6 * Online Certificate Status Protocol
10 FILE_LICENCE ( GPL2_OR_LATER );
14 #include <ipxe/asn1.h>
15 #include <ipxe/x509.h>
16 #include <ipxe/refcnt.h>
18 /** OCSP algorithm identifier */
19 #define OCSP_ALGORITHM_IDENTIFIER( ... ) \
20 ASN1_OID, VA_ARG_COUNT ( __VA_ARGS__ ), __VA_ARGS__, \
23 /* OCSP response statuses */
24 #define OCSP_STATUS_SUCCESSFUL 0x00
25 #define OCSP_STATUS_MALFORMED_REQUEST 0x01
26 #define OCSP_STATUS_INTERNAL_ERROR 0x02
27 #define OCSP_STATUS_TRY_LATER 0x03
28 #define OCSP_STATUS_SIG_REQUIRED 0x05
29 #define OCSP_STATUS_UNAUTHORIZED 0x06
33 /** An OCSP request */
35 /** Request builder */
36 struct asn1_builder builder;
38 struct asn1_cursor cert_id;
41 /** An OCSP responder */
42 struct ocsp_responder {
44 * Check if certificate is the responder's certificate
48 * @ret difference Difference as returned by memcmp()
50 int ( * compare ) ( struct ocsp_check *ocsp,
51 struct x509_certificate *cert );
53 struct asn1_cursor id;
56 /** An OCSP response */
57 struct ocsp_response {
60 /** Raw tbsResponseData */
61 struct asn1_cursor tbs;
63 struct ocsp_responder responder;
64 /** Time at which status is known to be correct */
66 /** Time at which newer status information will be available */
68 /** Signature algorithm */
69 struct asn1_algorithm *algorithm;
70 /** Signature value */
71 struct asn1_bit_string signature;
72 /** Signing certificate */
73 struct x509_certificate *signer;
78 /** Reference count */
80 /** Certificate being checked */
81 struct x509_certificate *cert;
82 /** Issuing certificate */
83 struct x509_certificate *issuer;
87 struct ocsp_request request;
89 struct ocsp_response response;
93 * Get reference to OCSP check
96 * @ret ocsp OCSP check
98 static inline __attribute__ (( always_inline )) struct ocsp_check *
99 ocsp_get ( struct ocsp_check *ocsp ) {
100 ref_get ( &ocsp->refcnt );
105 * Drop reference to OCSP check
109 static inline __attribute__ (( always_inline )) void
110 ocsp_put ( struct ocsp_check *ocsp ) {
111 ref_put ( &ocsp->refcnt );
114 extern int ocsp_check ( struct x509_certificate *cert,
115 struct x509_certificate *issuer,
116 struct ocsp_check **ocsp );
117 extern int ocsp_response ( struct ocsp_check *ocsp, const void *data,
119 extern int ocsp_validate ( struct ocsp_check *check, time_t time );
121 #endif /* _IPXE_OCSP_H */