Hi Fabian,

I think mbedtls_pk_check_pair() is what you want: it checks if a given public key and private key match.

That said, I would agree that this check might be overly cautious :)

Cheers,
Manuel.
From: Fabian Keil via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Sent: 09 October 2024 08:44
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] Checking that RSA key and issuer certificate match using mbedTLS 3.x
 
Hi,

I'm currently working on adding mbedTLS 3.x support for Privoxy [0].

Everything seems to be working but I ifdef'ed out the following
code in [1] that worked with mbedTLS 2.28.8:

   /*
    * Check if key and issuer certificate match
    */
   if (!mbedtls_pk_can_do(&issuer_cert.pk, MBEDTLS_PK_RSA) ||
      mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa(issuer_cert.pk)->N,
         &mbedtls_pk_rsa(*issuer_key)->N) != 0 ||
      mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa(issuer_cert.pk)->E,
         &mbedtls_pk_rsa(*issuer_key)->E) != 0)
   {
      log_error(LOG_LEVEL_ERROR,
         "Issuer key doesn't match issuer certificate");
      ret = -1;
      goto exit;
   }

As N and E are private now it no longer compiles.

Is there a way to implement the check with mbedTLS 3.x?

My impression is that the sanity check is overly cautious
and we don't have equivalent code for OpenSSL and wolfSSL
but I'm curious.

Thanks,
Fabian

[0] <https://www.privoxy.org/>
[1] <https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob;f=ssl.c;h=e8007cd9adad65ea10c5f98d385dc75fa8eab51f;hb=HEAD#l1547>