ocsp_common.h
Go to the documentation of this file.
1 /**
2  * @file ocsp_common.h
3  * @brief OCSP common definitions
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.4
29  **/
30 
31 #ifndef _OCSP_COMMON_H
32 #define _OCSP_COMMON_H
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkix/x509_common.h"
37 
38 //OCSP support
39 #ifndef OCSP_SUPPORT
40  #define OCSP_SUPPORT DISABLED
41 #elif (OCSP_SUPPORT != ENABLED && OCSP_SUPPORT != DISABLED)
42  #error OCSP_SUPPORT parameter is not valid
43 #endif
44 
45 //OCSP signature authority delegation support
46 #ifndef OCSP_SIGN_DELEGATION_SUPPORT
47  #define OCSP_SIGN_DELEGATION_SUPPORT ENABLED
48 #elif (OCSP_SIGN_DELEGATION_SUPPORT != ENABLED && OCSP_SIGN_DELEGATION_SUPPORT != DISABLED)
49  #error OCSP_SIGN_DELEGATION_SUPPORT parameter is not valid
50 #endif
51 
52 //Maximum number of requests per OCSP request
53 #ifndef OCSP_MAX_REQUESTS
54  #define OCSP_MAX_REQUESTS 2
55 #elif (OCSP_MAX_REQUESTS < 1)
56  #error OCSP_MAX_REQUESTS parameter is not valid
57 #endif
58 
59 //Maximum number of responses per OCSP response
60 #ifndef OCSP_MAX_RESPONSES
61  #define OCSP_MAX_RESPONSES 2
62 #elif (OCSP_MAX_RESPONSES < 1)
63  #error OCSP_MAX_RESPONSES parameter is not valid
64 #endif
65 
66 //SHA-1 hash support
67 #ifndef OCSP_SHA1_SUPPORT
68  #define OCSP_SHA1_SUPPORT ENABLED
69 #elif (OCSP_SHA1_SUPPORT != ENABLED && OCSP_SHA1_SUPPORT != DISABLED)
70  #error OCSP_SHA1_SUPPORT parameter is not valid
71 #endif
72 
73 //SHA-256 hash support
74 #ifndef OCSP_SHA256_SUPPORT
75  #define OCSP_SHA256_SUPPORT ENABLED
76 #elif (OCSP_SHA256_SUPPORT != ENABLED && OCSP_SHA256_SUPPORT != DISABLED)
77  #error OCSP_SHA256_SUPPORT parameter is not valid
78 #endif
79 
80 //SHA-384 hash support
81 #ifndef OCSP_SHA384_SUPPORT
82  #define OCSP_SHA384_SUPPORT DISABLED
83 #elif (OCSP_SHA384_SUPPORT != ENABLED && OCSP_SHA384_SUPPORT != DISABLED)
84  #error OCSP_SHA384_SUPPORT parameter is not valid
85 #endif
86 
87 //SHA-512 hash support
88 #ifndef OCSP_SHA512_SUPPORT
89  #define OCSP_SHA512_SUPPORT DISABLED
90 #elif (OCSP_SHA512_SUPPORT != ENABLED && OCSP_SHA512_SUPPORT != DISABLED)
91  #error OCSP_SHA512_SUPPORT parameter is not valid
92 #endif
93 
94 //C++ guard
95 #ifdef __cplusplus
96 extern "C" {
97 #endif
98 
99 
100 /**
101  * @brief OCSP versions
102  **/
103 
104 typedef enum
105 {
106  OCSP_VERSION_1 = 0
108 
109 
110 /**
111  * @brief OCSP response status
112  **/
113 
114 typedef enum
115 {
116  OCSP_RESP_STATUS_SUCCESSFUL = 0, ///<Response has valid confirmations
117  OCSP_RESP_STATUS_MALFORMED_REQUEST = 1, ///<Illegal confirmation request
118  OCSP_RESP_STATUS_INTERNAL_ERROR = 2, ///<Internal error in issuer
119  OCSP_RESP_STATUS_TRY_LATER = 3, ///<Try again later
120  OCSP_RESP_STATUS_SIG_REQUIRED = 5, ///<Must sign the request
121  OCSP_RESP_STATUS_UNAUTHORIZED = 6 ///<Request unauthorized
123 
124 
125 /**
126  * @brief Certificate status
