OpenSSL
1.0.1c
Main Page
Classes
Files
File List
File Members
All
Classes
Files
Functions
Variables
Typedefs
Enumerations
Enumerator
Macros
demos
asn1
ocsp.c
Go to the documentation of this file.
1
/* ocsp.c */
2
/* Written by Dr Stephen N Henson (
[email protected]
) for the OpenSSL
3
* project 2000.
4
*/
5
/* ====================================================================
6
* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7
*
8
* Redistribution and use in source and binary forms, with or without
9
* modification, are permitted provided that the following conditions
10
* are met:
11
*
12
* 1. Redistributions of source code must retain the above copyright
13
* notice, this list of conditions and the following disclaimer.
14
*
15
* 2. Redistributions in binary form must reproduce the above copyright
16
* notice, this list of conditions and the following disclaimer in
17
* the documentation and/or other materials provided with the
18
* distribution.
19
*
20
* 3. All advertising materials mentioning features or use of this
21
* software must display the following acknowledgment:
22
* "This product includes software developed by the OpenSSL Project
23
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24
*
25
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26
* endorse or promote products derived from this software without
27
* prior written permission. For written permission, please contact
28
*
[email protected]
.
29
*
30
* 5. Products derived from this software may not be called "OpenSSL"
31
* nor may "OpenSSL" appear in their names without prior written
32
* permission of the OpenSSL Project.
33
*
34
* 6. Redistributions of any form whatsoever must retain the following
35
* acknowledgment:
36
* "This product includes software developed by the OpenSSL Project
37
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38
*
39
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50
* OF THE POSSIBILITY OF SUCH DAMAGE.
51
* ====================================================================
52
*
53
* This product includes cryptographic software written by Eric Young
54
* (
[email protected]
). This product includes software written by Tim
55
* Hudson (
[email protected]
).
56
*
57
*/
58
#include <
openssl/asn1.h
>
59
#include <
openssl/asn1t.h
>
60
#include <
openssl/x509v3.h
>
61
62
63
64
65
/* Example of new ASN1 code, OCSP request
66
67
OCSPRequest ::= SEQUENCE {
68
tbsRequest TBSRequest,
69
optionalSignature [0] EXPLICIT Signature OPTIONAL }
70
71
TBSRequest ::= SEQUENCE {
72
version [0] EXPLICIT Version DEFAULT v1,
73
requestorName [1] EXPLICIT GeneralName OPTIONAL,
74
requestList SEQUENCE OF Request,
75
requestExtensions [2] EXPLICIT Extensions OPTIONAL }
76
77
Signature ::= SEQUENCE {
78
signatureAlgorithm AlgorithmIdentifier,
79
signature BIT STRING,
80
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
81
82
Version ::= INTEGER { v1(0) }
83
84
Request ::= SEQUENCE {
85
reqCert CertID,
86
singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
87
88
CertID ::= SEQUENCE {
89
hashAlgorithm AlgorithmIdentifier,
90
issuerNameHash OCTET STRING, -- Hash of Issuer's DN
91
issuerKeyHash OCTET STRING, -- Hash of Issuers public key
92
serialNumber CertificateSerialNumber }
93
94
OCSPResponse ::= SEQUENCE {
95
responseStatus OCSPResponseStatus,
96
responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
97
98
OCSPResponseStatus ::= ENUMERATED {
99
successful (0), --Response has valid confirmations
100
malformedRequest (1), --Illegal confirmation request
101
internalError (2), --Internal error in issuer
102
tryLater (3), --Try again later
103
--(4) is not used
104
sigRequired (5), --Must sign the request
105
unauthorized (6) --Request unauthorized
106
}
107
108
ResponseBytes ::= SEQUENCE {
109
responseType OBJECT IDENTIFIER,
110
response OCTET STRING }
111
112
BasicOCSPResponse ::= SEQUENCE {
113
tbsResponseData ResponseData,
114
signatureAlgorithm AlgorithmIdentifier,
115
signature BIT STRING,
116
certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
117
118
ResponseData ::= SEQUENCE {
119
version [0] EXPLICIT Version DEFAULT v1,
120
responderID ResponderID,
121
producedAt GeneralizedTime,
122
responses SEQUENCE OF SingleResponse,
123
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
124
125
ResponderID ::= CHOICE {
126
byName [1] Name, --EXPLICIT
127
byKey [2] KeyHash }
128
129
KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
130
--(excluding the tag and length fields)
131
132
SingleResponse ::= SEQUENCE {
133
certID CertID,
134
certStatus CertStatus,
135
thisUpdate GeneralizedTime,
136
nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
137
singleExtensions [1] EXPLICIT Extensions OPTIONAL }
138
139
CertStatus ::= CHOICE {
140
good [0] IMPLICIT NULL,
141
revoked [1] IMPLICIT RevokedInfo,
142
unknown [2] IMPLICIT UnknownInfo }
143
144
RevokedInfo ::= SEQUENCE {
145
revocationTime GeneralizedTime,
146
revocationReason [0] EXPLICIT CRLReason OPTIONAL }
147
148
UnknownInfo ::= NULL -- this can be replaced with an enumeration
149
150
ArchiveCutoff ::= GeneralizedTime
151
152
AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
153
154
ServiceLocator ::= SEQUENCE {
155
issuer Name,
156
locator AuthorityInfoAccessSyntax }
157
158
-- Object Identifiers
159
160
id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
161
id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
162
id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
163
id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
164
id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
165
id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
166
id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
167
id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
168
id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
169
170
*/
171
172
/* Request Structures */
173
174
DECLARE_STACK_OF
(
Request
)
175
176
typedef struct {
177
ASN1_INTEGER
*
version
;
178
GENERAL_NAME
*
requestorName
;
179
STACK_OF
(
Request
) *requestList;
180
STACK_OF
(
X509_EXTENSION
) *requestExtensions;
181
}
TBSRequest
;
182
183
typedef
struct
{
184
X509_ALGOR
*
signatureAlgorithm
;
185
ASN1_BIT_STRING
*
signature
;
186
STACK_OF
(
X509
) *certs;
187
}
Signature
;
188
189
typedef
struct
{
190
TBSRequest
*
tbsRequest
;
191
Signature
*
optionalSignature
;
192
}
OCSPRequest
;
193
194
typedef
struct
{
195
X509_ALGOR
*
hashAlgorithm
;
196
ASN1_OCTET_STRING
*
issuerNameHash
;
197
ASN1_OCTET_STRING
*
issuerKeyHash
;
198
ASN1_INTEGER
*
certificateSerialNumber
;
199
}
CertID
;
200
201
typedef
struct
{
202
CertID
*
reqCert
;
203
STACK_OF
(
X509_EXTENSION
) *singleRequestExtensions;
204
}
Request
;
205
206
/* Response structures */
207
208
typedef
struct
{
209
ASN1_OBJECT
*
responseType
;
210
ASN1_OCTET_STRING
*
response
;
211
}
ResponseBytes
;
212
213
typedef
struct
{
214
ASN1_ENUMERATED
*
responseStatus
;
215
ResponseBytes
*
responseBytes
;
216
}
OCSPResponse
;
217
218
typedef
struct
{
219
int
type
;
220
union
{
221
X509_NAME
*
byName
;
222
ASN1_OCTET_STRING
*
byKey
;
223
}d;
224
}
ResponderID
;
225
226
typedef
struct
{
227
ASN1_INTEGER
*
version
;
228
ResponderID
*
responderID
;
229
ASN1_GENERALIZEDTIME
*
producedAt
;
230
STACK_OF
(
SingleResponse
) *responses;
231
STACK_OF
(
X509_EXTENSION
) *responseExtensions;
232
}
ResponseData
;
233
234
typedef
struct
{
235
ResponseData
*
tbsResponseData
;
236
X509_ALGOR
*
signatureAlgorithm
;
237
ASN1_BIT_STRING
*
signature
;
238
STACK_OF
(
X509
) *certs;
239
}
BasicOCSPResponse
;
240
241
typedef
struct
{
242
ASN1_GENERALIZEDTIME
*
revocationTime
;
243
ASN1_ENUMERATED
*
revocationReason
;
244
}
RevokedInfo
;
245
246
typedef
struct
{
247
int
type
;
248
union
{
249
ASN1_NULL
*
good
;
250
RevokedInfo
*
revoked
;
251
ASN1_NULL
*
unknown
;
252
} d;
253
}
CertStatus
;
254
255
typedef
struct
{
256
CertID
*
certID
;
257
CertStatus
*
certStatus
;
258
ASN1_GENERALIZEDTIME
*
thisUpdate
;
259
ASN1_GENERALIZEDTIME
*
nextUpdate
;
260
STACK_OF
(
X509_EXTENSION
) *singleExtensions;
261
}
SingleResponse
;
262
263
264
typedef
struct
{
265
X509_NAME
*
issuer
;
266
STACK_OF
(
ACCESS_DESCRIPTION
) *locator;
267
}
ServiceLocator
;
268
269
270
/* Now the ASN1 templates */
271
272
IMPLEMENT_COMPAT_ASN1
(
X509
);
273
IMPLEMENT_COMPAT_ASN1
(
X509_ALGOR
);
274
//IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
275
IMPLEMENT_COMPAT_ASN1
(
GENERAL_NAME
);
276
IMPLEMENT_COMPAT_ASN1
(
X509_NAME
);
277
278
ASN1_SEQUENCE
(
X509_EXTENSION
) = {
279
ASN1_SIMPLE
(
X509_EXTENSION
,
object
,
ASN1_OBJECT
),
280
ASN1_OPT
(
X509_EXTENSION
, critical,
ASN1_BOOLEAN
),
281
ASN1_SIMPLE
(
X509_EXTENSION
, value,
ASN1_OCTET_STRING
)
282
}
ASN1_SEQUENCE_END
(
X509_EXTENSION
);
283
284
285
ASN1_SEQUENCE
(
Signature
) = {
286
ASN1_SIMPLE
(
Signature
, signatureAlgorithm,
X509_ALGOR
),
287
ASN1_SIMPLE
(
Signature
, signature,
ASN1_BIT_STRING
),
288
ASN1_SEQUENCE_OF
(
Signature
, certs,
X509
)
289
}
ASN1_SEQUENCE_END
(
Signature
);
290
291
ASN1_SEQUENCE
(
CertID
) = {
292
ASN1_SIMPLE
(
CertID
, hashAlgorithm,
X509_ALGOR
),
293
ASN1_SIMPLE
(
CertID
, issuerNameHash,
ASN1_OCTET_STRING
),
294
ASN1_SIMPLE
(
CertID
, issuerKeyHash,
ASN1_OCTET_STRING
),
295
ASN1_SIMPLE
(
CertID
, certificateSerialNumber,
ASN1_INTEGER
)
296
}
ASN1_SEQUENCE_END
(
CertID
);
297
298
ASN1_SEQUENCE
(
Request
) = {
299
ASN1_SIMPLE
(
Request
, reqCert,
CertID
),
300
ASN1_EXP_SEQUENCE_OF_OPT
(
Request
, singleRequestExtensions,
X509_EXTENSION
, 0)
301
}
ASN1_SEQUENCE_END
(
Request
);
302
303
ASN1_SEQUENCE
(
TBSRequest
) = {
304
ASN1_EXP_OPT
(
TBSRequest
, version,
ASN1_INTEGER
, 0),
305
ASN1_EXP_OPT
(
TBSRequest
, requestorName,
GENERAL_NAME
, 1),
306
ASN1_SEQUENCE_OF
(
TBSRequest
, requestList,
Request
),
307
ASN1_EXP_SEQUENCE_OF_OPT
(
TBSRequest
, requestExtensions,
X509_EXTENSION
, 2)
308
}
ASN1_SEQUENCE_END
(
TBSRequest
);
309
310
ASN1_SEQUENCE
(
OCSPRequest
) = {
311
ASN1_SIMPLE
(
OCSPRequest
, tbsRequest,
TBSRequest
),
312
ASN1_EXP_OPT
(
OCSPRequest
, optionalSignature,
Signature
, 0)
313
}
ASN1_SEQUENCE_END
(
OCSPRequest
);
314
315
316
/* Response templates */
317
318
ASN1_SEQUENCE
(
ResponseBytes
) = {
319
ASN1_SIMPLE
(
ResponseBytes
, responseType,
ASN1_OBJECT
),
320
ASN1_SIMPLE
(
ResponseBytes
, response,
ASN1_OCTET_STRING
)
321
}
ASN1_SEQUENCE_END
(
ResponseBytes
);
322
323
ASN1_SEQUENCE
(
OCSPResponse
) = {
324
ASN1_SIMPLE
(
OCSPResponse
, responseStatus,
ASN1_ENUMERATED
),
325
ASN1_EXP_OPT
(
OCSPResponse
, responseBytes,
ResponseBytes
, 0)
326
}
ASN1_SEQUENCE_END
(
OCSPResponse
);
327
328
ASN1_CHOICE
(
ResponderID
) = {
329
ASN1_EXP
(
ResponderID
, d.
