ocsp_client.h
Go to the documentation of this file.
1 /**
2  * @file ocsp_client.h
3  * @brief OCSP client
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.4
29  **/
30 
31 #ifndef _OCSP_CLIENT_H
32 #define _OCSP_CLIENT_H
33 
34 //Dependencies
35 #include "core/net.h"
36 #include "http/http_client.h"
37 #include "ocsp/ocsp_common.h"
38 
39 //OCSP client support
40 #ifndef OCSP_CLIENT_SUPPORT
41  #define OCSP_CLIENT_SUPPORT DISABLED
42 #elif (OCSP_CLIENT_SUPPORT != ENABLED && OCSP_CLIENT_SUPPORT != DISABLED)
43  #error OCSP_CLIENT_SUPPORT parameter is not valid
44 #endif
45 
46 //OCSP over HTTPS
47 #ifndef OCSP_CLIENT_TLS_SUPPORT
48  #define OCSP_CLIENT_TLS_SUPPORT DISABLED
49 #elif (OCSP_CLIENT_TLS_SUPPORT != ENABLED && OCSP_CLIENT_TLS_SUPPORT != DISABLED)
50  #error OCSP_CLIENT_TLS_SUPPORT parameter is not valid
51 #endif
52 
53 //Default timeout
54 #ifndef OCSP_CLIENT_DEFAULT_TIMEOUT
55  #define OCSP_CLIENT_DEFAULT_TIMEOUT 20000
56 #elif (OCSP_CLIENT_DEFAULT_TIMEOUT < 1000)
57  #error OCSP_CLIENT_DEFAULT_TIMEOUT parameter is not valid
58 #endif
59 
60 //Size of the buffer for input/output operations
61 #ifndef OCSP_CLIENT_BUFFER_SIZE
62  #define OCSP_CLIENT_BUFFER_SIZE 2048
63 #elif (OCSP_CLIENT_BUFFER_SIZE < 512)
64  #error OCSP_CLIENT_BUFFER_SIZE parameter is not valid
65 #endif
66 
67 //Maximum length of host names
68 #ifndef OCSP_CLIENT_MAX_HOST_LEN
69  #define OCSP_CLIENT_MAX_HOST_LEN 64
70 #elif (OCSP_CLIENT_MAX_HOST_LEN < 1)
71  #error OCSP_CLIENT_MAX_HOST_LEN parameter is not valid
72 #endif
73 
74 //Maximum length of URIs
75 #ifndef OCSP_CLIENT_MAX_URI_LEN
76  #define OCSP_CLIENT_MAX_URI_LEN 32
77 #elif (OCSP_CLIENT_MAX_URI_LEN < 1)
78  #error OCSP_CLIENT_MAX_URI_LEN parameter is not valid
79 #endif
80 
81 //Nonce size
82 #ifndef OCSP_CLIENT_NONCE_SIZE
83  #define OCSP_CLIENT_NONCE_SIZE 16
84 #elif (OCSP_CLIENT_NONCE_SIZE < 1 || OCSP_CLIENT_NONCE_SIZE > 32)
85  #error OCSP_CLIENT_NONCE_SIZE parameter is not valid
86 #endif
87 
88 //Application specific context
89 #ifndef OCSP_CLIENT_PRIVATE_CONTEXT
90  #define OCSP_CLIENT_PRIVATE_CONTEXT
91 #endif
92 
93 //C++ guard
94 #ifdef __cplusplus
95 extern "C" {
96 #endif
97 
98 /**
99  * @brief OCSP client states
100  **/
101 
102 typedef enum
103 {
119 
120 
121 //HTTPS supported?
