OCSP response validation. More...
#include "ocsp/ocsp_resp_validate.h"
#include "pkix/x509_cert_parse.h"
#include "pkix/x509_cert_validate.h"
#include "pkix/x509_sign_verify.h"
#include "encoding/asn1.h"
#include "encoding/oid.h"
#include "debug.h"
Go to the source code of this file.
Macros | |
#define | TRACE_LEVEL OCSP_TRACE_LEVEL |
Functions | |
error_t | ocspValidateResponse (const OcspResponse *response, const X509CertInfo *certInfo, const X509CertInfo *issuerCertInfo, const uint8_t *nonce, size_t nonceLen) |
OCSP response validation. More... | |
error_t | ocspCheckResponseSignature (const OcspBasicResponse *basicResponse, const X509CertInfo *issuerCertInfo) |
Verify response signature. More... | |
error_t | ocspCheckResponderCert (const OcspResponderId *responderId, const X509CertInfo *responderCertInfo, const X509CertInfo *issuerCertInfo) |
Check responder's certificate. More... | |
error_t | ocspCheckResponderId (const OcspResponderId *responderId, const X509CertInfo *issuerCertInfo) |
Check responder identifier. More... | |
error_t | ocspCheckCertId (const OcspCertId *certId, const X509CertInfo *certInfo, const X509CertInfo *issuerCertInfo) |
Check certificate identifier. More... | |
error_t | ocspCheckValidity (const OcspSingleResponse *singleResponse) |
Check the validity interval of the OCSP response. More... | |
error_t | ocspCheckNonce (const OcspExtensions *extensions, const uint8_t *nonce, size_t nonceLen) |
Check nonce. More... | |
Detailed Description
OCSP response validation.
License
SPDX-License-Identifier: GPL-2.0-or-later
Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
This file is part of CycloneCRYPTO Open.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
- Version
- 2.4.4
Definition in file ocsp_resp_validate.c.
Macro Definition Documentation
◆ TRACE_LEVEL
#define TRACE_LEVEL OCSP_TRACE_LEVEL |
Definition at line 32 of file ocsp_resp_validate.c.
Function Documentation
◆ ocspCheckCertId()
error_t ocspCheckCertId | ( | const OcspCertId * | certId, |
const X509CertInfo * | certInfo, | ||
const X509CertInfo * | issuerCertInfo | ||
) |
Check certificate identifier.
- Parameters
-
[in] certId Pointer to the certificate identifier [in] certInfo End entity certificate [in] issuerCertInfo Issuer's certificate
- Returns
- Error code
Definition at line 357 of file ocsp_resp_validate.c.
◆ ocspCheckNonce()
error_t ocspCheckNonce | ( | const OcspExtensions * | extensions, |
const uint8_t * | nonce, | ||
size_t | nonceLen | ||
) |
Check nonce.
- Parameters
-
[in] extensions Pointer to the OCSP extensions [in] nonce Pointer to the random nonce (optional parameter) [in] nonceLen Length of the nonce, in bytes (optional parameter)
- Returns
- Error code
Definition at line 483 of file ocsp_resp_validate.c.
◆ ocspCheckResponderCert()
error_t ocspCheckResponderCert | ( | const OcspResponderId * | responderId, |
const X509CertInfo * | responderCertInfo, | ||
const X509CertInfo * | issuerCertInfo | ||
) |
Check responder's certificate.
- Parameters
-
[in] responderId Pointer to the responder identifier [in] responderCertInfo Responder's certificate [in] issuerCertInfo Issuer's certificate
- Returns
- Error code
Definition at line 248 of file ocsp_resp_validate.c.
◆ ocspCheckResponderId()
error_t ocspCheckResponderId | ( | const OcspResponderId * | responderId, |
const X509CertInfo * | issuerCertInfo | ||
) |
Check responder identifier.
- Parameters
-
[in] responderId Pointer to the responder identifier [in] issuerCertInfo Issuer's certificate
- Returns
- Error code
Definition at line 291 of file ocsp_resp_validate.c.
◆ ocspCheckResponseSignature()
error_t ocspCheckResponseSignature | ( | const OcspBasicResponse * | basicResponse, |
const X509CertInfo * | issuerCertInfo | ||
) |
Verify response signature.
- Parameters
-
[in] basicResponse Pointer to the basic response [in] issuerCertInfo Issuer's certificate
- Returns
- Error code
Definition at line 130 of file ocsp_resp_validate.c.
◆ ocspCheckValidity()
error_t ocspCheckValidity | ( | const OcspSingleResponse * | singleResponse | ) |
Check the validity interval of the OCSP response.
- Parameters
-
[in] singleResponse Pointer to the OCSP response
- Returns
- Error code
Definition at line 427 of file ocsp_resp_validate.c.
◆ ocspValidateResponse()
error_t ocspValidateResponse | ( | const OcspResponse * | response, |
const X509CertInfo * | certInfo, | ||
const X509CertInfo * | issuerCertInfo, | ||
const uint8_t * | nonce, | ||
size_t | nonceLen | ||
) |
OCSP response validation.
- Parameters
-
[in] response Pointer to the OCSP response to be verified [in] certInfo End entity certificate [in] issuerCertInfo Issuer's certificate [in] nonce Pointer to the random nonce (optional parameter) [in] nonceLen Length of the nonce, in bytes (optional parameter)
- Returns
- Error code
Definition at line 57 of file ocsp_resp_validate.c.