Add pre-defined profiles for cert verification

2015-06-15 14:34:59 +02:00 · 2015-06-15 14:34:59 +02:00 · 88db5da117
commit 88db5da117
parent 9505164ef4
4 changed files with 144 additions and 5 deletions
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@ -94,8 +94,8 @@ typedef struct mbedtls_x509_crt
 }
 mbedtls_x509_crt;

-/*
- * Security profile for certificate verification
+/**
+ * Security profile for certificate verification.
 *
 * All lists are terminated by the respective _NONE value.
 */
@ -103,8 +103,9 @@ typedef struct
 {
    const mbedtls_md_type_t *allowed_mds;   /**< MDs for signatures         */
    const mbedtls_pk_type_t *allowed_pks;   /**< PK algs for signatures     */
-    size_t rsa_min_bitlen;                  /**< Minimum size for RSA keys  */
-    const mbedtls_ecp_group *allowed_curves;/**< Elliptic curves for ECDSA  */
+    const mbedtls_ecp_group_id *allowed_curves; /**< Elliptic curves        */
+    size_t rsa_min_bitlen;                  /**< Minimum size for RSA keys
+                                                 (must be non-zero)         */
 }
 mbedtls_x509_crt_profile;

@ -134,6 +135,23 @@ typedef struct mbedtls_x509write_cert
 mbedtls_x509write_cert;

 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * Default security profile. Should provide a good balance between security
+ * and compatibility with current deployments.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
+
+/**
+ * Expected next default profile. Recommended for new deployments.
+ * Currently targets a 128-bit security level, except for RSA-2048.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
+
+/**
+ * NSA Suite B profile.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
+
 /**
 * \brief          Parse a single DER formatted certificate and add it
 *                 to the chained list.
--- a/library/ecp.c
+++ b/library/ecp.c
@ -124,6 +124,8 @@ typedef enum
 *
 * Curves are listed in order: largest curves first, and for a given size,
 * fastest curves first. This provides the default order for the SSL module.
+ *
+ * Reminder: update profiles in x509_crt.c when adding a new curves!
 */
 static const mbedtls_ecp_curve_info ecp_supported_curves[] =
 {
--- a/library/md.c
+++ b/library/md.c
@ -54,6 +54,9 @@ static void mbedtls_zeroize( void *v, size_t n ) {
    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
 }

+/*
+ * Reminder: update profiles in x509_crt.c when adding a new hash!
+ */
 static const int supported_digests[] = {

 #if defined(MBEDTLS_SHA512_C)
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@ -81,6 +81,122 @@ static void mbedtls_zeroize( void *v, size_t n ) {
    volatile unsigned char *p = v; while( n-- ) *p++ = 0;
 }

+/*
+ * Default profile
+ */
+static const mbedtls_md_type_t x509_prof_default_mds[] =
+{
+    MBEDTLS_MD_SHA1,
+    MBEDTLS_MD_RIPEMD160,
+    MBEDTLS_MD_SHA224,
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_NONE
+};
+
+static const mbedtls_pk_type_t x509_prof_default_pks[] =
+{
+    MBEDTLS_PK_RSA,
+    MBEDTLS_PK_ECDSA,
+    MBEDTLS_PK_NONE
+};
+
+#if defined(MBEDTLS_ECP_C)
+static const mbedtls_ecp_group_id x509_prof_default_curves[] =
+{
+    MBEDTLS_ECP_DP_SECP192R1,
+    MBEDTLS_ECP_DP_SECP224R1,
+    MBEDTLS_ECP_DP_SECP256R1,
+    MBEDTLS_ECP_DP_SECP384R1,
+    MBEDTLS_ECP_DP_SECP521R1,
+    MBEDTLS_ECP_DP_BP256R1,
+    MBEDTLS_ECP_DP_BP384R1,
+    MBEDTLS_ECP_DP_BP512R1,
+    MBEDTLS_ECP_DP_SECP192K1,
+    MBEDTLS_ECP_DP_SECP224K1,
+    MBEDTLS_ECP_DP_SECP256K1,
+};
+#else
+static const mbedtls_ecp_group_id *x509_prof_default_curves = NULL;
+#endif
+
+const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
+{
+    x509_prof_default_mds,
+    x509_prof_default_pks,
+    x509_prof_default_curves,
+    2048,
+};
+
+/*
+ * Next-default profile
+ */
+static const mbedtls_md_type_t x509_prof_next_mds[] =
+{
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_NONE
+};
+
+#if defined(MBEDTLS_ECP_C)
+static const mbedtls_ecp_group_id x509_prof_next_curves[] =
+{
+    MBEDTLS_ECP_DP_SECP256R1,
+    MBEDTLS_ECP_DP_SECP384R1,
+    MBEDTLS_ECP_DP_SECP521R1,
+    MBEDTLS_ECP_DP_BP256R1,
+    MBEDTLS_ECP_DP_BP384R1,
+    MBEDTLS_ECP_DP_BP512R1,
+    MBEDTLS_ECP_DP_SECP256K1,
+};
+#else
+static const mbedtls_ecp_group_id *x509_prof_next_curves = NULL;
+#endif
+
+const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
+{
+    x509_prof_next_mds,
+    x509_prof_default_pks,
+    x509_prof_next_curves,
+    2048,
+};
+
+/*
+ * NSA Suite B Profile
+ */
+static const mbedtls_md_type_t x509_prof_suiteb_mds[] =
+{
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_NONE
+};
+
+static const mbedtls_pk_type_t x509_prof_suiteb_pks[] =
+{
+    MBEDTLS_PK_ECDSA,
+    MBEDTLS_PK_NONE
+};
+
+#if defined(MBEDTLS_ECP_C)
+static const mbedtls_ecp_group_id x509_prof_suiteb_curves[] =
+{
+    MBEDTLS_ECP_DP_SECP256R1,
+    MBEDTLS_ECP_DP_SECP384R1,
+};
+#else
+static const mbedtls_ecp_group_id *x509_prof_suiteb_curves = NULL;
+#endif
+
+const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
+{
+    x509_prof_suiteb_mds,
+    x509_prof_suiteb_pks,
+    x509_prof_suiteb_curves,
+    2048,
+};
+
 /*
 *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
 */
@ -1995,7 +2111,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
                     void *p_vrfy )
 {
    return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
-                NULL /* WIP */, cn, flags, f_vrfy, p_vrfy ) );
+                &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
 }