diff options
| author | Job Snijders <job@fastly.com> | 2021-01-24 14:00:02 +0000 |
|---|---|---|
| committer | Dmitry Belyavskiy <beldmit@gmail.com> | 2021-02-02 10:32:27 +0100 |
| commit | d3372c2f35495d0c61ab09daf7fba3ecbbb595aa (patch) | |
| tree | 61cbd8040b1ea3fc4bd06ac898c547ae3b7a4b45 /crypto/objects | |
| parent | 6aab42c39060c7aa39d96c7a265ddc661cea2ed8 (diff) | |
Add some PKIX-RPKI objects
References:
RFC6482 - A Profile for Route Origin Authorizations (ROAs)
RFC6484 - Certificate Policy (CP) for the RPKI
RFC6493 - The RPKI Ghostbusters Record
RFC8182 - The RPKI Repository Delta Protocol (RRDP)
RFC8360 - RPKI Validation Reconsidered
draft-ietf-sidrops-rpki-rta - A profile for RTAs
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13948)
Diffstat (limited to 'crypto/objects')
| -rw-r--r-- | crypto/objects/obj_dat.h | 70 | ||||
| -rw-r--r-- | crypto/objects/obj_mac.num | 12 | ||||
| -rw-r--r-- | crypto/objects/objects.txt | 15 |
3 files changed, 91 insertions, 6 deletions
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 1b852e6dfa..697cd527b3 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -10,7 +10,7 @@ */ /* Serialized OID's */ -static const unsigned char so[7947] = { +static const unsigned char so[8054] = { 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */ @@ -1101,9 +1101,21 @@ static const unsigned char so[7947] = { 0x2A,0x85,0x03,0x64,0x71,0x04, /* [ 7928] OBJ_classSignToolKB1 */ 0x2A,0x85,0x03,0x64,0x71,0x05, /* [ 7934] OBJ_classSignToolKB2 */ 0x2A,0x85,0x03,0x64,0x71,0x06, /* [ 7940] OBJ_classSignToolKA1 */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x18, /* [ 7946] OBJ_id_ct_routeOriginAuthz */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1A, /* [ 7957] OBJ_id_ct_rpkiManifest */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x23, /* [ 7968] OBJ_id_ct_rpkiGhostbusters */ + 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x24, /* [ 7979] OBJ_id_ct_resourceTaggedAttest */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x0E, /* [ 7990] OBJ_id_cp */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x1C, /* [ 7997] OBJ_sbgp_ipAddrBlockv2 */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x1D, /* [ 8005] OBJ_sbgp_autonomousSysNumv2 */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x0E,0x02, /* [ 8013] OBJ_ipAddr_asNumber */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x0E,0x03, /* [ 8021] OBJ_ipAddr_asNumberv2 */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0A, /* [ 8029] OBJ_rpkiManifest */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0B, /* [ 8037] OBJ_signedObject */ + 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x0D, /* [ 8045] OBJ_rpkiNotify */ }; -#define NUM_NID 1234 +#define NUM_NID 1246 static const ASN1_OBJECT nid_objs[NUM_NID] = { {"UNDEF", "undefined", NID_undef}, {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]}, @@ -2339,9 +2351,21 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = { {"classSignToolKB1", "Class of Signing Tool KB1", NID_classSignToolKB1, 6, &so[7928]}, {"classSignToolKB2", "Class of Signing