From 22b1db8a4c16eb5f8127ce89405efe197a090edc Mon Sep 17 00:00:00 2001
From: Andres Amaya Garcia <andres.amayagarcia@arm.com>
Date: Thu, 24 Aug 2017 16:01:02 +0100
Subject: [PATCH] Add OCSP parsing files as part of the X509 module

OCSP by itself is a protocol between an OCSP responder and a client.
The protocol messages are encoded in X.509 format, so I have created
the place-holder files x509_ocsp.c and x509_ocsp.h that will contain
the X.509 parser and verification for OCSP messages.
---
 include/mbedtls/x509_ocsp.h | 52 +++++++++++++++++++++++++
 library/CMakeLists.txt      |  1 +
 library/Makefile            |  3 +-
 library/x509_ocsp.c         | 76 +++++++++++++++++++++++++++++++++++++
 4 files changed, 131 insertions(+), 1 deletion(-)
 create mode 100644 include/mbedtls/x509_ocsp.h
 create mode 100644 library/x509_ocsp.c

diff --git a/include/mbedtls/x509_ocsp.h b/include/mbedtls/x509_ocsp.h
new file mode 100644
index 0000000000..83b62152fe
--- /dev/null
+++ b/include/mbedtls/x509_ocsp.h
@@ -0,0 +1,52 @@
+/**
+ * \file x509_ocsp.h
+ *
+ * \brief OCSP generic defines and structures
+ *
+ *  Copyright (C) 2017, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#ifndef MBEDTLS_X509_OCSP_H
+#define MBEDTLS_X509_OCSP_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include "x509.h"
+#include "x509_crt.h"
+#include "md.h"
+#include "pk.h"
+
+#include <stdint.h>
+
+typedef struct mbedtls_x509_ocsp_response {
+} mbedtls_x509_ocsp_response;
+
+int mbedtls_x509_ocsp_response_info( char *buf, size_t size,
+                                     const char *prefix,
+                                     const mbedtls_x509_ocsp_response *resp );
+
+int mbedtls_x509_ocsp_parse_response_file( mbedtls_x509_ocsp_response *resp,
+                                           const char *path );
+
+int mbedtls_x509_ocsp_parse_response( mbedtls_x509_ocsp_response *resp,
+                                      unsigned char *buf, size_t buflen );
+
+#endif /* !MBEDTLS_X509_OCSP_H */
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index c332d45777..d979f6fb89 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -66,6 +66,7 @@ set(src_x509
     x509_crl.c
     x509_crt.c
     x509_csr.c
+    x509_ocsp.c
     x509write_crt.c
     x509write_csr.c
 )
diff --git a/library/Makefile b/library/Makefile
index 28f92315a0..fcc20f0e7c 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -66,7 +66,8 @@ OBJS_CRYPTO=	aes.o		aesni.o		arc4.o		\
 
 OBJS_X509=	certs.o		pkcs11.o	x509.o		\
 		x509_create.o	x509_crl.o	x509_crt.o	\
-		x509_csr.o	x509write_crt.o	x509write_csr.o
+		x509_csr.o	x509write_crt.o	x509write_csr.o	\
+		x509_ocsp.o
 
 OBJS_TLS=	debug.o		net_sockets.o		\
 		ssl_cache.o	ssl_ciphersuites.o	\
diff --git a/library/x509_ocsp.c b/library/x509_ocsp.c
new file mode 100644
index 0000000000..8dc7ee53dc
--- /dev/null
+++ b/library/x509_ocsp.c
@@ -0,0 +1,76 @@
+/*
+ *  OCSP response parsing and verification
+ *
+ *  Copyright (C) 2017, ARM Limited, All Rights Reserved
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ */
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdlib.h>
+#define mbedtls_free        free
+#define mbedtls_calloc      calloc
+#define mbedtls_snprintf    snprintf
+#endif
+
+#include "mbedtls/x509.h"
+#include "mbedtls/x509_crt.h"
+#include "mbedtls/x509_ocsp.h"
+#include "mbedtls/asn1.h"
+#include "mbedtls/md.h"
+#include "mbedtls/pk.h"
+#include "mbedtls/oid.h"
+
+#include <stdint.h>
+#include <string.h>
+
+int mbedtls_x509_ocsp_parse_response( mbedtls_x509_ocsp_response *resp,
+                                      unsigned char *buf, size_t buflen )
+{
+    return( 0 );
+}
+
+int mbedtls_x509_ocsp_response_info( char *buf, size_t size,
+                                     const char *prefix,
+                                     const mbedtls_x509_ocsp_response *resp )
+{
+    return( 0 );
+}
+
+int mbedtls_x509_ocsp_parse_response_file( mbedtls_x509_ocsp_response *resp,
+                                           const char *path )
+{
+    int ret;
+    size_t n;
+    unsigned char *buf;
+
+    if( ( ret = mbedtls_pk_load_file( path, &buf, &n ) ) != 0 )
+        return( ret );
+
+    ret = mbedtls_x509_ocsp_parse_response( resp, buf, n );
+
+    mbedtls_zeroize( buf, n );
+    mbedtls_free( buf );
+
+    return( ret );
+}