1/* 2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10#include "crypto/x509.h" /* for ossl_x509_add_cert_new() */ 11 12/*- CertID ::= SEQUENCE { 13 * hashAlgorithm AlgorithmIdentifier, 14 * issuerNameHash OCTET STRING, -- Hash of Issuer's DN 15 * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) 16 * serialNumber CertificateSerialNumber } 17 */ 18struct ocsp_cert_id_st { 19 X509_ALGOR hashAlgorithm; 20 ASN1_OCTET_STRING issuerNameHash; 21 ASN1_OCTET_STRING issuerKeyHash; 22 ASN1_INTEGER serialNumber; 23}; 24 25/*- Request ::= SEQUENCE { 26 * reqCert CertID, 27 * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } 28 */ 29struct ocsp_one_request_st { 30 OCSP_CERTID *reqCert; 31 STACK_OF(X509_EXTENSION) *singleRequestExtensions; 32}; 33 34/*- TBSRequest ::= SEQUENCE { 35 * version [0] EXPLICIT Version DEFAULT v1, 36 * requestorName [1] EXPLICIT GeneralName OPTIONAL, 37 * requestList SEQUENCE OF Request, 38 * requestExtensions [2] EXPLICIT Extensions OPTIONAL } 39 */ 40struct ocsp_req_info_st { 41 ASN1_INTEGER *version; 42 GENERAL_NAME *requestorName; 43 STACK_OF(OCSP_ONEREQ) *requestList; 44 STACK_OF(X509_EXTENSION) *requestExtensions; 45}; 46 47/*- Signature ::= SEQUENCE { 48 * signatureAlgorithm AlgorithmIdentifier, 49 * signature BIT STRING, 50 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 51 */ 52struct ocsp_signature_st { 53 X509_ALGOR signatureAlgorithm; 54 ASN1_BIT_STRING *signature; 55 STACK_OF(X509) *certs; 56}; 57 58/*- OCSPRequest ::= SEQUENCE { 59 * tbsRequest TBSRequest, 60 * optionalSignature [0] EXPLICIT Signature OPTIONAL } 61 */ 62struct ocsp_request_st { 63 OCSP_REQINFO tbsRequest; 64 OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ 65}; 66 67/*- OCSPResponseStatus ::= ENUMERATED { 68 * successful (0), --Response has valid confirmations 69 * malformedRequest (1), --Illegal confirmation request 70 * internalError (2), --Internal error in issuer 71 * tryLater (3), --Try again later 72 * --(4) is not used 73 * sigRequired (5), --Must sign the request 74 * unauthorized (6) --Request unauthorized 75 * } 76 */ 77 78/*- ResponseBytes ::= SEQUENCE { 79 * responseType OBJECT IDENTIFIER, 80 * response OCTET STRING } 81 */ 82struct ocsp_resp_bytes_st { 83 ASN1_OBJECT *responseType; 84 ASN1_OCTET_STRING *response; 85}; 86 87/*- OCSPResponse ::= SEQUENCE { 88 * responseStatus OCSPResponseStatus, 89 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } 90 */ 91struct ocsp_response_st { 92 ASN1_ENUMERATED *responseStatus; 93 OCSP_RESPBYTES *responseBytes; 94}; 95 96/*- ResponderID ::= CHOICE { 97 * byName [1] Name, 98 * byKey [2] KeyHash } 99 */ 100struct ocsp_responder_id_st { 101 int type; 102 union { 103 X509_NAME *byName; 104 ASN1_OCTET_STRING *byKey; 105 } value; 106}; 107 108/*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key 109 * --(excluding the tag and length fields) 110 */ 111 112/*- RevokedInfo ::= SEQUENCE { 113 * revocationTime GeneralizedTime, 114 * revocationReason [0] EXPLICIT CRLReason OPTIONAL } 115 */ 116struct ocsp_revoked_info_st { 117 ASN1_GENERALIZEDTIME *revocationTime; 118 ASN1_ENUMERATED *revocationReason; 119}; 120 121/*- CertStatus ::= CHOICE { 122 * good [0] IMPLICIT NULL, 123 * revoked [1] IMPLICIT RevokedInfo, 124 * unknown [2] IMPLICIT UnknownInfo } 125 */ 126struct ocsp_cert_status_st { 127 int type; 128 union { 129 ASN1_NULL *good; 130 OCSP_REVOKEDINFO *revoked; 131 ASN1_NULL *unknown; 132 } value; 133}; 134 135/*- SingleResponse ::= SEQUENCE { 136 * certID CertID, 137 * certStatus CertStatus, 138 * thisUpdate GeneralizedTime, 139 * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, 140 * singleExtensions [1] EXPLICIT Extensions OPTIONAL } 141 */ 142struct ocsp_single_response_st { 143 OCSP_CERTID *certId; 144 OCSP_CERTSTATUS *certStatus; 145 ASN1_GENERALIZEDTIME *thisUpdate; 