 3, 6, 1, 4, 1, 11591, 15, 1, -1}}, 256}, /* ed25519 for signatures => CKK_EC_EDWARDS */
+	{{{1, 3, 6, 1, 4, 1, 3029, 1, 5, 1, -1}}, 255}, /* curve25519 for encryption => CKK_EC_MONTGOMERY */
+	{{{1, 3, 6, 1, 4, 1, 11591, 15, 1, -1}}, 255}, /* ed25519 for signatures => CKK_EC_EDWARDS */
 	/* v3.0+ supports: [RFC 4880 & 6637] 0x12 = ECDH, 0x13 = ECDSA */
 	{{{1, 2, 840, 10045, 3, 1, 7, -1}}, 256}, /* ansiX9p256r1 */
 	{{{1, 3, 132, 0, 34, -1}}, 384}, /* ansiX9p384r1 */
@@ -109,8 +109,8 @@ struct sc_object_id curve25519_oid = {{1, 3, 6, 1, 4, 1, 3029, 1, 5, 1, -1}};
 static pgp_ec_curves_t	ec_curves_gnuk[] = {
 	{{{1, 2, 840, 10045, 3, 1, 7, -1}}, 256}, /* ansiX9p256r1 */
 	{{{1, 3, 132, 0, 10, -1}}, 256}, /* secp256k1 */
-	{{{1, 3, 6, 1, 4, 1, 3029, 1, 5, 1, -1}}, 256}, /* curve25519 for encryption => CKK_EC_MONTGOMERY */
-	{{{1, 3, 6, 1, 4, 1, 11591, 15, 1, -1}}, 256}, /* ed25519 for signatures => CKK_EC_EDWARDS */
+	{{{1, 3, 6, 1, 4, 1, 3029, 1, 5, 1, -1}}, 255}, /* curve25519 for encryption => CKK_EC_MONTGOMERY */
+	{{{1, 3, 6, 1, 4, 1, 11591, 15, 1, -1}}, 255}, /* ed25519 for signatures => CKK_EC_EDWARDS */
 	{{{-1}}, 0} /* This entry must not be touched. */
 };
 
@@ -1698,8 +1698,8 @@ pgp_get_pubkey_pem(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
 				/* In EDDSA key case we do not have to care about OIDs
 				 * as we support only one for now */
 				p15pubkey.algorithm = SC_ALGORITHM_EDDSA;
-				p15pubkey.u.eddsa.pubkey.value = pubkey_blob->data;
-				p15pubkey.u.eddsa.pubkey.len = pubkey_blob->len;
+				p15pubkey.u.ec.ecpointQ.value = pubkey_blob->data;
+				p15pubkey.u.ec.ecpointQ.len = pubkey_blob->len;
 				/* PKCS#11 3.0: 2.3.5 Edwards EC public keys only support the use
 				 * of the curveName selection to specify a curve name as defined
 				 * in [RFC 8032] */
@@ -1709,8 +1709,8 @@ pgp_get_pubkey_pem(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
 				/* This yields either EC(DSA) key or EC_MONTGOMERY (curve25519) key */
 				if (sc_compare_oid(&key_info.u.ec.oid, &curve25519_oid)) {
 					p15pubkey.algorithm = SC_ALGORITHM_XEDDSA;
-					p15pubkey.u.eddsa.pubkey.value = pubkey_blob->data;
-					p15pubkey.u.eddsa.pubkey.len = pubkey_blob->len;
+					p15pubkey.u.ec.ecpointQ.value = pubkey_blob->data;
+					p15pubkey.u.ec.ecpointQ.len = pubkey_blob->len;
 					/* PKCS#11 3.0 2.3.7 Montgomery EC public keys only support
 					 * the use of the curveName selection to specify a curve
 					 * name as defined in [RFC7748] */
@@ -1755,10 +1755,6 @@ pgp_get_pubkey_pem(sc_card_t *card, unsigned int tag, u8 *buf, size_t buf_len)
 		p15pubkey.u.ec.ecpointQ.value = NULL;
 		p15pubkey.u.ec.ecpointQ.len = 0;
 		/* p15pubkey.u.ec.params.der and named_curve will be freed by sc_pkcs15_erase_pubkey */
-	} else if (p15pubkey.algorithm == SC_ALGORITHM_EDDSA
-		|| p15pubkey.algorithm == SC_ALGORITHM_XEDDSA) {
-		p15pubkey.u.eddsa.pubkey.value = NULL;
-		p15pubkey.u.eddsa.pubkey.len = 0;
 	}
 	sc_pkcs15_erase_pubkey(&p15pubkey);
 

