create_extended_keypair should use Random and be made deterministic for fuzzing

[iphydf]

crypto_sign_keypair generates random numbers and then derives a key. We should use Random for random numbers and derive the key from that. It's exactly the same in production builds, but in fuzzing this ensures that we can fuzz NGC properly.

[JFreegman]

Do you mean write fuzzer-only re-implementation of the libsodium function? I wouldn't want to be re-implementing libsodium internals in production. Even if it's a copy-paste job there are numerous issues with that.

[iphydf]

https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_sign/ed25519/ref10/keypair.c#L39

Use the "seed" version of the API instead of the unseeded version where it seeds via internal random. No, not just for fuzzing.

https://github.com/jedisct1/libsodium/blob/b564794eddda79d54374144653c1f4e05ae08a64/src/libsodium/crypto_sign/crypto_sign.c#L47 use this one from the public API.

[JFreegman]

I see, I didn't know there was a public version of that function.