146 ASN1_GENERALIZEDTIME *nextUpdate; 147 STACK_OF(X509_EXTENSION) *singleExtensions; 148}; 149 150/*- ResponseData ::= SEQUENCE { 151 * version [0] EXPLICIT Version DEFAULT v1, 152 * responderID ResponderID, 153 * producedAt GeneralizedTime, 154 * responses SEQUENCE OF SingleResponse, 155 * responseExtensions [1] EXPLICIT Extensions OPTIONAL } 156 */ 157struct ocsp_response_data_st { 158 ASN1_INTEGER *version; 159 OCSP_RESPID responderId; 160 ASN1_GENERALIZEDTIME *producedAt; 161 STACK_OF(OCSP_SINGLERESP) *responses; 162 STACK_OF(X509_EXTENSION) *responseExtensions; 163}; 164 165/*- BasicOCSPResponse ::= SEQUENCE { 166 * tbsResponseData ResponseData, 167 * signatureAlgorithm AlgorithmIdentifier, 168 * signature BIT STRING, 169 * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } 170 */ 171 /* 172 * Note 1: The value for "signature" is specified in the OCSP rfc2560 as 173 * follows: "The value for the signature SHALL be computed on the hash of 174 * the DER encoding ResponseData." This means that you must hash the 175 * DER-encoded tbsResponseData, and then run it through a crypto-signing 176 * function, which will (at least w/RSA) do a hash-'n'-private-encrypt 177 * operation. This seems a bit odd, but that's the spec. Also note that 178 * the data structures do not leave anywhere to independently specify the 179 * algorithm used for the initial hash. So, we look at the 180 * signature-specification algorithm, and try to do something intelligent. 181 * -- Kathy Weinhold, CertCo 182 */ 183 /* 184 * Note 2: It seems that the mentioned passage from RFC 2560 (section 185 * 4.2.1) is open for interpretation. I've done tests against another 186 * responder, and found that it doesn't do the double hashing that the RFC 187 * seems to say one should. Therefore, all relevant functions take a flag 188 * saying which variant should be used. -- Richard Levitte, OpenSSL team 189 * and CeloCom 190 */ 191struct ocsp_basic_response_st { 192 OCSP_RESPDATA tbsResponseData; 193 X509_ALGOR signatureAlgorithm; 194 ASN1_BIT_STRING *signature; 195 STACK_OF(X509) *certs; 196}; 197 198/*- 199 * CrlID ::= SEQUENCE { 200 * crlUrl [0] EXPLICIT IA5String OPTIONAL, 201 * crlNum [1] EXPLICIT INTEGER OPTIONAL, 202 * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } 203 */ 204struct ocsp_crl_id_st { 205 ASN1_IA5STRING *crlUrl; 206 ASN1_INTEGER *crlNum; 207 ASN1_GENERALIZEDTIME *crlTime; 208}; 209 210/*- 211 * ServiceLocator ::= SEQUENCE { 212 * issuer Name, 213 * locator AuthorityInfoAccessSyntax OPTIONAL } 214 */ 215struct ocsp_service_locator_st { 216 X509_NAME *issuer; 217 STACK_OF(ACCESS_DESCRIPTION) *locator; 218}; 219 220# define OCSP_REQUEST_sign(o, pkey, md, libctx, propq)\ 221 ASN1_item_sign_ex(ASN1_ITEM_rptr(OCSP_REQINFO),\ 222 &(o)->optionalSignature->signatureAlgorithm, NULL,\ 223 (o)->optionalSignature->signature, &(o)->tbsRequest,\ 224 NULL, pkey, md, libctx, propq) 225 226# define OCSP_BASICRESP_sign(o, pkey, md, d, libctx, propq)\ 227 ASN1_item_sign_ex(ASN1_ITEM_rptr(OCSP_RESPDATA),\ 228 &(o)->signatureAlgorithm, NULL,\ 229 (o)->signature, &(o)->tbsResponseData,\ 230 NULL, pkey, md, libctx, propq) 231 232# define OCSP_BASICRESP_sign_ctx(o, ctx, d)\ 233 ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA),\ 234 &(o)->signatureAlgorithm, NULL,\ 235 (o)->signature, &(o)->tbsResponseData, ctx) 236 237# define OCSP_REQUEST_verify(a, r, libctx, propq)\ 238 ASN1_item_verify_ex(ASN1_ITEM_rptr(OCSP_REQINFO),\ 239 &(a)->optionalSignature->signatureAlgorithm,\ 240 (a)->optionalSignature->signature, &(a)->tbsRequest,\ 241 NULL, r, libctx, propq) 242 243# define OCSP_BASICRESP_verify(a, r, libctx, propq)\ 244 ASN1_item_verify_ex(ASN1_ITEM_rptr(OCSP_RESPDATA),\ 245 &(a)->signatureAlgorithm, (a)->signature,\ 246 &(a)->tbsResponseData, NULL, r, libctx, propq) 247