openssl/crypto/ec/curve448
James Muir 836080a89a Support all five EdDSA instances from RFC 8032
Fixes #6277

Description:
Make each of the five EdDSA instances defined in RFC 8032 -- Ed25519,
Ed25519ctx, Ed25519ph, Ed448, Ed448ph -- available via the EVP APIs.

The desired EdDSA instance is specified via an OSSL_PARAM.

All instances, except for Ed25519, allow context strings as input.
Context strings are passed via an OSSL_PARAM.  For Ed25519ctx, the
context string must be nonempty.

Ed25519, Ed25519ctx, Ed448 are PureEdDSA instances, which means that
the full message (not a digest) must be passed to sign and verify
operations.

Ed25519ph, Ed448ph are HashEdDSA instances, which means that the input
message is hashed before sign and verify.

Testing:
All 21 test vectors from RFC 8032 have been added to evppkey_ecx.txt
(thanks to Shane Lontis for showing how to do that).  Those 21 test
vectors are exercised by evp_test.c and cover all five instances.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19705)
2023-01-13 07:09:09 +00:00
..
arch_32 Update copyright year 2022-05-03 13:34:51 +01:00
arch_64 Move e_os.h to include/internal 2022-02-05 05:31:09 +01:00
curve448_local.h Support all five EdDSA instances from RFC 8032 2023-01-13 07:09:09 +00:00
curve448_tables.c Update copyright year 2021-04-08 13:04:41 +01:00
curve448.c Update copyright year 2022-05-03 13:34:51 +01:00
curve448utils.h Update copyright year 2021-04-08 13:04:41 +01:00
ed448.h Update copyright year 2021-04-08 13:04:41 +01:00
eddsa.c Support all five EdDSA instances from RFC 8032 2023-01-13 07:09:09 +00:00
f_generic.c Fix the parameter type of gf_serialize 2021-09-17 14:44:41 +02:00
field.h Fix the parameter type of gf_serialize 2021-09-17 14:44:41 +02:00
point_448.h Update copyright year 2021-04-08 13:04:41 +01:00
scalar.c Update copyright year 2021-04-08 13:04:41 +01:00
word.h Update copyright year 2021-04-08 13:04:41 +01:00