diff --git a/src/libopensc/pkcs15-prkey.c b/src/libopensc/pkcs15-prkey.c
@@ -561,20 +561,12 @@ sc_pkcs15_erase_prkey(struct sc_pkcs15_prkey *key)
 	case SC_ALGORITHM_GOSTR3410:
 		free(key->u.gostr3410.d.data);
 		break;
-	case SC_ALGORITHM_EC:
+	case SC_ALGORITHM_EC: /* EC, EDDSA and XEDDSA uses same ec.params */
 		free(key->u.ec.params.der.value);
 		free(key->u.ec.params.named_curve);
 		free(key->u.ec.privateD.data);
 		free(key->u.ec.ecpointQ.value);
 		break;
-	case SC_ALGORITHM_EDDSA:
-		free(key->u.eddsa.pubkey.value);
-		key->u.eddsa.pubkey.value = NULL;
-		key->u.eddsa.pubkey.len = 0;
-		free(key->u.eddsa.value.value);
-		key->u.eddsa.value.value = NULL;
-		key->u.eddsa.value.len = 0;
-		break;
 	}
 	sc_mem_clear(key, sizeof(*key));
 }

diff --git a/src/libopensc/pkcs15-pubkey.c b/src/libopensc/pkcs15-pubkey.c
@@ -542,13 +542,6 @@ static struct sc_asn1_entry c_asn1_ec_pointQ[C_ASN1_EC_POINTQ_SIZE] = {
 		{ NULL, 0, 0, 0, NULL, NULL }
 };
 
-#define C_ASN1_EDDSA_PUBKEY_SIZE 2
-static struct sc_asn1_entry c_asn1_eddsa_pubkey[C_ASN1_EDDSA_PUBKEY_SIZE] = {
-		{ "pubkey", SC_ASN1_BIT_STRING, SC_ASN1_TAG_BIT_STRING, SC_ASN1_ALLOC, NULL, NULL },
-		{ NULL, 0, 0, 0, NULL, NULL }
-};
-
-
 int
 sc_pkcs15_decode_pubkey_rsa(sc_context_t *ctx, struct sc_pkcs15_pubkey_rsa *key,
 		const u8 *buf, size_t buflen)
@@ -690,44 +683,26 @@ sc_pkcs15_encode_pubkey_ec(sc_context_t *ctx, struct sc_pkcs15_pubkey_ec *key,
 }
 
 /*
+ * all "ec" keys uses same pubkey format, keep this external entrypoint
  * EdDSA keys are just byte strings. For now only
  * for Ed25519 keys 32B length are supported
  */
 int
 sc_pkcs15_decode_pubkey_eddsa(sc_context_t *ctx,
-		struct sc_pkcs15_pubkey_eddsa *key,
+		struct sc_pkcs15_pubkey_ec *key,
 		const u8 *buf, size_t buflen)
 {
-	int r;
-	u8 * pubkey = NULL;
-	size_t pubkey_len;
-	struct sc_asn1_entry asn1_eddsa_pubkey[C_ASN1_EDDSA_PUBKEY_SIZE];
-
-	LOG_FUNC_CALLED(ctx);
-	sc_copy_asn1_entry(c_asn1_eddsa_pubkey, asn1_eddsa_pubkey);
-	sc_format_asn1_entry(asn1_eddsa_pubkey + 0, &pubkey, &pubkey_len, 1);
-	r = sc_asn1_decode(ctx, asn1_eddsa_pubkey, buf, buflen, NULL, NULL);
-	if (r < 0)
-		LOG_TEST_RET(ctx, r, "ASN.1 decoding failed");
-
-	key->pubkey.len = pubkey_len;
-	key->pubkey.value = pubkey;
-
-	LOG_FUNC_RETURN(ctx, SC_SUCCESS);
+	return sc_pkcs15_decode_pubkey_ec(ctx, key, buf, buflen);
 }
 
