Support all five EdDSA instances from RFC 8032

Fixes #6277

Description:
Make each of the five EdDSA instances defined in RFC 8032 -- Ed25519,
Ed25519ctx, Ed25519ph, Ed448, Ed448ph -- available via the EVP APIs.

The desired EdDSA instance is specified via an OSSL_PARAM.

All instances, except for Ed25519, allow context strings as input.
Context strings are passed via an OSSL_PARAM.  For Ed25519ctx, the
context string must be nonempty.

Ed25519, Ed25519ctx, Ed448 are PureEdDSA instances, which means that
the full message (not a digest) must be passed to sign and verify
operations.

Ed25519ph, Ed448ph are HashEdDSA instances, which means that the input
message is hashed before sign and verify.

Testing:
All 21 test vectors from RFC 8032 have been added to evppkey_ecx.txt
(thanks to Shane Lontis for showing how to do that).  Those 21 test
vectors are exercised by evp_test.c and cover all five instances.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19705)

1 files changed, 0 insertions, 11 deletions

diff --git a/crypto/ec/curve448/curve448_local.h b/crypto/ec/curve448/curve448_local.h
index 3410f091a6..f118d851ee 100644
--- a/crypto/ec/curve448/curve448_local.h
+++ b/crypto/ec/curve448/curve448_local.h
@@ -10,15 +10,4 @@
 # define OSSL_CRYPTO_EC_CURVE448_LOCAL_H
 # include "curve448utils.h"
 
-int
-ossl_ed448ph_sign(OSSL_LIB_CTX *ctx, uint8_t *out_sig, const uint8_t hash[64],
-                  const uint8_t public_key[57], const uint8_t private_key[57],
-                  const uint8_t *context, size_t context_len, const char *propq);
-
-int
-ossl_ed448ph_verify(OSSL_LIB_CTX *ctx, const uint8_t hash[64],
-                    const uint8_t signature[114], const uint8_t public_key[57],
-                    const uint8_t *context, size_t context_len,
-                    const char *propq);
-
 #endif              /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */