include/reactos/libs/gnutls/gnutls/ocsp.h

   1 /*
   2  * Copyright (C) 2011-2012 Free Software Foundation, Inc.
   3  *
   4  * Author: Simon Josefsson
   5  *
   6  * This file is part of GnuTLS.
   7  *
   8  * The GnuTLS is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public License
  19  * along with this program.  If not, see <http://www.gnu.org/licenses/>
  20  *
  21  */
  22
  23 /* Online Certificate Status Protocol - RFC 2560
  24  */
  25
  26 #ifndef GNUTLS_OCSP_H
  27 #define GNUTLS_OCSP_H
  28
  29 #include <gnutls/gnutls.h>
  30 #include <gnutls/x509.h>
  31
  32 /* *INDENT-OFF* */
  33 #ifdef __cplusplus
  34 extern "C" {
  35 #endif
  36 /* *INDENT-ON* */
  37
  38 #define GNUTLS_OCSP_NONCE "1.3.6.1.5.5.7.48.1.2"
  39
  40 /**
  41  * gnutls_ocsp_print_formats_t:
  42  * @GNUTLS_OCSP_PRINT_FULL: Full information about OCSP request/response.
  43  * @GNUTLS_OCSP_PRINT_COMPACT: More compact information about OCSP request/response.
  44  *
  45  * Enumeration of different OCSP printing variants.
  46  */
  47 typedef enum gnutls_ocsp_print_formats_t {
  48         GNUTLS_OCSP_PRINT_FULL = 0,
  49         GNUTLS_OCSP_PRINT_COMPACT = 1,
  50 } gnutls_ocsp_print_formats_t;
  51
  52 /**
  53  * gnutls_ocsp_resp_status_t:
  54  * @GNUTLS_OCSP_RESP_SUCCESSFUL: Response has valid confirmations.
  55  * @GNUTLS_OCSP_RESP_MALFORMEDREQUEST: Illegal confirmation request
  56  * @GNUTLS_OCSP_RESP_INTERNALERROR: Internal error in issuer
  57  * @GNUTLS_OCSP_RESP_TRYLATER: Try again later
  58  * @GNUTLS_OCSP_RESP_SIGREQUIRED: Must sign the request
  59  * @GNUTLS_OCSP_RESP_UNAUTHORIZED: Request unauthorized
  60  *
  61  * Enumeration of different OCSP response status codes.
  62  */
  63 typedef enum gnutls_ocsp_resp_status_t {
  64         GNUTLS_OCSP_RESP_SUCCESSFUL = 0,
  65         GNUTLS_OCSP_RESP_MALFORMEDREQUEST = 1,
  66         GNUTLS_OCSP_RESP_INTERNALERROR = 2,
  67         GNUTLS_OCSP_RESP_TRYLATER = 3,
  68         GNUTLS_OCSP_RESP_SIGREQUIRED = 5,
  69         GNUTLS_OCSP_RESP_UNAUTHORIZED = 6
  70 } gnutls_ocsp_resp_status_t;
  71
  72 /**
  73  * gnutls_ocsp_cert_status_t:
  74  * @GNUTLS_OCSP_CERT_GOOD: Positive response to status inquiry.
  75  * @GNUTLS_OCSP_CERT_REVOKED: Certificate has been revoked.
  76  * @GNUTLS_OCSP_CERT_UNKNOWN: The responder doesn't know about the
  77  *   certificate.
  78  *
  79  * Enumeration of different OCSP response certificate status codes.
  80  */
  81 typedef enum gnutls_ocsp_cert_status_t {
  82         GNUTLS_OCSP_CERT_GOOD = 0,
  83         GNUTLS_OCSP_CERT_REVOKED = 1,
  84         GNUTLS_OCSP_CERT_UNKNOWN = 2
  85 } gnutls_ocsp_cert_status_t;
  86
  87 /**
  88  * gnutls_x509_crl_reason_t:
  89  * @GNUTLS_X509_CRLREASON_UNSPECIFIED: Unspecified reason.
  90  * @GNUTLS_X509_CRLREASON_KEYCOMPROMISE: Private key compromised.
  91  * @GNUTLS_X509_CRLREASON_CACOMPROMISE: CA compromised.
