Description
XEDDSA[1] is an addition to Darren Johnsons EDDSA proposal, his proposal introduces the curves 25519 and 448 in Montgomery and Edwards representations. These curves can be used for DH key exchanges or signing depending on the representation.
XEDDSA allows Montgomery curves (intended for DH) to be internally converted to Edwards representation and subsequently used for signing. This means the same key can be used for both - DH and signing. This is necessary for the Extended Triple DH key exchange in another proposal.
In this draft i create a new type enumerating the allowed hash mechanisms used for XEDDSA. but i'm inclined to instead simply use CK_MECHANISM_TYPE and let the implementer decide which hash algorithms to support.
Note unlike the EDDSA mechanism this mechanism is randomized and not deterministic.
[1] https://signal.org/docs/specifications/xeddsa/