Add Ed (edwards curve), EdDSA (Ed25519/Ed448) and XDH (X25519/X448) interfaces

[waltkb]

#60 is already included in this branch.

[whyoleg]

Thanks for the PR!
This would be a lovely addition to the library!

While I'm investigating a bit regarding the naming for the algorithms and curves, could you try to implement those algorithms in openssl and webcrypto providers?
As far as I see, web crypto recently added support for them (f.e. in deriveBits), so it's better to recheck if it's supported in latest browsers/nodejs
As for openssl - I'm pretty sure it's supported for some time

[whyoleg]

Hey @waltkb, do you mind finalizing implementation for other providers or could I finish it by myself?

[waltkb]

While I'm investigating a bit regarding the naming for the algorithms and curves, could you try to implement those algorithms in openssl and webcrypto providers? As far as I see, web crypto recently added support for them (f.e. in deriveBits), so it's better to recheck if it's supported in latest browsers/nodejs As for openssl - I'm pretty sure it's supported for some time

I found out that Ed25519 should actually work not just in NodeJs, but also in Firefox (Desktop and Android) and Safari (Desktop and iOS) on the Web (only Chrome is still lacking behind, where #enable-experimental-web-platform-features has to be set - same for all other Chromium based, so Edge, Opera etc. requiring setting this flag). I will try to find time to implement this.

However, while OpenSSL3 definitely supports it, I don't really know enough about cinterop and the OpenSSL API to implement this. Would it be fine if I only implemented it for JDK and JS for now?

[whyoleg]

However, while OpenSSL3 definitely supports it, I don't really know enough about cinterop and the OpenSSL API to implement this. Would it be fine if I only implemented it for JDK and JS for now?

Yeah, sure. I will implement those before merging the PR to validate that all of the implementation are compatible

[whyoleg]

While I'm investigating a bit regarding the naming for the algorithms and curves

I've done a bit of research and I think that we should make EdDSA and XDH fully separate algorithms without shared Ed interface, as in the end, even if they use the same curves, the key encoding is different and Curve names are different.

So I would suggest to having EdDSA algorithm just for signing with enum Curve (not value class, as all the values here are known and will not change) with Ed25519 and Ed448 values. and XDH algorithm with enum Curve with X25519 and X448 values.
Yes, it will require a bit of code repetition, but it will be more correct.

If you need any more help, please feel free to ping me.