  92  * @GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: Affiliation has changed.
  93  * @GNUTLS_X509_CRLREASON_SUPERSEDED: Certificate superseded.
  94  * @GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: Operation has ceased.
  95  * @GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: Certificate is on hold.
  96  * @GNUTLS_X509_CRLREASON_REMOVEFROMCRL: Will be removed from delta CRL.
  97  * @GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: Privilege withdrawn.
  98  * @GNUTLS_X509_CRLREASON_AACOMPROMISE: AA compromised.
  99  *
 100  * Enumeration of different reason codes.  Note that this
 101  * corresponds to the CRLReason ASN.1 enumeration type, and not the
 102  * ReasonFlags ASN.1 bit string.
 103  */
 104 typedef enum gnutls_x509_crl_reason_t {
 105         GNUTLS_X509_CRLREASON_UNSPECIFIED = 0,
 106         GNUTLS_X509_CRLREASON_KEYCOMPROMISE = 1,
 107         GNUTLS_X509_CRLREASON_CACOMPROMISE = 2,
 108         GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED = 3,
 109         GNUTLS_X509_CRLREASON_SUPERSEDED = 4,
 110         GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION = 5,
 111         GNUTLS_X509_CRLREASON_CERTIFICATEHOLD = 6,
 112         GNUTLS_X509_CRLREASON_REMOVEFROMCRL = 8,
 113         GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN = 9,
 114         GNUTLS_X509_CRLREASON_AACOMPROMISE = 10
 115 } gnutls_x509_crl_reason_t;
 116
 117 /**
 118  * gnutls_ocsp_verify_reason_t:
 119  * @GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND: Signer cert not found.
 120  * @GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR: Signer keyusage bits incorrect.
 121  * @GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER: Signer is not trusted.
 122  * @GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM: Signature using insecure algorithm.
 123  * @GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE: Signature mismatch.
 124  * @GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED: Signer cert is not yet activated.
 125  * @GNUTLS_OCSP_VERIFY_CERT_EXPIRED: Signer cert has expired.
 126  *
 127  * Enumeration of OCSP verify status codes, used by
 128  * gnutls_ocsp_resp_verify() and gnutls_ocsp_resp_verify_direct().
 129  */
 130 typedef enum gnutls_ocsp_verify_reason_t {
 131         GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND = 1,
 132         GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR = 2,
 133         GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER = 4,
 134         GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM = 8,
 135         GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE = 16,
 136         GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED = 32,
 137         GNUTLS_OCSP_VERIFY_CERT_EXPIRED = 64
 138 } gnutls_ocsp_verify_reason_t;
 139
 140 struct gnutls_ocsp_req_int;
 141 typedef struct gnutls_ocsp_req_int *gnutls_ocsp_req_t;
 142
 143 int gnutls_ocsp_req_init(gnutls_ocsp_req_t * req);
 144 void gnutls_ocsp_req_deinit(gnutls_ocsp_req_t req);
 145
 146 int gnutls_ocsp_req_import(gnutls_ocsp_req_t req,
 147                            const gnutls_datum_t * data);
 148 int gnutls_ocsp_req_export(gnutls_ocsp_req_t req, gnutls_datum_t * data);
 149 int gnutls_ocsp_req_print(gnutls_ocsp_req_t req,
 150                           gnutls_ocsp_print_formats_t format,
 151                           gnutls_datum_t * out);
 152
 153 int gnutls_ocsp_req_get_version(gnutls_ocsp_req_t req);
 154
 155 int gnutls_ocsp_req_get_cert_id(gnutls_ocsp_req_t req,
 156                                 unsigned indx,
 157                                 gnutls_digest_algorithm_t * digest,
 158                                 gnutls_datum_t * issuer_name_hash,
 159                                 gnutls_datum_t * issuer_key_hash,
 160                                 gnutls_datum_t * serial_number);
 161 int gnutls_ocsp_req_add_cert_id(gnutls_ocsp_req_t req,
 162                                 gnutls_digest_algorithm_t digest,
 163                                 const gnutls_datum_t *
 164                                 issuer_name_hash,
 165                                 const gnutls_datum_t *
 166                                 issuer_key_hash,
 167                                 const gnutls_datum_t * serial_number);
 168 int gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req,
 169                              gnutls_digest_algorithm_t digest,
 170                              gnutls_x509_crt_t issuer,
 171                              gnutls_x509_crt_t cert);
 172
 173 int gnutls_ocsp_req_get_extension(gnutls_ocsp_req_t req,
 174                                   unsigned indx,
 175                                   gnutls_datum_t * oid,
 176                                   unsigned int *critical,
 177                                   gnutls_datum_t * data);
 178 int gnutls_ocsp_req_set_extension(gnutls_ocsp_req_t req,
 179                                   const char *oid,
 180                                   unsigned int critical,
 181                                   const gnutls_datum_t * data);
 182
 183 int gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_t req,
 184                               unsigned int *critical,
 185                               gnutls_datum_t * nonce);
 186 int gnutls_ocsp_req_set_nonce(gnutls_ocsp_req_t req,
 187                               unsigned int critical,
 188                               const gnutls_datum_t * nonce);
 189 int gnutls_ocsp_req_randomize_nonce(gnutls_ocsp_req_t req);
 190
 191 struct gnutls_ocsp_resp_int;
 192 typedef struct gnutls_ocsp_resp_int *gnutls_ocsp_resp_t;
 193
 194 int gnutls_ocsp_resp_init(gnutls_ocsp_resp_t * resp);
 195 void gnutls_ocsp_resp_deinit(gnutls_ocsp_resp_t resp);
 196
 197 int gnutls_ocsp_resp_import(gnutls_ocsp_resp_t resp,
 198                             const gnutls_datum_t * data);
 199 int gnutls_ocsp_resp_export(gnutls_ocsp_resp_t resp,
 200                             gnutls_datum_t * data);
 201 int gnutls_ocsp_resp_print(gnutls_ocsp_resp_t resp,
 202                            gnutls_ocsp_print_formats_t format,
 203                            gnutls_datum_t * out);
 204
 205 int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_t resp);
 206 int gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_t resp,
 207                                   gnutls_datum_t *
 208                                   response_type_oid,
 209                                   gnutls_datum_t * response);
 210
 211 int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_t resp);
 212 int gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp,
 213                                    gnutls_datum_t * dn);
 214 time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_t resp);
 215 int gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp,
 216                                 unsigned indx,
 217                                 gnutls_digest_algorithm_t * digest,
 218                                 gnutls_datum_t * issuer_name_hash,
 219                                 gnutls_datum_t * issuer_key_hash,
 220                                 gnutls_datum_t * serial_number,
 221                                 unsigned int *cert_status,
 222                                 time_t * this_update,
 223                                 time_t * next_update,
 224                                 time_t * revocation_time,
 225                                 unsigned int *revocation_reason);
 226 int gnutls_ocsp_resp_get_extension(gnutls_ocsp_resp_t resp,
 227                                    unsigned indx,
 228                                    gnutls_datum_t * oid,
 229                                    unsigned int *critical,
 230                                    gnutls_datum_t * data);
 231 int gnutls_ocsp_resp_get_nonce(gnutls_ocsp_resp_t resp,
 232                                unsigned int *critical,
 233                                gnutls_datum_t * nonce);
 234 int gnutls_ocsp_resp_get_signature_algorithm(gnutls_ocsp_resp_t resp);
 235 int gnutls_ocsp_resp_get_signature(gnutls_ocsp_resp_t resp,
 236                                    gnutls_datum_t * sig);
 237 int gnutls_ocsp_resp_get_certs(gnutls_ocsp_resp_t resp,
 238                                gnutls_x509_crt_t ** certs,
 239                                size_t * ncerts);
 240
 241 int gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp,
 242                                    gnutls_x509_crt_t issuer,
 243                                    unsigned int *verify,
 244                                    unsigned int flags);
 245 int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_t resp,
 246                             gnutls_x509_trust_list_t trustlist,
 247                             unsigned int *verify, unsigned int flags);
 248
 249 int gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
 250                                unsigned int indx, gnutls_x509_crt_t crt);
 251
 252 /* *INDENT-OFF* */
 253 #ifdef __cplusplus
 254 }
 255 #endif
 256 /* *INDENT-ON* */
 257 #endif                          /* GNUTLS_OCSP_H */