+/*
+ * all "ec" keys uses same pubkey format, keep this external entrypoint
+ */
 int
-sc_pkcs15_encode_pubkey_eddsa(sc_context_t *ctx, struct sc_pkcs15_pubkey_eddsa *key,
+sc_pkcs15_encode_pubkey_eddsa(sc_context_t *ctx, struct sc_pkcs15_pubkey_ec *key,
 		u8 **buf, size_t *buflen)
 {
-	struct sc_asn1_entry asn1_eddsa_pubkey[C_ASN1_EDDSA_PUBKEY_SIZE];
-
-	LOG_FUNC_CALLED(ctx);
-	sc_copy_asn1_entry(c_asn1_eddsa_pubkey, asn1_eddsa_pubkey);
-	sc_format_asn1_entry(asn1_eddsa_pubkey + 0, key->pubkey.value, &key->pubkey.len, 1);
-
-	LOG_FUNC_RETURN(ctx,
-			sc_asn1_encode(ctx, asn1_eddsa_pubkey, buf, buflen));
+	return sc_pkcs15_encode_pubkey_ec(ctx, key, buf, buflen);
 }
 
 
@@ -739,11 +714,8 @@ sc_pkcs15_encode_pubkey(sc_context_t *ctx, struct sc_pkcs15_pubkey *key,
 		return sc_pkcs15_encode_pubkey_rsa(ctx, &key->u.rsa, buf, len);
 	if (key->algorithm == SC_ALGORITHM_GOSTR3410)
 		return sc_pkcs15_encode_pubkey_gostr3410(ctx, &key->u.gostr3410, buf, len);
-	if (key->algorithm == SC_ALGORITHM_EC)
+	if (key->algorithm == SC_ALGORITHM_EC || key->algorithm == SC_ALGORITHM_EDDSA || key->algorithm == SC_ALGORITHM_XEDDSA)
 		return sc_pkcs15_encode_pubkey_ec(ctx, &key->u.ec, buf, len);
-	if (key->algorithm == SC_ALGORITHM_EDDSA ||
-		key->algorithm == SC_ALGORITHM_XEDDSA) /* XXX encoding is the same here */
-		return sc_pkcs15_encode_pubkey_eddsa(ctx, &key->u.eddsa, buf, len);
 
 	sc_log(ctx, "Encoding of public key type %u not supported", key->algorithm);
 	LOG_FUNC_RETURN(ctx, SC_ERROR_NOT_SUPPORTED);
@@ -789,6 +761,8 @@ sc_pkcs15_encode_pubkey_as_spki(sc_context_t *ctx, struct sc_pkcs15_pubkey *pubk
 
 	switch (pubkey->algorithm) {
 	case SC_ALGORITHM_EC:
+	case SC_ALGORITHM_EDDSA:
+	case SC_ALGORITHM_XEDDSA:
 		/*
 		 * most keys, but not EC have only one encoding.
 		 * For a SPKI, the ecpoint is placed directly in the
@@ -826,14 +800,6 @@ sc_pkcs15_encode_pubkey_as_spki(sc_context_t *ctx, struct sc_pkcs15_pubkey *pubk
 		r = sc_pkcs15_encode_pubkey(ctx, pubkey, &pkey.value, &pkey.len);
 		key_len = pkey.len * 8;
 		break;
-	case SC_ALGORITHM_EDDSA:
-	case SC_ALGORITHM_XEDDSA:
-		/* For a SPKI, the pubkey is placed directly in the BIT STRING */
-		pkey.value = malloc(pubkey->u.eddsa.pubkey.len);
-		memcpy(pkey.value, pubkey->u.eddsa.pubkey.value, pubkey->u.eddsa.pubkey.len);
-		// Should be pkey.len = 0 there?
-		key_len = pubkey->u.eddsa.pubkey.len * 8;
-		break;
 	default:
 		r = sc_pkcs15_encode_pubkey(ctx, pubkey, &pkey.value, &pkey.len);
 		key_len = pkey.len * 8;
@@ -865,11 +831,8 @@ sc_pkcs15_decode_pubkey(sc_context_t *ctx, struct sc_pkcs15_pubkey *key,
 		return sc_pkcs15_decode_pubkey_rsa(ctx, &key->u.rsa, buf, len);
 	if (key->algorithm == SC_ALGORITHM_GOSTR3410)
 		return sc_pkcs15_decode_pubkey_gostr3410(ctx, &key->u.gostr3410, buf, len);
-	if (key->algorithm == SC_ALGORITHM_EC)
+	if (key->algorithm == SC_ALGORITHM_EC || key->algorithm == SC_ALGORITHM_EDDSA || key->algorithm == SC_ALGORITHM_XEDDSA)
 		return sc_pkcs15_decode_pubkey_ec(ctx, &key->u.ec, buf, len);
-	if (key->algorithm == SC_ALGORITHM_EDDSA ||
-		key->algorithm == SC_ALGORITHM_XEDDSA)
-		return sc_pkcs15_decode_pubkey_eddsa(ctx, &key->u.eddsa, buf, len);
 