122 #if (OCSP_CLIENT_TLS_SUPPORT == ENABLED)
123 
124 /**
125  * @brief TLS initialization callback function
126  **/
127 
129  TlsContext *tlsContext);
130 
131 #endif
132 
133 
134 /**
135  * @brief OCSP client context
136  **/
137 
138 typedef struct
139 {
140  OcspClientState state; ///<OCSP client state
141  NetInterface *interface; ///<Underlying network interface
142  systime_t timeout; ///<Timeout value
143  const PrngAlgo *prngAlgo; ///<Pseudo-random number generator to be used
144  void *prngContext; ///<Pseudo-random number generator context
145  HttpClientContext httpClientContext; ///<HTTP client context
146 #if (OCSP_CLIENT_TLS_SUPPORT == ENABLED)
147  OcspClientTlsInitCallback tlsInitCallback; ///<TLS initialization callback function
148 #endif
149  char_t serverName[OCSP_CLIENT_MAX_HOST_LEN + 1]; ///<Host name of the OCSP server
150  uint16_t serverPort; ///<TCP port number
151  char_t uri[OCSP_CLIENT_MAX_URI_LEN + 1]; ///<URI
152  uint8_t nonce[OCSP_CLIENT_NONCE_SIZE]; ///<Random nonce
153  size_t nonceLen; ///<Length of the nonce, in bytes
154  uint8_t buffer[OCSP_CLIENT_BUFFER_SIZE]; ///<Memory buffer for input/output operations
155  size_t bufferLen; ///<Length of the buffer, in bytes
156  size_t bufferPos; ///<Current position in the buffer
157  uint_t httpStatusCode; ///<HTTP status code
158  OcspResponse ocspResponse; ///<OCSP response
159  OCSP_CLIENT_PRIVATE_CONTEXT ///<Application specific context
161 
162 
163 //OCSP client related functions
165 
166 #if (OCSP_CLIENT_TLS_SUPPORT == ENABLED)
167 
169  OcspClientTlsInitCallback callback);
170 
171 #endif
172 
173 error_t ocspClientSetPrng(OcspClientContext *context, const PrngAlgo *prngAlgo,
174  void *prngContext);
175 
177 
178 error_t ocspClientSetHost(OcspClientContext *context, const char_t *host);
179 error_t ocspClientSetUri(OcspClientContext *context, const char_t *uri);
180 
182  NetInterface *interface);
183 
185  const IpAddr *serverIpAddr, uint16_t serverPort);
186 
188  const char_t *cert, size_t certLen, const char_t *issuerCert,
189  size_t issuerCertLen);
190 
192 
194  const char_t *cert, size_t certLen, const char_t *issuerCert,
195  size_t issuerCertLen);
196 
200 
203 
204 void ocspClientDeinit(OcspClientContext *context);
205 
206 //C++ guard
207 #ifdef __cplusplus
208 }
209 #endif
210 
211 #endif
error_t ocspClientSetTimeout(OcspClientContext *context, systime_t timeout)
Set communication timeout.
Definition: ocsp_client.c:152
NetInterface * interface
Underlying network interface.
Definition: ocsp_client.h:141
#define OCSP_CLIENT_NONCE_SIZE
Definition: ocsp_client.h:83
OCSP common definitions.
#define OCSP_CLIENT_MAX_URI_LEN
Definition: ocsp_client.h:76
OcspResponseStatus
OCSP response status.
Definition: ocsp_common.h:115
IP network address.
Definition: ip.h:90
#define PrngAlgo
Definition: crypto.h:938
size_t bufferLen
Length of the buffer, in bytes.
Definition: ocsp_client.h:155
@ OCSP_CLIENT_STATE_CLOSE_BODY
Definition: ocsp_client.h:113
error_t ocspClientSetHost(OcspClientContext *context, const char_t *host)
Set the domain name of the OCSP server.
Definition: ocsp_client.c:173
OcspCertStatus ocspClientGetCertificateStatus(OcspClientContext *context)
Get the revocation status of the certificate.
Definition: ocsp_client.c:807
error_t ocspClientDisconnect(OcspClientContext *context)
Gracefully disconnect from the OCSP server.
Definition: ocsp_client.c:843
error_t ocspClientSendRequest(OcspClientContext *context)
Perform OCSP request/response transaction.
Definition: ocsp_client.c:398
@ OCSP_CLIENT_STATE_RECEIVE_BODY
Definition: ocsp_client.h:112
error_t ocspClientBindToInterface(OcspClientContext *context, NetInterface *interface)
Bind the OCSP client to a particular network interface.
Definition: ocsp_client.c:222
@ OCSP_CLIENT_STATE_SEND_BODY
Definition: ocsp_client.h:109
@ OCSP_CLIENT_STATE_CONNECTING
Definition: ocsp_client.h:105
void ocspClientDeinit(OcspClientContext *context)
Release OCSP client context.
Definition: ocsp_client.c:930
OcspClientState state
OCSP client state.
Definition: ocsp_client.h:140
const PrngAlgo * prngAlgo
Pseudo-random number generator to be used.
Definition: ocsp_client.h:143
OCSP client context.
Definition: ocsp_client.h:139
error_t ocspClientSetUri(OcspClientContext *context, const char_t *uri)
Set request URI.
Definition: ocsp_client.c:198
error_t(* OcspClientTlsInitCallback)(HttpClientContext *context, TlsContext *tlsContext)
TLS initialization callback function.