127  **/
128 
129 typedef enum
130 {
135 
136 
137 /**
138  * @brief CertID structure
139  **/
140 
141 typedef struct
142 {
147 } OcspCertId;
148 
149 
150 /**
151  * @brief Single request/response extensions
152  **/
153 
154 typedef struct
155 {
158 
159 
160 /**
161  * @brief SingleRequest structure
162  **/
163 
164 typedef struct
165 {
169 
170 
171 /**
172  * @brief OCSP extensions
173  **/
174 
175 typedef struct
176 {
180 
181 
182 /**
183  * @brief TBSRequest structure
184  **/
185 
186 typedef struct
187 {
193 
194 
195 /**
196  * @brief OCSPRequest structure
197  **/
198 
199 typedef struct
200 {
204 } OcspRequest;
205 
206 
207 /**
208  * @brief RevokedInfo structure
209  **/
210 
211 typedef struct
212 {
216 
217 
218 /**
219  * @brief SingleResponse structure
220  **/
221 
222 typedef struct
223 {
231 
232 
233 /**
234  * @brief ResponderID structure
235  **/
236 
237 typedef struct
238 {
242 
243 
244 /**
245  * @brief TbsResponseData structure
246  **/
247 
248 typedef struct
249 {
258 
259 
260 /**
261  * @brief OcspCerts structure
262  **/
263 
264 typedef struct
265 {
267 } OcspCerts;
268 
269 
270 /**
271  * @brief BasicOCSPResponse structure
272  **/
273 
274 typedef struct
275 {
281 
282 
283 /**
284  * @brief OCSPResponse structure
285  **/
286 
287 typedef struct
288 {
293 } OcspResponse;
294 
295 
296 //OCSP related constants
297 extern const uint8_t PKIX_OCSP_BASIC_OID[9];
298 extern const uint8_t PKIX_OCSP_NONCE_OID[9];
299 
300 //OCSP related functions
301 const HashAlgo *ocspSelectHashAlgo(void);
302 const HashAlgo *ocspGetHashAlgo(const uint8_t *oid, size_t length);
303 
304 //C++ guard
305 #ifdef __cplusplus
306 }
307 #endif
308 
309 #endif
@ OCSP_RESP_STATUS_UNAUTHORIZED
Request unauthorized.
Definition: ocsp_common.h:121
@ OCSP_RESP_STATUS_INTERNAL_ERROR
Internal error in issuer.
Definition: ocsp_common.h:118
X.509 common definitions.
X509OctetString raw
Definition: ocsp_common.h:156
OcspResponseStatus
OCSP response status.
Definition: ocsp_common.h:115
TbsResponseData structure.
Definition: ocsp_common.h:249
@ OCSP_RESP_STATUS_SIG_REQUIRED
Must sign the request.
Definition: ocsp_common.h:120
@ OCSP_CERT_STATUS_UNKNOWN
Definition: ocsp_common.h:133
OcspCertId reqCert
Definition: ocsp_common.h:166
OcspCerts structure.
Definition: ocsp_common.h:265
X509OctetString raw
Definition: ocsp_common.h:250
OcspResponderId responderId
Definition: ocsp_common.h:252
#define OCSP_MAX_RESPONSES
Definition: ocsp_common.h:61
X509OctetString issuerNameHash
Definition: ocsp_common.h:144
OcspTbsRequest tbsRequest
Definition: ocsp_common.h:201
X509OctetString signatureValue
Definition: ocsp_common.h:203
X509OctetString serialNumber
Definition: ocsp_common.h:146
OcspSingleExtensions singleExtensions
Definition: ocsp_common.h:229
@ OCSP_RESP_STATUS_TRY_LATER
Try again later.
Definition: ocsp_common.h:119
uint8_t oid[]
Definition: lldp_tlv.h:300
BasicOCSPResponse structure.