 	sc_log(ctx, "Decoding of public key type %u not supported", key->algorithm);
 	return SC_ERROR_NOT_SUPPORTED;
@@ -1041,17 +1004,17 @@ sc_pkcs15_pubkey_from_prvkey(struct sc_context *ctx, struct sc_pkcs15_prkey *prv
 	case SC_ALGORITHM_EDDSA:
 	case SC_ALGORITHM_XEDDSA:
 		/* Copy pubkey */
-		if (prvkey->u.eddsa.pubkey.value == NULL || prvkey->u.eddsa.pubkey.len <= 0) {
+		if (prvkey->u.ec.ecpointQ.value == NULL || prvkey->u.ec.ecpointQ.len <= 0) {
 			sc_pkcs15_free_pubkey(pubkey);
 			LOG_FUNC_RETURN(ctx, SC_ERROR_INVALID_DATA);
 		}
-		pubkey->u.eddsa.pubkey.value = malloc(prvkey->u.eddsa.pubkey.len);
-		if (!pubkey->u.eddsa.pubkey.value) {
+		pubkey->u.ec.ecpointQ.value = malloc(prvkey->u.ec.ecpointQ.len);
+		if (!pubkey->u.ec.ecpointQ.value) {
 			sc_pkcs15_free_pubkey(pubkey);
 			LOG_FUNC_RETURN(ctx, SC_ERROR_OUT_OF_MEMORY);
 		}
-		memcpy(pubkey->u.eddsa.pubkey.value, prvkey->u.eddsa.pubkey.value, prvkey->u.eddsa.pubkey.len);
-		pubkey->u.eddsa.pubkey.len = prvkey->u.eddsa.pubkey.len;
+		memcpy(pubkey->u.ec.ecpointQ.value, prvkey->u.ec.ecpointQ.value, prvkey->u.ec.ecpointQ.len);
+		pubkey->u.ec.ecpointQ.len = prvkey->u.ec.ecpointQ.len;
 
 		break;
 	default:
@@ -1141,13 +1104,13 @@ sc_pkcs15_dup_pubkey(struct sc_context *ctx, struct sc_pkcs15_pubkey *key, struc
 	case SC_ALGORITHM_EDDSA:
 	case SC_ALGORITHM_XEDDSA:
 		/* Copy pubkey */
-		pubkey->u.eddsa.pubkey.value = malloc(key->u.eddsa.pubkey.len);
-		if (!pubkey->u.eddsa.pubkey.value) {
+		pubkey->u.ec.ecpointQ.value = malloc(key->u.ec.ecpointQ.len);
+		if (!pubkey->u.ec.ecpointQ.value) {
 			rv = SC_ERROR_OUT_OF_MEMORY;
 			break;
 		}
-		memcpy(pubkey->u.eddsa.pubkey.value, key->u.eddsa.pubkey.value, key->u.eddsa.pubkey.len);
-		pubkey->u.eddsa.pubkey.len = key->u.eddsa.pubkey.len;
+		memcpy(pubkey->u.ec.ecpointQ.value, key->u.ec.ecpointQ.value, key->u.ec.ecpointQ.len);
+		pubkey->u.ec.ecpointQ.len = key->u.ec.ecpointQ.len;
 
