diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 7acee5779..9a23c06e2 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -94,8 +94,8 @@ typedef struct mbedtls_x509_crt } mbedtls_x509_crt; -/* - * Security profile for certificate verification +/** + * Security profile for certificate verification. * * All lists are terminated by the respective _NONE value. */ @@ -103,8 +103,9 @@ typedef struct { const mbedtls_md_type_t *allowed_mds; /**< MDs for signatures */ const mbedtls_pk_type_t *allowed_pks; /**< PK algs for signatures */ - size_t rsa_min_bitlen; /**< Minimum size for RSA keys */ - const mbedtls_ecp_group *allowed_curves;/**< Elliptic curves for ECDSA */ + const mbedtls_ecp_group_id *allowed_curves; /**< Elliptic curves */ + size_t rsa_min_bitlen; /**< Minimum size for RSA keys + (must be non-zero) */ } mbedtls_x509_crt_profile; @@ -134,6 +135,23 @@ typedef struct mbedtls_x509write_cert mbedtls_x509write_cert; #if defined(MBEDTLS_X509_CRT_PARSE_C) +/** + * Default security profile. Should provide a good balance between security + * and compatibility with current deployments. + */ +extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default; + +/** + * Expected next default profile. Recommended for new deployments. + * Currently targets a 128-bit security level, except for RSA-2048. + */ +extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next; + +/** + * NSA Suite B profile. + */ +extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb; + /** * \brief Parse a single DER formatted certificate and add it * to the chained list. diff --git a/library/ecp.c b/library/ecp.c index 31197ce49..b733bcc10 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -124,6 +124,8 @@ typedef enum * * Curves are listed in order: largest curves first, and for a given size, * fastest curves first. This provides the default order for the SSL module. + * + * Reminder: update profiles in x509_crt.c when adding a new curves! */ static const mbedtls_ecp_curve_info ecp_supported_curves[] = { diff --git a/library/md.c b/library/md.c index 381ffc404..1d6191fc2 100644 --- a/library/md.c +++ b/library/md.c @@ -54,6 +54,9 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } +/* + * Reminder: update profiles in x509_crt.c when adding a new hash! + */ static const int supported_digests[] = { #if defined(MBEDTLS_SHA512_C) diff --git a/library/x509_crt.c b/library/x509_crt.c index e3d7cc739..8ed3468c7 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -81,6 +81,122 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } +/* + * Default profile + */ +static const mbedtls_md_type_t x509_prof_default_mds[] = +{ + MBEDTLS_MD_SHA1, + MBEDTLS_MD_RIPEMD160, + MBEDTLS_MD_SHA224, + MBEDTLS_MD_SHA256, + MBEDTLS_MD_SHA384, + MBEDTLS_MD_SHA512, + MBEDTLS_MD_NONE +}; + +static const mbedtls_pk_type_t x509_prof_default_pks[] = +{ + MBEDTLS_PK_RSA, + MBEDTLS_PK_ECDSA, + MBEDTLS_PK_NONE +}; + +#if defined(MBEDTLS_ECP_C) +static const mbedtls_ecp_group_id x509_prof_default_curves[] = +{ + MBEDTLS_ECP_DP_SECP192R1, + MBEDTLS_ECP_DP_SECP224R1, + MBEDTLS_ECP_DP_SECP256R1, + MBEDTLS_ECP_DP_SECP384R1, + MBEDTLS_ECP_DP_SECP521R1, + MBEDTLS_ECP_DP_BP256R1, + MBEDTLS_ECP_DP_BP384R1, + MBEDTLS_ECP_DP_BP512R1, + MBEDTLS_ECP_DP_SECP192K1, + MBEDTLS_ECP_DP_SECP224K1, + MBEDTLS_ECP_DP_SECP256K1, +}; +#else +static const mbedtls_ecp_group_id *x509_prof_default_curves = NULL; +#endif + +const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default = +{ + x509_prof_default_mds, + x509_prof_default_pks, + x509_prof_default_curves, + 2048, +}; + +/* + * Next-default profile + */ +static const mbedtls_md_type_t x509_prof_next_mds[] = +{ + MBEDTLS_MD_SHA256, + MBEDTLS_MD_SHA384, + MBEDTLS_MD_SHA512, + MBEDTLS_MD_NONE +}; + +#if defined(MBEDTLS_ECP_C) +static const mbedtls_ecp_group_id x509_prof_next_curves[] = +{ + MBEDTLS_ECP_DP_SECP256R1, + MBEDTLS_ECP_DP_SECP384R1, + MBEDTLS_ECP_DP_SECP521R1, + MBEDTLS_ECP_DP_BP256R1, + MBEDTLS_ECP_DP_BP384R1, + MBEDTLS_ECP_DP_BP512R1, + MBEDTLS_ECP_DP_SECP256K1, +}; +#else +static const mbedtls_ecp_group_id *x509_prof_next_curves = NULL; +#endif + +const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next = +{ + x509_prof_next_mds, + x509_prof_default_pks, + x509_prof_next_curves, + 2048, +}; + +/* + * NSA Suite B Profile + */ +static const mbedtls_md_type_t x509_prof_suiteb_mds[] = +{ + MBEDTLS_MD_SHA256, + MBEDTLS_MD_SHA384, + MBEDTLS_MD_NONE +}; + +static const mbedtls_pk_type_t x509_prof_suiteb_pks[] = +{ + MBEDTLS_PK_ECDSA, + MBEDTLS_PK_NONE +}; + +#if defined(MBEDTLS_ECP_C) +static const mbedtls_ecp_group_id x509_prof_suiteb_curves[] = +{ + MBEDTLS_ECP_DP_SECP256R1, + MBEDTLS_ECP_DP_SECP384R1, +}; +#else +static const mbedtls_ecp_group_id *x509_prof_suiteb_curves = NULL; +#endif + +const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb = +{ + x509_prof_suiteb_mds, + x509_prof_suiteb_pks, + x509_prof_suiteb_curves, + 2048, +}; + /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ @@ -1995,7 +2111,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, void *p_vrfy ) { return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl, - NULL /* WIP */, cn, flags, f_vrfy, p_vrfy ) ); + &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) ); }