server/keymgmt.c: Detect if a private keys records a wrong public key.

diff --git a/server/keymgmt.c b/server/keymgmt.c
index 9e4bc5b4f02c1da8e125f87607ea029b07879525..3a20be0ffb1a7d9663eeb893750a142a00c7276e 100644 (file)
--- a/server/keymgmt.c
+++ b/server/keymgmt.c
@@ -203,6 +203,8 @@ static int kh_loadpriv(key_file *kf, key *k, key_data *d,
 {
   int rc;
   const char *err;
 {
   int rc;
   const char *err;

+  dhge *K;
+  int ok;

 
   if ((rc = dh->ldpriv(kf, k, d, kd, t, e)) != 0)
     goto fail_0;
 
   if ((rc = dh->ldpriv(kf, k, d, kd, t, e)) != 0)
     goto fail_0;


@@ -211,6 +213,13 @@ static int kh_loadpriv(key_file *kf, key *k, key_data *d,
     a_format(e, "bad-group", "%s", err, A_END);
     goto fail_1;
   }
     a_format(e, "bad-group", "%s", err, A_END);
     goto fail_1;
   }

+  K = kd->grp->ops->mul(kd->grp, kd->k, 0);
+  ok = kd->grp->ops->eq(kd->grp, kd->K, K);
+  kd->grp->ops->freege(kd->grp, K);
+  if (!ok) {
+    a_format(e, "incorrect-public-key", A_END);
+    goto fail_1;
+  }

   return (0);
 
 fail_1:
   return (0);
 
 fail_1:

diff --git a/server/tripe-admin.5.in b/server/tripe-admin.5.in
index edd56779ca516daba35fd88f97b7700fdc7b3f92..de3bfcb12f6109bc733f239a6184fb24dbc07b16 100644 (file)
--- a/server/tripe-admin.5.in
+++ b/server/tripe-admin.5.in
@@ -1253,6 +1253,9 @@ and the second token is the filename of the keyring.  Frequently a key
 tag may be given next, preceded by the token
 .BR key .
 .SP
 tag may be given next, preceded by the token
 .BR key .
 .SP

+.BI "KEYMGMT private-keyring " file " key " tag " incorrect-public-key"
+The private key doesn't record the correct corresponding public key.
+.SP

 .BI "KEYMGMT public-keyring " file " key " tag " algorithm-mismatch"
 A peer's public key doesn't request the same algorithms as our private
 key.
 .BI "KEYMGMT public-keyring " file " key " tag " algorithm-mismatch"
 A peer's public key doesn't request the same algorithms as our private
 key.