byName
,
X509_NAME
, 1),
330
ASN1_IMP
(
ResponderID
, d.
byKey
,
ASN1_OCTET_STRING
, 2)
331
}
ASN1_CHOICE_END
(
ResponderID
);
332
333
ASN1_SEQUENCE
(
RevokedInfo
) = {
334
ASN1_SIMPLE
(
RevokedInfo
, revocationTime,
ASN1_GENERALIZEDTIME
),
335
ASN1_EXP_OPT
(
RevokedInfo
, revocationReason,
ASN1_ENUMERATED
, 0)
336
}
ASN1_SEQUENCE_END
(
RevokedInfo
);
337
338
ASN1_CHOICE
(
CertStatus
) = {
339
ASN1_IMP
(
CertStatus
, d.
good
,
ASN1_NULL
, 0),
340
ASN1_IMP
(
CertStatus
, d.
revoked
,
RevokedInfo
, 1),
341
ASN1_IMP
(
CertStatus
, d.
unknown
,
ASN1_NULL
, 2)
342
}
ASN1_CHOICE_END
(
CertStatus
);
343
344
ASN1_SEQUENCE
(
SingleResponse
) = {
345
ASN1_SIMPLE
(
SingleResponse
, certID,
CertID
),
346
ASN1_SIMPLE
(
SingleResponse
, certStatus,
CertStatus
),
347
ASN1_SIMPLE
(
SingleResponse
, thisUpdate,
ASN1_GENERALIZEDTIME
),
348
ASN1_EXP_OPT
(
SingleResponse
, nextUpdate,
ASN1_GENERALIZEDTIME
, 0),
349
ASN1_EXP_SEQUENCE_OF_OPT
(
SingleResponse
, singleExtensions,
X509_EXTENSION
, 1)
350
}
ASN1_SEQUENCE_END
(
SingleResponse
);
351
352
ASN1_SEQUENCE
(
ResponseData
) = {
353
ASN1_EXP_OPT
(
ResponseData
, version,
ASN1_INTEGER
, 0),
354
ASN1_SIMPLE
(
ResponseData
, responderID,
ResponderID
),
355
ASN1_SIMPLE
(
ResponseData
, producedAt,
ASN1_GENERALIZEDTIME
),
356
ASN1_SEQUENCE_OF
(
ResponseData
, responses,
SingleResponse
),
357
ASN1_EXP_SEQUENCE_OF_OPT
(
ResponseData
, responseExtensions,
X509_EXTENSION
, 1)
358
}
ASN1_SEQUENCE_END
(
ResponseData
);
359
360
ASN1_SEQUENCE
(
BasicOCSPResponse
) = {
361
ASN1_SIMPLE
(
BasicOCSPResponse
, tbsResponseData,
ResponseData
),
362
ASN1_SIMPLE
(
BasicOCSPResponse
, signatureAlgorithm,
X509_ALGOR
),
363
ASN1_SIMPLE
(
BasicOCSPResponse
, signature,
ASN1_BIT_STRING
),
364
ASN1_EXP_SEQUENCE_OF_OPT
(
BasicOCSPResponse
, certs,
X509
, 0)
365
}
ASN1_SEQUENCE_END
(
BasicOCSPResponse
);
366
Generated on Thu Jan 10 2013 09:53:32 for OpenSSL by
1.8.2
1.8.2
