Add pre-defined profiles for cert verification

include/mbedtls/x509_crt.h

@@ -94,8 +94,8 @@ typedef struct mbedtls_x509_crt
 }
 mbedtls_x509_crt;
 
-/*
+/**
- * Security profile for certificate verification
+ * Security profile for certificate verification.
  *
  * All lists are terminated by the respective _NONE value.
  */
@@ -103,8 +103,9 @@ typedef struct
 {
     const mbedtls_md_type_t *allowed_mds;   /**< MDs for signatures         */
     const mbedtls_pk_type_t *allowed_pks;   /**< PK algs for signatures     */
-    size_t rsa_min_bitlen;                  /**< Minimum size for RSA keys  */
+    const mbedtls_ecp_group_id *allowed_curves; /**< Elliptic curves        */
-    const mbedtls_ecp_group *allowed_curves;/**< Elliptic curves for ECDSA  */
+    size_t rsa_min_bitlen;                  /**< Minimum size for RSA keys
+                                                 (must be non-zero)         */
 }
 mbedtls_x509_crt_profile;
 
@@ -134,6 +135,23 @@ typedef struct mbedtls_x509write_cert
 mbedtls_x509write_cert;
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+/**
+ * Default security profile. Should provide a good balance between security
+ * and compatibility with current deployments.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default;
+
+/**
+ * Expected next default profile. Recommended for new deployments.
+ * Currently targets a 128-bit security level, except for RSA-2048.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next;
+
+/**
+ * NSA Suite B profile.
+ */
+extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb;
+
 /**
  * \brief          Parse a single DER formatted certificate and add it
  *                 to the chained list.

library/ecp.c

@@ -124,6 +124,8 @@ typedef enum
  *
  * Curves are listed in order: largest curves first, and for a given size,
  * fastest curves first. This provides the default order for the SSL module.
+ *
+ * Reminder: update profiles in x509_crt.c when adding a new curves!
  */
 static const mbedtls_ecp_curve_info ecp_supported_curves[] =
 {

library/md.c

@@ -54,6 +54,9 @@ static void mbedtls_zeroize( void *v, size_t n ) {
     volatile unsigned char *p = v; while( n-- ) *p++ = 0;
 }
 
+/*
+ * Reminder: update profiles in x509_crt.c when adding a new hash!
+ */
 static const int supported_digests[] = {
 
 #if defined(MBEDTLS_SHA512_C)

library/x509_crt.c

@@ -81,6 +81,122 @@ static void mbedtls_zeroize( void *v, size_t n ) {
     volatile unsigned char *p = v; while( n-- ) *p++ = 0;
 }
 
+/*
+ * Default profile
+ */
+static const mbedtls_md_type_t x509_prof_default_mds[] =
+{
+    MBEDTLS_MD_SHA1,
+    MBEDTLS_MD_RIPEMD160,
+    MBEDTLS_MD_SHA224,
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_NONE
+};
+
+static const mbedtls_pk_type_t x509_prof_default_pks[] =
+{
+    MBEDTLS_PK_RSA,
+    MBEDTLS_PK_ECDSA,
+    MBEDTLS_PK_NONE
+};
+
+#if defined(MBEDTLS_ECP_C)
+static const mbedtls_ecp_group_id x509_prof_default_curves[] =
+{
+    MBEDTLS_ECP_DP_SECP192R1,
+    MBEDTLS_ECP_DP_SECP224R1,
+    MBEDTLS_ECP_DP_SECP256R1,
+    MBEDTLS_ECP_DP_SECP384R1,
+    MBEDTLS_ECP_DP_SECP521R1,
+    MBEDTLS_ECP_DP_BP256R1,
+    MBEDTLS_ECP_DP_BP384R1,
+    MBEDTLS_ECP_DP_BP512R1,
+    MBEDTLS_ECP_DP_SECP192K1,
+    MBEDTLS_ECP_DP_SECP224K1,
+    MBEDTLS_ECP_DP_SECP256K1,
+};
+#else
+static const mbedtls_ecp_group_id *x509_prof_default_curves = NULL;
+#endif
+
+const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
+{
+    x509_prof_default_mds,
+    x509_prof_default_pks,
+    x509_prof_default_curves,
+    2048,
+};
+
+/*
+ * Next-default profile
+ */
+static const mbedtls_md_type_t x509_prof_next_mds[] =
+{
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_NONE
+};
+
+#if defined(MBEDTLS_ECP_C)
+static const mbedtls_ecp_group_id x509_prof_next_curves[] =
+{
+    MBEDTLS_ECP_DP_SECP256R1,
+    MBEDTLS_ECP_DP_SECP384R1,
+    MBEDTLS_ECP_DP_SECP521R1,
+    MBEDTLS_ECP_DP_BP256R1,
+    MBEDTLS_ECP_DP_BP384R1,
+    MBEDTLS_ECP_DP_BP512R1,
+    MBEDTLS_ECP_DP_SECP256K1,
+};
+#else
+static const mbedtls_ecp_group_id *x509_prof_next_curves = NULL;
+#endif
+
+const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_next =
+{
+    x509_prof_next_mds,
+    x509_prof_default_pks,
+    x509_prof_next_curves,
+    2048,
+};
+
+/*
+ * NSA Suite B Profile
+ */
+static const mbedtls_md_type_t x509_prof_suiteb_mds[] =
+{
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_NONE
+};
+
+static const mbedtls_pk_type_t x509_prof_suiteb_pks[] =
+{
+    MBEDTLS_PK_ECDSA,
+    MBEDTLS_PK_NONE
+};
+
+#if defined(MBEDTLS_ECP_C)
+static const mbedtls_ecp_group_id x509_prof_suiteb_curves[] =
+{
+    MBEDTLS_ECP_DP_SECP256R1,
+    MBEDTLS_ECP_DP_SECP384R1,
+};
+#else
+static const mbedtls_ecp_group_id *x509_prof_suiteb_curves = NULL;
+#endif
+
+const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
+{
+    x509_prof_suiteb_mds,
+    x509_prof_suiteb_pks,
+    x509_prof_suiteb_curves,
+    2048,
+};
+
 /*
  *  Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
  */
@@ -1995,7 +2111,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
                      void *p_vrfy )
 {
     return( mbedtls_x509_crt_verify_with_profile( crt, trust_ca, ca_crl,
-                NULL /* WIP */, cn, flags, f_vrfy, p_vrfy ) );
+                &mbedtls_x509_crt_profile_default, cn, flags, f_vrfy, p_vrfy ) );
 }