Tool KB2", NID_classSignToolKB2, 6, &so[7934]}, {"classSignToolKA1", "Class of Signing Tool KA1", NID_classSignToolKA1, 6, &so[7940]}, + {"id-ct-routeOriginAuthz", "id-ct-routeOriginAuthz", NID_id_ct_routeOriginAuthz, 11, &so[7946]}, + {"id-ct-rpkiManifest", "id-ct-rpkiManifest", NID_id_ct_rpkiManifest, 11, &so[7957]}, + {"id-ct-rpkiGhostbusters", "id-ct-rpkiGhostbusters", NID_id_ct_rpkiGhostbusters, 11, &so[7968]}, + {"id-ct-resourceTaggedAttest", "id-ct-resourceTaggedAttest", NID_id_ct_resourceTaggedAttest, 11, &so[7979]}, + {"id-cp", "id-cp", NID_id_cp, 7, &so[7990]}, + {"sbgp-ipAddrBlockv2", "sbgp-ipAddrBlockv2", NID_sbgp_ipAddrBlockv2, 8, &so[7997]}, + {"sbgp-autonomousSysNumv2", "sbgp-autonomousSysNumv2", NID_sbgp_autonomousSysNumv2, 8, &so[8005]}, + {"ipAddr-asNumber", "ipAddr-asNumber", NID_ipAddr_asNumber, 8, &so[8013]}, + {"ipAddr-asNumberv2", "ipAddr-asNumberv2", NID_ipAddr_asNumberv2, 8, &so[8021]}, + {"rpkiManifest", "RPKI Manifest", NID_rpkiManifest, 8, &so[8029]}, + {"signedObject", "Signed Object", NID_signedObject, 8, &so[8037]}, + {"rpkiNotify", "RPKI Notify", NID_rpkiNotify, 8, &so[8045]}, }; -#define NUM_SN 1225 +#define NUM_SN 1237 static const unsigned int sn_objs[NUM_SN] = { 364, /* "AD_DVCS" */ 419, /* "AES-128-CBC" */ @@ -2951,7 +2975,12 @@ static const unsigned int sn_objs[NUM_SN] = { 332, /* "id-cmc-senderNonce" */ 327, /* "id-cmc-statusInfo" */ 331, /* "id-cmc-transactionId" */ + 1238, /* "id-cp" */ 787, /* "id-ct-asciiTextWithCRLF" */ + 1237, /* "id-ct-resourceTaggedAttest" */ + 1234, /* "id-ct-routeOriginAuthz" */ + 1236, /* "id-ct-rpkiGhostbusters" */ + 1235, /* "id-ct-rpkiManifest" */ 1060, /* "id-ct-xml" */ 1108, /* "id-dsa-with-sha3-224" */ 1109, /* "id-dsa-with-sha3-256" */ @@ -3167,6 +3196,8 @@ static const unsigned int sn_objs[NUM_SN] = { 647, /* "international-organizations" */ 869, /* "internationaliSDNNumber" */ 142, /* "invalidityDate" */ + 1241, /* "ipAddr-asNumber" */ + 1242, /* "ipAddr-asNumberv2" */ 294, /* "ipsecEndSystem" */ 1022, /* "ipsecIKE" */ 295, /* "ipsecTunnel" */ @@ -3317,6 +3348,8 @@ static const unsigned int sn_objs[NUM_SN] = { 877, /* "roleOccupant" */ 448, /* "room" */ 463, /* "roomNumber" */ + 1243, /* "rpkiManifest" */ + 1245, /* "rpkiNotify" */ 6, /* "rsaEncryption" */ 644, /* "rsaOAEPEncryptionSET" */ 377, /* "rsaSignature" */ @@ -3324,7 +3357,9 @@ static const unsigned int sn_objs[NUM_SN] = { 482, /* "sOARecord" */ 155, /* "safeContentsBag" */ 291, /* "sbgp-autonomousSysNum" */ + 1240, /* "sbgp-autonomousSysNumv2" */ 290, /* "sbgp-ipAddrBlock" */ + 1239, /* "sbgp-ipAddrBlockv2" */ 292, /* "sbgp-routerIdentifier" */ 159, /* "sdsiCertificate" */ 859, /* "searchGuide" */ @@ -3503,6 +3538,7 @@ static const unsigned int sn_objs[NUM_SN] = { 604, /* "setext-pinAny" */ 603, /* "setext-pinSecure" */ 605, /* "setext-track2" */ + 1244, /* "signedObject" */ 52, /* "signingTime" */ 454, /* "simpleSecurityObject" */ 496, /* "singleLevelQuality" */ @@ -3570,7 +3606,7 @@ static const unsigned int sn_objs[NUM_SN] = { 1093, /* "x509ExtAdmission" */ }; -#define NUM_LN 1225 +#define NUM_LN 