Support all five EdDSA instances from RFC 8032

Fixes #6277

Description:
Make each of the five EdDSA instances defined in RFC 8032 -- Ed25519,
Ed25519ctx, Ed25519ph, Ed448, Ed448ph -- available via the EVP APIs.

The desired EdDSA instance is specified via an OSSL_PARAM.

All instances, except for Ed25519, allow context strings as input.
Context strings are passed via an OSSL_PARAM.  For Ed25519ctx, the
context string must be nonempty.

Ed25519, Ed25519ctx, Ed448 are PureEdDSA instances, which means that
the full message (not a digest) must be passed to sign and verify
operations.

Ed25519ph, Ed448ph are HashEdDSA instances, which means that the input
message is hashed before sign and verify.

Testing:
All 21 test vectors from RFC 8032 have been added to evppkey_ecx.txt
(thanks to Shane Lontis for showing how to do that).  Those 21 test
vectors are exercised by evp_test.c and cover all five instances.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19705)

1 files changed, 18 insertions, 18 deletions

diff --git a/test/curve448_internal_test.c b/test/curve448_internal_test.c
index 9d811e08a8..226c870607 100644
--- a/test/curve448_internal_test.c
+++ b/test/curve448_internal_test.c
@@ -602,43 +602,43 @@ static int test_ed448(void)
 
     if (!TEST_ptr(hashctx)
             || !TEST_true(ossl_ed448_sign(NULL, outsig, NULL, 0, pubkey1,
-                                          privkey1, NULL, 0, NULL))
+                                          privkey1, NULL, 0, 0, NULL))
             || !TEST_int_eq(memcmp(sig1, outsig, sizeof(sig1)), 0)
             || !TEST_true(ossl_ed448_sign(NULL, outsig, msg2, sizeof(msg2),
-                                          pubkey2, privkey2, NULL, 0, NULL))
+                                          pubkey2, privkey2, NULL, 0, 0, NULL))
             || !TEST_int_eq(memcmp(sig2, outsig, sizeof(sig2)), 0)
             || !TEST_true(ossl_ed448_sign(NULL, outsig, msg3, sizeof(msg3),
                                           pubkey3, privkey3, context3,
-                                          sizeof(context3), NULL))
+                                          sizeof(context3), 0, NULL))
             || !TEST_int_eq(memcmp(sig3, outsig, sizeof(sig3)), 0)
             || !TEST_true(ossl_ed448_sign(NULL, outsig, msg4, sizeof(msg4),
-                                          pubkey4, privkey4, NULL, 0, NULL))
+                                          pubkey4, privkey4, NULL, 0, 0, NULL))
             || !TEST_int_eq(memcmp(sig4, outsig, sizeof(sig4)), 0)
             || !TEST_true(ossl_ed448_sign(NULL, outsig, msg5, sizeof(msg5),
-                                          pubkey5, privkey5, NULL, 0, NULL))
+                                          pubkey5, privkey5, NULL, 0, 0, NULL))
             || !TEST_int_eq(memcmp(sig5, outsig, sizeof(sig5)), 0)
             || !TEST_true(ossl_ed448_sign(NULL, outsig, msg6, sizeof(msg6),
-                                          pubkey6, privkey6, NULL, 0, NULL))
+                                          pubkey6, privkey6, NULL, 0, 0, NULL))
             || !TEST_int_eq(memcmp(sig6, outsig, sizeof(sig6)), 0)
             || !TEST_true(ossl_ed448_sign(NULL, outsig, msg7, sizeof(msg7),
-                                          pubkey7, privkey7, NULL, 0, NULL))
+                                          pubkey7, privkey7, NULL, 0, 0, NULL))
             || !TEST_int_eq(memcmp(sig7, outsig, sizeof(sig7)), 0)
             || !TEST_true(ossl_ed448_sign(NULL, outsig, msg8, sizeof(msg8),
-                                          pubkey8, privkey8, NULL, 0, NULL))
+                                          pubkey8, privkey8, NULL, 0, 0, NULL))
             || !TEST_int_eq(memcmp(sig8, outsig, sizeof(sig8)), 0)
             || !TEST_true(ossl_ed448_sign(NULL, outsig, msg9, sizeof(msg9),
-                                          pubkey9, privkey9, NULL, 0, NULL))
+                                          pubkey9, privkey9, NULL, 0, 0, NULL))
             || !TEST_int_eq(memcmp(sig9, outsig, sizeof(sig9)), 0)
-            || !TEST_true(ossl_ed448ph_sign(NULL, outsig,
-                                            dohash(hashctx, phmsg1,
-                                                   sizeof(phmsg1)), phpubkey1,
-                                                   phprivkey1, NULL, 0, NULL))
+            || !TEST_true(ossl_ed448_sign(NULL, outsig,
+                                          dohash(hashctx, phmsg1,
+                                                 sizeof(phmsg1)), 64, phpubkey1,
+                                                 phprivkey1, NULL, 0, 1, NULL))
             || !TEST_int_eq(memcmp(phsig1, outsig, sizeof(phsig1)), 0)
-            || !TEST_true(ossl_ed448ph_sign(NULL, outsig,
-                                            dohash(hashctx, phmsg2,
-                                                   sizeof(phmsg2)), phpubkey2,
-                                                   phprivkey2, phcontext2,
-                                                   sizeof(phcontext2), NULL))
+            || !TEST_true(ossl_ed448_sign(NULL, outsig,
+                                          dohash(hashctx, phmsg2,
+                                                 sizeof(phmsg2)), 64, phpubkey2,
+                                                 phprivkey2, phcontext2,
+                                                 sizeof(phcontext2), 1, NULL))
             || !TEST_int_eq(memcmp(phsig2, outsig, sizeof(phsig2)), 0)) {
         EVP_MD_CTX_free(hashctx);
         return 0;