1 #include "nid.h"
2 
3 #include <errno.h>
4 #include <openssl/objects.h>
5 
6 #include "log.h"
7 
8 static int rpki_manifest_nid;
9 static int signed_object_nid;
10 static int rpki_notify_nid;
11 static int cert_policy_rpki_nid;
12 static int cert_policy_rpki_v2_nid;
13 static int ip_addr_blocks_v2_nid;
14 static int autonomous_sys_ids_v2_nid;
15 static int bgpsec_router_nid;
16 
17 static int
register_oid(const char * oid,const char * sn,const char * ln)18 register_oid(const char *oid, const char *sn, const char *ln)
19 {
20 	int nid;
21 
22 	/* Note: Object has to be registered for OBJ_txt2nid to work. */
23 	nid = OBJ_txt2nid(oid);
24 	if (nid == NID_undef) {
25 		/* Note: Implicit object registration happens in OBJ_create. */
26 		nid = OBJ_create(oid, sn, ln);
27 		if (nid == 0)
28 			return op_crypto_err("Unable to register the %s NID.", sn);
29 		pr_op_debug("%s registered. Its nid is %d.", sn, nid);
30 
31 	} else {
32 		pr_op_debug("%s retrieved. Its nid is %d.", sn, nid);
33 	}
34 
35 	return nid;
36 }
37 
38 /**
39  * Registers the RPKI-specific OIDs in the SSL library.
40  * LibreSSL needs it; not sure about OpenSSL.
41  */
42 int
nid_init(void)43 nid_init(void)
44 {
45 	rpki_manifest_nid = register_oid("1.3.6.1.5.5.7.48.10",
46 	    "rpkiManifest",
47 	    "RPKI Manifest (RFC 6487)");
48 	if (rpki_manifest_nid == 0)
49 		return -EINVAL;
50 
51 	signed_object_nid = register_oid("1.3.6.1.5.5.7.48.11",
52 	    "signedObject",
53 	    "RPKI Signed Object (RFC 6487)");
54 	if (signed_object_nid == 0)
55 		return -EINVAL;
56 
57 	rpki_notify_nid = register_oid("1.3.6.1.5.5.7.48.13",
58 	    "rpkiNotify",
59 	    "RPKI Update Notification File (RFC 8182)");
60 	if (rpki_notify_nid == 0)
61 		return -EINVAL;
62 
63 	cert_policy_rpki_nid = register_oid("1.3.6.1.5.5.7.14.2",
64 	    "id-cp-ipAddr-asNumber (RFC 6484)",
65 	    "Certificate Policy (CP) for the Resource PKI (RPKI)");
66 	if (cert_policy_rpki_nid == 0)
67 		return -EINVAL;
68 
69 	cert_policy_rpki_v2_nid = register_oid("1.3.6.1.5.5.7.14.3",
70 	    "id-cp-ipAddr-asNumber-v2 (RFC 8360)",
71 	    "Certificate Policy for Use with Validation Reconsidered in the RPKI");
72 	if (cert_policy_rpki_v2_nid == 0)
73 		return -EINVAL;
74 
75 	ip_addr_blocks_v2_nid = register_oid("1.3.6.1.5.5.7.1.28",
76 	    "id-pe-ipAddrBlocks-v2",
77 	    "Amended IP Resources (RFC 8360)");
78 	if (ip_addr_blocks_v2_nid == 0)
79 		return -EINVAL;
80 
81 	autonomous_sys_ids_v2_nid = register_oid("1.3.6.1.5.5.7.1.29",
82 	    "id-pe-autonomousSysIds-v2",
83 	    "Amended AS Resources (RFC 8360)");
84 	if (autonomous_sys_ids_v2_nid == 0)
85 		return -EINVAL;
86 
87 	bgpsec_router_nid = register_oid("1.3.6.1.5.5.7.3.30",
88 	    "id-kp-bgpsec-router",
89 	    "BGPsec Extended Key Usage (RFC 8209)");
90 	if (bgpsec_router_nid == 0)
91 		return -EINVAL;
92 
93 	return 0;
94 }
95 
96 void
nid_destroy(void)97 nid_destroy(void)
98 {
99 	OBJ_cleanup();
100 }
101 
nid_rpkiManifest(void)102 int nid_rpkiManifest(void)
103 {
104 	return rpki_manifest_nid;
105 }
106 
nid_signedObject(void)107 int nid_signedObject(void)
108 {
109 	return signed_object_nid;
110 }
111 
nid_rpkiNotify(void)112 int nid_rpkiNotify(void)
113 {
114 	return rpki_notify_nid;
115 }
116 
nid_certPolicyRpki(void)117 int nid_certPolicyRpki(void)
118 {
119 	return cert_policy_rpki_nid;
120 }
121 
nid_certPolicyRpkiV2(void)122 int nid_certPolicyRpkiV2(void)
123 {
124 	return cert_policy_rpki_v2_nid;
125 }
126 
nid_ipAddrBlocksv2(void)127 int nid_ipAddrBlocksv2(void)
128 {
129 	return ip_addr_blocks_v2_nid;
130 }
131 
nid_autonomousSysIdsv2(void)132 int nid_autonomousSysIdsv2(void)
133 {
134 	return autonomous_sys_ids_v2_nid;
135 }
136 
nid_bgpsecRouter(void)137 int nid_bgpsecRouter(void)
138 {
139 	return bgpsec_router_nid;
140 }
141