1237 static const unsigned int ln_objs[NUM_LN] = { 363, /* "AD Time Stamping" */ 405, /* "ANSI X9.62" */ @@ -3731,6 +3767,8 @@ static const unsigned int ln_objs[NUM_LN] = { 385, /* "Private" */ 1093, /* "Professional Information or basis for Admission" */ 663, /* "Proxy Certificate Information" */ + 1243, /* "RPKI Manifest" */ + 1245, /* "RPKI Notify" */ 1, /* "RSA Data Security, Inc." */ 2, /* "RSA Data Security, Inc. PKCS" */ 1116, /* "RSA-SHA3-224" */ @@ -3752,6 +3790,7 @@ static const unsigned int ln_objs[NUM_LN] = { 1030, /* "Send Proxied Owner" */ 1028, /* "Send Proxied Router" */ 1027, /* "Send Router" */ + 1244, /* "Signed Object" */ 1033, /* "Signing KDC Response" */ 1008, /* "Signing Tool of Issuer" */ 1007, /* "Signing Tool of Subject" */ @@ -4195,7 +4234,12 @@ static const unsigned int ln_objs[NUM_LN] = { 332, /* "id-cmc-senderNonce" */ 327, /* "id-cmc-statusInfo" */ 331, /* "id-cmc-transactionId" */ + 1238, /* "id-cp" */ 787, /* "id-ct-asciiTextWithCRLF" */ + 1237, /* "id-ct-resourceTaggedAttest" */ + 1234, /* "id-ct-routeOriginAuthz" */ + 1236, /* "id-ct-rpkiGhostbusters" */ + 1235, /* "id-ct-rpkiManifest" */ 1060, /* "id-ct-xml" */ 408, /* "id-ecPublicKey" */ 508, /* "id-hex-multipart-message" */ @@ -4366,6 +4410,8 @@ static const unsigned int ln_objs[NUM_LN] = { 461, /* "info" */ 101, /* "initials" */ 869, /* "internationaliSDNNumber" */ + 1241, /* "ipAddr-asNumber" */ + 1242, /* "ipAddr-asNumberv2" */ 1022, /* "ipsec Internet Key Exchange" */ 749, /* "ipsec3" */ 750, /* "ipsec4" */ @@ -4547,7 +4593,9 @@ static const unsigned int ln_objs[NUM_LN] = { 482, /* "sOARecord" */ 155, /* "safeContentsBag" */ 291, /* "sbgp-autonomousSysNum" */ + 1240, /* "sbgp-autonomousSysNumv2" */ 290, /* "sbgp-ipAddrBlock" */ + 1239, /* "sbgp-ipAddrBlockv2" */ 292, /* "sbgp-routerIdentifier" */ 973, /* "scrypt" */ 159, /* "sdsiCertificate" */ @@ -4799,7 +4847,7 @@ static const unsigned int ln_objs[NUM_LN] = { 125, /* "zlib compression" */ }; -#define NUM_OBJ 1096 +#define NUM_OBJ 1108 static const unsigned int obj_objs[NUM_OBJ] = { 0, /* OBJ_undef 0 */ 181, /* OBJ_iso 1 */ @@ -5241,6 +5289,7 @@ static const unsigned int obj_objs[NUM_OBJ] = { 266, /* OBJ_id_aca 1 3 6 1 5 5 7 10 */ 267, /* OBJ_id_qcs 1 3 6 1 5 5 7 11 */ 268, /* OBJ_id_cct 1 3 6 1 5 5 7 12 */ + 1238, /* OBJ_id_cp 1 3 6 1 5 5 7 14 */ 662, /* OBJ_id_ppl 1 3 6 1 5 5 7 21 */ 176, /* OBJ_id_ad 1 3 6 1 5 5 7 48 */ 507, /* OBJ_id_hex_partial_message 1 3 6 1 7 1 1 1 */ @@ -5389,6 +5438,8 @@ static const unsigned int obj_objs[NUM_OBJ] = { 398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */ 663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */ 1020, /* OBJ_tlsfeature 1 3 6 1 5 5 7 1 24 */ + 1239, /* OBJ_sbgp_ipAddrBlockv2 1 3 6 1 5 5 7 1 28 */ + 1240, /* OBJ_sbgp_autonomousSysNumv2 1 3 6 1 5 5 7 1 29 */ 164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ 165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ 293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */ @@ -5483,6 +5534,8 @@ static const unsigned int obj_objs[NUM_OBJ] = { 360, /* OBJ_id_cct_crs 1 3 6 