Definition: ocsp_client.h:128
@ OCSP_CLIENT_STATE_DISCONNECTED
Definition: ocsp_client.h:104
error_t ocspClientSetPrng(OcspClientContext *context, const PrngAlgo *prngAlgo, void *prngContext)
Set the pseudo-random number generator to be used.
Definition: ocsp_client.c:128
size_t nonceLen
Length of the nonce, in bytes.
Definition: ocsp_client.h:153
#define HttpClientContext
Definition: http_client.h:198
#define TlsContext
Definition: tls.h:36
error_t
Error codes.
Definition: error.h:43
@ OCSP_CLIENT_STATE_PARSE_HEADER
Definition: ocsp_client.h:111
OcspCertStatus
Certificate status.
Definition: ocsp_common.h:130
error_t ocspClientClose(OcspClientContext *context)
Close the connection with the OCSP server.
Definition: ocsp_client.c:909
#define NetInterface
Definition: net.h:36
#define OCSP_CLIENT_MAX_HOST_LEN
Definition: ocsp_client.h:69
@ OCSP_CLIENT_STATE_SEND_HEADER
Definition: ocsp_client.h:108
#define OCSP_CLIENT_BUFFER_SIZE
Definition: ocsp_client.h:62
OcspResponseStatus ocspClientGetResponseStatus(OcspClientContext *context)
Get the processing status of the prior request.
Definition: ocsp_client.c:777
HTTP client (HyperText Transfer Protocol)
OcspClientTlsInitCallback tlsInitCallback
TLS initialization callback function.
Definition: ocsp_client.h:147
uint32_t systime_t
System time.
error_t ocspClientRegisterTlsInitCallback(OcspClientContext *context, OcspClientTlsInitCallback callback)
Register TLS initialization callback function.
Definition: ocsp_client.c:103
char char_t
Definition: compiler_port.h:48
@ OCSP_CLIENT_STATE_VALIDATE_RESP
Definition: ocsp_client.h:115
@ OCSP_CLIENT_STATE_RESP_VALIDATED
Definition: ocsp_client.h:116
error_t ocspClientConnect(OcspClientContext *context, const IpAddr *serverIpAddr, uint16_t serverPort)
Specify the address of the OCSP server.
Definition: ocsp_client.c:245
@ OCSP_CLIENT_STATE_DISCONNECTING
Definition: ocsp_client.h:117
systime_t timeout
Timeout value.
Definition: ocsp_client.h:142
error_t ocspClientInit(OcspClientContext *context)
OCSP client initialization.
Definition: ocsp_client.c:61
error_t ocspClientValidateResponse(OcspClientContext *context, const char_t *cert, size_t certLen, const char_t *issuerCert, size_t issuerCertLen)
Validate OCSP response.
Definition: ocsp_client.c:575
@ OCSP_CLIENT_STATE_CONNECTED
Definition: ocsp_client.h:106
void * prngContext
Pseudo-random number generator context.
Definition: ocsp_client.h:144
OcspClientState
OCSP client states.
Definition: ocsp_client.h:103
OcspResponse ocspResponse
OCSP response.
Definition: ocsp_client.h:158
size_t bufferPos
Current position in the buffer.
Definition: ocsp_client.h:156
error_t ocspClientCreateRequest(OcspClientContext *context, const char_t *cert, size_t certLen, const char_t *issuerCert, size_t issuerCertLen)
Create OCSP request.
Definition: ocsp_client.c:351
unsigned int uint_t
Definition: compiler_port.h:50
#define OCSP_CLIENT_PRIVATE_CONTEXT
Definition: ocsp_client.h:90
TCP/IP stack core.
uint_t httpStatusCode
HTTP status code.
Definition: ocsp_client.h:157
@ OCSP_CLIENT_STATE_FORMAT_HEADER
Definition: ocsp_client.h:107
OCSPResponse structure.
Definition: ocsp_common.h:288
@ OCSP_CLIENT_STATE_RECEIVE_HEADER
Definition: ocsp_client.h:110
HttpClientContext httpClientContext
HTTP client context.
Definition: ocsp_client.h:145
const OcspResponse * ocspClientGetResponse(OcspClientContext *context)
Get OCSP response.
Definition: ocsp_client.c:747
uint16_t serverPort
TCP port number.
Definition: ocsp_client.h:150
uint8_t nonce[]
Definition: ntp_common.h:233
@ OCSP_CLIENT_STATE_PARSE_RESP
Definition: ocsp_client.h:114