EdDSA KeyVer

Randy Steck openssl at symsysresearch.com
Tue Jun 20 19:24:55 UTC 2023

I am using OpenSSL 3.1 and working to add EdDSA support to libacvp.  I’m seeking info for the Key Verification test in ACVP. The given input is only the public key, and the expected output is a Boolean. 

Obviously, without the private key, you can’t do a typical KeyVer. I looked in the ACVP-Server source code and I see that for this test there is a generator/factory. It takes as input a Boolean whether it should produce a failing or passing test. It generates a new keypair, then if the parameter specifies a failing test, it increments the Y value until it no longer passes a pairwise test. The comment here says “Modify the public key value until the point is no longer on the curve”. 

Does OpenSSL have a one-shot function to tell me if the point is on the curve?  Is this the action of EVP_PKEY_public_check() on an ED* key?  Do I have to write this function?

Randy Steck

More information about the openssl-users mailing list