Definition: ocsp_common.h:275
OcspVersion version
Definition: ocsp_common.h:251
OcspTbsResponseData tbsResponseData
Definition: ocsp_common.h:276
OCSPRequest structure.
Definition: ocsp_common.h:200
X509OctetString raw
Definition: ocsp_common.h:289
X509CrlReasons
CRL reasons.
Definition: x509_common.h:566
X509OctetString raw
Definition: ocsp_common.h:266
X509OctetString issuerKeyHash
Definition: ocsp_common.h:145
OcspExtensions requestExtensions
Definition: ocsp_common.h:191
X509OctetString keyHash
Definition: ocsp_common.h:240
RevokedInfo structure.
Definition: ocsp_common.h:212
X509CrlReasons revocationReason
Definition: ocsp_common.h:214
OcspCertStatus
Certificate status.
Definition: ocsp_common.h:130
OcspBasicResponse basicResponse
Definition: ocsp_common.h:292
X509SignAlgoId signatureAlgo
Definition: ocsp_common.h:277
General definitions for cryptographic algorithms.
X509SignAlgoId signatureAlgo
Definition: ocsp_common.h:202
@ OCSP_RESP_STATUS_MALFORMED_REQUEST
Illegal confirmation request.
Definition: ocsp_common.h:117
X509OctetString hashAlgo
Definition: ocsp_common.h:143
Date and time representation.
Definition: date_time.h:47
@ OCSP_CERT_STATUS_GOOD
Definition: ocsp_common.h:131
uint8_t length
Definition: tcp.h:368
@ OCSP_CERT_STATUS_REVOKED
Definition: ocsp_common.h:132
X509OctetString responseType
Definition: ocsp_common.h:291
@ OCSP_VERSION_1
Definition: ocsp_common.h:106
OCSP extensions.
Definition: ocsp_common.h:176
TBSRequest structure.
Definition: ocsp_common.h:187
OcspSingleExtensions singleExtensions
Definition: ocsp_common.h:167
DateTime revocationTime
Definition: ocsp_common.h:213
X509OctetString raw
Definition: ocsp_common.h:177
OcspCertStatus certStatus
Definition: ocsp_common.h:225
Issuer or subject name.
Definition: x509_common.h:675
const HashAlgo * ocspSelectHashAlgo(void)
Hash algorithm selection.
Definition: ocsp_common.c:52
ResponderID structure.
Definition: ocsp_common.h:238
CertID structure.
Definition: ocsp_common.h:142
#define OCSP_MAX_REQUESTS
Definition: ocsp_common.h:54
X509OctetString signature
Definition: ocsp_common.h:278
OcspExtensions responseExtensions
Definition: ocsp_common.h:256
SingleResponse structure.
Definition: ocsp_common.h:223
Common interface for hash algorithms.
Definition: crypto.h:1046
OcspVersion version
Definition: ocsp_common.h:188
Single request/response extensions.
Definition: ocsp_common.h:155
const uint8_t PKIX_OCSP_BASIC_OID[9]
Definition: ocsp_common.c:42
Octet string.
Definition: x509_common.h:653
unsigned int uint_t
Definition: compiler_port.h:50
const HashAlgo * ocspGetHashAlgo(const uint8_t *oid, size_t length)
Get the hash algorithm that matches the specified identifier.
Definition: ocsp_common.c:85
@ OCSP_RESP_STATUS_SUCCESSFUL
Response has valid confirmations.
Definition: ocsp_common.h:116
SingleRequest structure.
Definition: ocsp_common.h:165
const uint8_t PKIX_OCSP_NONCE_OID[9]
Definition: ocsp_common.c:44
OcspResponseStatus responseStatus
Definition: ocsp_common.h:290
OCSPResponse structure.
Definition: ocsp_common.h:288
OcspCertId certId
Definition: ocsp_common.h:224
X509OctetString nonce
Definition: ocsp_common.h:178
Signature algorithm identifier.
Definition: x509_common.h:1040
OcspVersion
OCSP versions.
Definition: ocsp_common.h:105
OcspRevokedInfo revokedInfo
Definition: ocsp_common.h:226
uint_t numRequests
Definition: ocsp_common.h:189