blob: 387e28f819f9c4b7b09386a4cdfaf721d0b23e1a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
#ifndef _IPXE_OCSP_H
#define _IPXE_OCSP_H
/** @file
*
* Online Certificate Status Protocol
*
*/
FILE_LICENCE ( GPL2_OR_LATER );
#include <stdarg.h>
#include <time.h>
#include <ipxe/asn1.h>
#include <ipxe/x509.h>
#include <ipxe/refcnt.h>
/** OCSP algorithm identifier */
#define OCSP_ALGORITHM_IDENTIFIER( ... ) \
ASN1_OID, VA_ARG_COUNT ( __VA_ARGS__ ), __VA_ARGS__, \
ASN1_NULL, 0x00
/* OCSP response statuses */
#define OCSP_STATUS_SUCCESSFUL 0x00
#define OCSP_STATUS_MALFORMED_REQUEST 0x01
#define OCSP_STATUS_INTERNAL_ERROR 0x02
#define OCSP_STATUS_TRY_LATER 0x03
#define OCSP_STATUS_SIG_REQUIRED 0x05
#define OCSP_STATUS_UNAUTHORIZED 0x06
struct ocsp_check;
/** An OCSP request */
struct ocsp_request {
/** Request builder */
struct asn1_builder builder;
/** Certificate ID */
struct asn1_cursor cert_id;
};
/** An OCSP responder */
struct ocsp_responder {
/**
* Check if certificate is the responder's certificate
*
* @v ocsp OCSP check
* @v cert Certificate
* @ret difference Difference as returned by memcmp()
*/
int ( * compare ) ( struct ocsp_check *ocsp,
struct x509_certificate *cert );
/** Responder ID */
struct asn1_cursor id;
};
/** An OCSP response */
struct ocsp_response {
/** Raw response */
void *data;
/** Raw tbsResponseData */
struct asn1_cursor tbs;
/** Responder */
struct ocsp_responder responder;
/** Time at which status is known to be correct */
time_t this_update;
/** Time at which newer status information will be available */
time_t next_update;
/** Signature algorithm */
struct asn1_algorithm *algorithm;
/** Signature value */
struct asn1_bit_string signature;
/** Signing certificate */
struct x509_certificate *signer;
};
/** An OCSP check */
struct ocsp_check {
/** Reference count */
struct refcnt refcnt;
/** Certificate being checked */
struct x509_certificate *cert;
/** Issuing certificate */
struct x509_certificate *issuer;
/** URI string */
char *uri_string;
/** Request */
struct ocsp_request request;
/** Response */
struct ocsp_response response;
};
/**
* Get reference to OCSP check
*
* @v ocsp OCSP check
* @ret ocsp OCSP check
*/
static inline __attribute__ (( always_inline )) struct ocsp_check *
ocsp_get ( struct ocsp_check *ocsp ) {
ref_get ( &ocsp->refcnt );
return ocsp;
}
/**
* Drop reference to OCSP check
*
* @v ocsp OCSP check
*/
static inline __attribute__ (( always_inline )) void
ocsp_put ( struct ocsp_check *ocsp ) {
ref_put ( &ocsp->refcnt );
}
extern int ocsp_check ( struct x509_certificate *cert,
struct x509_certificate *issuer,
struct ocsp_check **ocsp );
extern int ocsp_response ( struct ocsp_check *ocsp, const void *data,
size_t len );
extern int ocsp_validate ( struct ocsp_check *check, time_t time );
#endif /* _IPXE_OCSP_H */
|