 		break;
 	default:
@@ -1193,12 +1156,9 @@ sc_pkcs15_erase_pubkey(struct sc_pkcs15_pubkey *key)
 			free(key->u.ec.params.named_curve);
 		if (key->u.ec.ecpointQ.value)
 			free(key->u.ec.ecpointQ.value);
-		break;
-	case SC_ALGORITHM_EDDSA:
-	case SC_ALGORITHM_XEDDSA:
-		free(key->u.eddsa.pubkey.value);
-		key->u.eddsa.pubkey.value = NULL;
-		key->u.eddsa.pubkey.len = 0;
+		/* EDDSA and XEDDSA */
+		if (key->u.ec.ecpointQ.value)
+			free(key->u.ec.ecpointQ.value);
 		break;
 	}
 	sc_mem_clear(key, sizeof(*key));
@@ -1400,10 +1360,11 @@ sc_pkcs15_pubkey_from_spki_fields(struct sc_context *ctx, struct sc_pkcs15_pubke
 		pubkey->u.ec.ecpointQ.len = pk.len;
 	} else if (pk_alg.algorithm == SC_ALGORITHM_EDDSA ||
 		   pk_alg.algorithm == SC_ALGORITHM_XEDDSA) {
+		/* TODO DEE is comment correct? */
 		/* EDDSA/XEDDSA public key is not encapsulated into BIT STRING -- it's a BIT STRING */
-		pubkey->u.eddsa.pubkey.value = malloc(pk.len);
-		memcpy(pubkey->u.eddsa.pubkey.value, pk.value, pk.len);
-		pubkey->u.eddsa.pubkey.len = pk.len;
+		pubkey->u.ec.ecpointQ.value = malloc(pk.len);
+		memcpy(pubkey->u.ec.ecpointQ.value, pk.value, pk.len);
+		pubkey->u.ec.ecpointQ.len = pk.len;
 	} else {
 		/* Public key is expected to be encapsulated into BIT STRING */
 		r = sc_pkcs15_decode_pubkey(ctx, pubkey, pk.value, pk.len);
@@ -1508,10 +1469,10 @@ static struct ec_curve_info {
 		{"secp192k1",		"1.3.132.0.31", "06052B8104001F", 192},
 		{"secp256k1",		"1.3.132.0.10", "06052B8104000A", 256},
 
-		{"ed25519",		"1.3.6.1.4.1.11591.15.1", "06092B06010401DA470F01", 256},
-		{"curve25519",		"1.3.6.1.4.1.3029.1.5.1", "060A2B060104019755010501", 256},
-		{"Ed25519",             "1.3.101.112", "06032b6570", 256},
-		{"X25519",              "1.3.101.110", "06032b656e", 256},
+		{"ed25519",		"1.3.6.1.4.1.11591.15.1", "06092B06010401DA470F01", 255},
+		{"curve25519",		"1.3.6.1.4.1.3029.1.5.1", "060A2B060104019755010501", 255},
+		{"Ed25519",             "1.3.101.112", "06032b6570", 255},
+		{"X25519",              "1.3.101.110", "06032b656e", 255},
 
 		{NULL, NULL, NULL, 0}, /* Do not touch this */
 };

diff --git a/src/libopensc/pkcs15.h b/src/libopensc/pkcs15.h
@@ -203,21 +203,10 @@ struct sc_pkcs15_pubkey_ec {
 	struct sc_pkcs15_u8 ecpointQ; /* This is NOT DER, just value and length */
 };
 
-struct sc_pkcs15_pubkey_eddsa {
-	struct sc_ec_parameters params;
-	struct sc_pkcs15_u8 pubkey;
-};
-
 struct sc_pkcs15_prkey_ec {
 	struct sc_ec_parameters params;
+	struct sc_pkcs15_u8	ecpointQ; /* This is NOT DER, just value and length */
 	sc_pkcs15_bignum_t	privateD; /* note this is bignum */
-	struct sc_pkcs15_u8		ecpointQ; /* This is NOT DER, just value and length */
-};
-
-struct sc_pkcs15_prkey_eddsa {   /* also used for eddsa and ecdh */
-	struct sc_ec_parameters params;
-	struct sc_pkcs15_u8 pubkey;
-	struct sc_pkcs15_u8 value;
 };
 
 struct sc_pkcs15_pubkey_gostr3410 {
@@ -238,7 +227,6 @@ struct sc_pkcs15_pubkey {
 	union {
 		struct sc_pkcs15_pubkey_rsa rsa;
 		struct sc_pkcs15_pubkey_ec ec;
-		struct sc_pkcs15_pubkey_eddsa eddsa;
 		struct sc_pkcs15_pubkey_gostr3410 gostr3410;
 	} u;
 };
@@ -251,7 +239,6 @@ struct sc_pkcs15_prkey {
 	union {
 		struct sc_pkcs15_prkey_rsa rsa;
 		struct sc_pkcs15_prkey_ec ec;
-		struct sc_pkcs15_prkey_eddsa eddsa;
 		struct sc_pkcs15_prkey_gostr3410 gostr3410;
 		struct sc_pkcs15_skey secret;
 	} u;
@@ -714,7 +701,7 @@ int sc_pkcs15_decode_pubkey_ec(struct sc_context *,
 int sc_pkcs15_encode_pubkey_ec(struct sc_context *,
 		struct sc_pkcs15_pubkey_ec *, u8 **, size_t *);
 int sc_pkcs15_encode_pubkey_eddsa(struct sc_context *,
-		struct sc_pkcs15_pubkey_eddsa *, u8 **, size_t *);
+		struct sc_pkcs15_pubkey_ec *, u8 **, size_t *);
 int sc_pkcs15_decode_pubkey(struct sc_context *,
 		struct sc_pkcs15_pubkey *, const u8 *, size_t);
 int sc_pkcs15_encode_pubkey(struct sc_context *,

diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c
@@ -3357,7 +3357,7 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism,
 			keybits = 1024; /* Default key size */
 		/* TODO: check allowed values of keybits */
 	}
-	else if (keytype == CKK_EC)   {
+	else if (keytype == CKK_EC ||  keytype == CKK_EC_EDWARDS || keytype == CKK_EC_MONTGOMERY)   {
 		struct sc_lv_data *der = &keygen_args.prkey_args.key.u.ec.params.der;
 		void *ptr = NULL;
 
@@ -3368,22 +3368,14 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism,
 			sc_unlock(p11card->card);
 			return rv;
 		}
+
 
-		keygen_args.prkey_args.key.algorithm = SC_ALGORITHM_EC;
-		pub_args.key.algorithm               = SC_ALGORITHM_EC;
-	}
-	else if (keytype == CKK_EC_EDWARDS || keytype == CKK_EC_MONTGOMERY) {
-		struct sc_lv_data *der = &keygen_args.prkey_args.key.u.eddsa.params.der;
-		void *ptr = NULL;
-
-		der->len = sizeof(struct sc_object_id);
-		rv = attr_find_and_allocate_ptr(pPubTpl, ulPubCnt, CKA_EC_PARAMS, &ptr, &der->len);
-		der->value = (unsigned char *) ptr;
-		if (rv != CKR_OK)   {
-			sc_unlock(p11card->card);
-			return rv;
+		if (keytype == CKK_EC) {
+			keygen_args.prkey_args.key.algorithm = SC_ALGORITHM_EC;
+			pub_args.key.algorithm               = SC_ALGORITHM_EC;
 		}
-		if (keytype == CKK_EC_EDWARDS) {
+
+		else if (keytype == CKK_EC_EDWARDS) {
 			/* TODO Validate EC_PARAMS contains curveName "edwards25519" or "edwards448" (from RFC 8032)
 			 * or id-Ed25519 or id-Ed448 (or equivalent OIDs in oId field) (from RFC 8410)
 			 * otherwise return CKR_CURVE_NOT_SUPPORTED
@@ -3392,7 +3384,7 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism,
 			keygen_args.prkey_args.usage |= SC_PKCS15_PRKEY_USAGE_SIGN;
 			pub_args.key.algorithm               = SC_ALGORITHM_EDDSA;
 		}
-		if (keytype == CKK_EC_MONTGOMERY) {
+		else if (keytype == CKK_EC_MONTGOMERY) {
 			/* TODO Validate EC_PARAMS contains curveName "curve25519" or "curve448" (from RFC 7748)
 			 * or id-X25519 or id-X448 (or equivalent OIDs in oId field) (from RFC 8410)
 			 * otherwise return CKR_CURVE_NOT_SUPPORTED
@@ -3402,7 +3394,8 @@ pkcs15_gen_keypair(struct sc_pkcs11_slot *slot, CK_MECHANISM_PTR pMechanism,
 			pub_args.key.algorithm               = SC_ALGORITHM_XEDDSA;
 		}
 	}
-	else   {
+
+	else {
 		/* CKA_KEY_TYPE is set, but keytype isn't correct */
 		rv = CKR_ATTRIBUTE_VALUE_INVALID;
 		goto kpgen_done;
@@ -5999,7 +5992,7 @@ get_ec_pubkey_point(struct sc_pkcs15_pubkey *key, CK_ATTRIBUTE_PTR attr)
 	switch (key->algorithm) {
 	case SC_ALGORITHM_EDDSA:
 	case SC_ALGORITHM_XEDDSA:
-		rc = sc_pkcs15_encode_pubkey_eddsa(context, &key->u.eddsa, &value, &value_len);
+		rc = sc_pkcs15_encode_pubkey_eddsa(context, &key->u.ec, &value, &value_len);
 		if (rc != SC_SUCCESS)
 			return sc_to_cryptoki_error(rc, NULL);