Sane CLI --hash default for Ed25519 / Ed448

[robinchrist]

If you use ./botan sign priv.key file_to_sign > signature with priv.key being an Ed25519 / Ed448 key, botan will default to SHA-256 for hash, letting Ed25519 / Ed448 operate in a non-default / non-standard mode.

This feels unexpected to me, because if you do not specify a hash when using Ed25519 / Ed448 with other API functions, such as Botan::PK_Verifier verifier(*pubkey, ""); it will default to Pure / Identity. I spent way more time than I'm willing to admit troubleshooting why the signatures generated by the Botan CLI do not match the signatures generated by code.

It is also not very obvious from the code that const std::string hash_fn = get_arg("hash"); in the CLI code will default to SHA-256, especially because of the if(!hash_fn.empty() right after.

Suggestions:

1. If --hash is not specified for Ed25519 / Ed448 keys, make the CLI default Pure / Identity or
2. Improve the description, outlining that SHA-256 is used as default for ALL algorithms, even Ed25519 / Ed448

[randombit]

Indeed this is not good - thank you for raising the issue. One of Botan's explicit design goals is principle of least astonishment and here we have failed to meet that bar. We can probably improve on this situation quite a bit in #4318