From 70bdadf54bd5f1997354a81b3de031d38065b00b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Thu, 6 Nov 2014 16:51:20 +0100
Subject: [PATCH] Add pk_check_pair()

---
 include/polarssl/pk.h               | 13 +++++++++++++
 library/pk.c                        | 20 ++++++++++++++++++++
 library/pk_wrap.c                   | 17 +++++++++++++++++
 tests/suites/test_suite_pk.data     | 20 ++++++++++++++++++++
 tests/suites/test_suite_pk.function | 18 ++++++++++++++++++
 5 files changed, 88 insertions(+)

diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h
index 754dda2190..0ff5f1e6c1 100644
--- a/include/polarssl/pk.h
+++ b/include/polarssl/pk.h
@@ -177,6 +177,9 @@ typedef struct
                          int (*f_rng)(void *, unsigned char *, size_t),
                          void *p_rng );
 
+    /** Check public-private key pair */
+    int (*check_pair_func)( const void *pub, const void *prv );
+
     /** Allocate a new context */
     void * (*ctx_alloc_func)( void );
 
@@ -426,6 +429,16 @@ int pk_encrypt( pk_context *ctx,
                 unsigned char *output, size_t *olen, size_t osize,
                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
 
+/**
+ * \brief           Check if a public-private pair of keys matches.
+ *
+ * \param pub       Context holding a public key.
+ * \param prv       Context holding a private (and public) key.
+ *
+ * \return          0 on success or POLARSSL_ERR_PK_BAD_INPUT_DATA
+ */
+int pk_check_pair( const pk_context *pub, const pk_context *prv );
+
 /**
  * \brief           Export debug information
  *
diff --git a/library/pk.c b/library/pk.c
index 4aba3aa6d8..513d8caddf 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -300,6 +300,26 @@ int pk_encrypt( pk_context *ctx,
                 output, olen, osize, f_rng, p_rng ) );
 }
 
+/*
+ * Check public-private key pair
+ */
+int pk_check_pair( const pk_context *pub, const pk_context *prv )
+{
+    if( pub == NULL || pub->pk_info == NULL ||
+        prv == NULL || prv->pk_info == NULL )
+    {
+        return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
+    }
+
+    if( pub->pk_info != prv->pk_info ||
+        pub->pk_info->check_pair_func == NULL )
+    {
+        return( POLARSSL_ERR_PK_TYPE_MISMATCH );
+    }
+
+    return( pub->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
+}
+
 /*
  * Get key size in bits
  */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 5e9ff605ee..0d2a368ad1 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -125,6 +125,12 @@ static int rsa_encrypt_wrap( void *ctx,
                 f_rng, p_rng, RSA_PUBLIC, ilen, input, output ) );
 }
 
+static int rsa_check_pair_wrap( const void *pub, const void *prv )
+{
+    return( rsa_check_pub_priv( (const rsa_context *) pub,
+                                (const rsa_context *) prv ) );
+}
+
 static void *rsa_alloc_wrap( void )
 {
     void *ctx = polarssl_malloc( sizeof( rsa_context ) );
@@ -163,6 +169,7 @@ const pk_info_t rsa_info = {
     rsa_sign_wrap,
     rsa_decrypt_wrap,
     rsa_encrypt_wrap,
+    rsa_check_pair_wrap,
     rsa_alloc_wrap,
     rsa_free_wrap,
     rsa_debug,
@@ -234,6 +241,12 @@ static int eckey_sign_wrap( void *ctx, md_type_t md_alg,
 
 #endif /* POLARSSL_ECDSA_C */
 
+static int eckey_check_pair( const void *pub, const void *prv )
+{
+    return( ecp_check_pub_priv( (const ecp_keypair *) pub,
+                                (const ecp_keypair *) prv ) );
+}
+
 static void *eckey_alloc_wrap( void )
 {
     void *ctx = polarssl_malloc( sizeof( ecp_keypair ) );
@@ -271,6 +284,7 @@ const pk_info_t eckey_info = {
 #endif
     NULL,
     NULL,
+    eckey_check_pair,
     eckey_alloc_wrap,
     eckey_free_wrap,
     eckey_debug,
@@ -294,6 +308,7 @@ const pk_info_t eckeydh_info = {
     NULL,
     NULL,
     NULL,
+    eckey_check_pair,
     eckey_alloc_wrap,       /* Same underlying key structure */
     eckey_free_wrap,        /* Same underlying key structure */
     eckey_debug,            /* Same underlying key structure */
@@ -367,6 +382,7 @@ const pk_info_t ecdsa_info = {
     ecdsa_sign_wrap,
     NULL,
     NULL,
+    eckey_check_pair,   /* Compatible key structures */
     ecdsa_alloc_wrap,
     ecdsa_free_wrap,
     eckey_debug,        /* Compatible key structures */
@@ -444,6 +460,7 @@ const pk_info_t rsa_alt_info = {
     rsa_alt_sign_wrap,
     rsa_alt_decrypt_wrap,
     NULL,
+    NULL,                   /* No public key */
     rsa_alt_alloc_wrap,
     rsa_alt_free_wrap,
     NULL,
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 47640a6874..73694d29db 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -130,3 +130,23 @@ Verify ext RSA #12 (PKCS1 v1.5, good)
 depends_on:POLARSSL_SHA1_C:POLARSSL_PKCS1_V15
 pk_rsa_verify_ext_test_vec:"206ef4bf396c6087f8229ef196fd35f37ccb8de5efcdb238f20d556668f114257a11fbe038464a67830378e62ae9791453953dac1dbd7921837ba98e84e856eb80ed9487e656d0b20c28c8ba5e35db1abbed83ed1c7720a97701f709e3547a4bfcabca9c89c57ad15c3996577a0ae36d7c7b699035242f37954646c1cd5c08ac":POLARSSL_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":POLARSSL_PK_RSA:-1:RSA_SALT_LEN_ANY:0
 
+Check pair #1 (EC, OK)
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
+pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
+
+Check pair #2 (EC, bad)
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
+pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":POLARSSL_ERR_ECP_BAD_INPUT_DATA
+
+Check pair #3 (RSA, OK)
+depends_on:POLARSSL_RSA_C
+pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0
+
+Check pair #4 (RSA, bad)
+depends_on:POLARSSL_RSA_C
+pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
+
+Check pair #5 (RSA vs EC)
+depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_RSA_C
+pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":POLARSSL_ERR_PK_TYPE_MISMATCH
+
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index dc7dee94ee..352169c240 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -80,6 +80,24 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE depends_on:POLARSSL_PK_PARSE_C */
+void pk_check_pair( char *pub_file, char *prv_file, int ret )
+{
+    pk_context pub, prv;
+
+    pk_init( &pub );
+    pk_init( &prv );
+
+    TEST_ASSERT( pk_parse_public_keyfile( &pub, pub_file ) == 0 );
+    TEST_ASSERT( pk_parse_keyfile( &prv, prv_file, NULL ) == 0 );
+
+    TEST_ASSERT( pk_check_pair( &pub, &prv ) == ret );
+
+    pk_free( &pub );
+    pk_free( &prv );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:POLARSSL_RSA_C */
 void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
                        int mod, int radix_N, char *input_N, int radix_E,