1 5 5 7 12 1 */ 361, /* OBJ_id_cct_PKIData 1 3 6 1 5 5 7 12 2 */ 362, /* OBJ_id_cct_PKIResponse 1 3 6 1 5 5 7 12 3 */ + 1241, /* OBJ_ipAddr_asNumber 1 3 6 1 5 5 7 14 2 */ + 1242, /* OBJ_ipAddr_asNumberv2 1 3 6 1 5 5 7 14 3 */ 664, /* OBJ_id_ppl_anyLanguage 1 3 6 1 5 5 7 21 0 */ 665, /* OBJ_id_ppl_inheritAll 1 3 6 1 5 5 7 21 1 */ 667, /* OBJ_Independent 1 3 6 1 5 5 7 21 2 */ @@ -5491,6 +5544,9 @@ static const unsigned int obj_objs[NUM_OBJ] = { 363, /* OBJ_ad_timeStamping 1 3 6 1 5 5 7 48 3 */ 364, /* OBJ_ad_dvcs 1 3 6 1 5 5 7 48 4 */ 785, /* OBJ_caRepository 1 3 6 1 5 5 7 48 5 */ + 1243, /* OBJ_rpkiManifest 1 3 6 1 5 5 7 48 10 */ + 1244, /* OBJ_signedObject 1 3 6 1 5 5 7 48 11 */ + 1245, /* OBJ_rpkiNotify 1 3 6 1 5 5 7 48 13 */ 780, /* OBJ_hmac_md5 1 3 6 1 5 5 8 1 1 */ 781, /* OBJ_hmac_sha1 1 3 6 1 5 5 8 1 2 */ 913, /* OBJ_aes_128_xts 1 3 111 2 1619 0 1 1 */ @@ -5824,8 +5880,12 @@ static const unsigned int obj_objs[NUM_OBJ] = { 786, /* OBJ_id_smime_ct_compressedData 1 2 840 113549 1 9 16 1 9 */ 1058, /* OBJ_id_smime_ct_contentCollection 1 2 840 113549 1 9 16 1 19 */ 1059, /* OBJ_id_smime_ct_authEnvelopedData 1 2 840 113549 1 9 16 1 23 */ + 1234, /* OBJ_id_ct_routeOriginAuthz 1 2 840 113549 1 9 16 1 24 */ + 1235, /* OBJ_id_ct_rpkiManifest 1 2 840 113549 1 9 16 1 26 */ 787, /* OBJ_id_ct_asciiTextWithCRLF 1 2 840 113549 1 9 16 1 27 */ 1060, /* OBJ_id_ct_xml 1 2 840 113549 1 9 16 1 28 */ + 1236, /* OBJ_id_ct_rpkiGhostbusters 1 2 840 113549 1 9 16 1 35 */ + 1237, /* OBJ_id_ct_resourceTaggedAttest 1 2 840 113549 1 9 16 1 36 */ 212, /* OBJ_id_smime_aa_receiptRequest 1 2 840 113549 1 9 16 2 1 */ 213, /* OBJ_id_smime_aa_securityLabel 1 2 840 113549 1 9 16 2 2 */ 214, /* OBJ_id_smime_aa_mlExpandHistory 1 2 840 113549 1 9 16 2 3 */ diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 7d1d70ea28..9f9636f818 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -1231,3 +1231,15 @@ classSignToolKC3 1230 classSignToolKB1 1231 classSignToolKB2 1232 classSignToolKA1 1233 +id_ct_routeOriginAuthz 1234 +id_ct_rpkiManifest 1235 +id_ct_rpkiGhostbusters 1236 +id_ct_resourceTaggedAttest 1237 +id_cp 1238 +sbgp_ipAddrBlockv2 1239 +sbgp_autonomousSysNumv2 1240 +ipAddr_asNumber 1241 +ipAddr_asNumberv2 1242 +rpkiManifest 1243 +signedObject 1244 +rpkiNotify 1245 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index 8aef90d952..62bc8c1a8e 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -274,8 +274,12 @@ id-smime-ct 8 : id-smime-ct-DVCSResponseData id-smime-ct 9 : id-smime-ct-compressedData id-smime-ct 19 : id-smime-ct-contentCollection id-smime-ct 23 : id-smime-ct-authEnvelopedData +id-smime-ct 24 : id-ct-routeOriginAuthz +id-smime-ct 26 : id-ct-rpkiManifest id-smime-ct 27 : id-ct-asciiTextWithCRLF id-smime-ct 28 : id-ct-xml +id-smime-ct 35 : id-ct-rpkiGhostbusters +id-smime-ct 36 : id-ct-resourceTaggedAttest # S/MIME Attributes id-smime-aa 1 : id-smime-aa-receiptRequest @@ -465,6 +469,7 @@ id-pkix 8 : id-on id-pkix 9 : id-pda id-pkix 10 : id-aca id-pkix 11 : id-qcs +id-pkix 14 : id-cp id-pkix 12 : id-cct id-pkix 21 : id-ppl id-pkix 48 : id-ad @@ -503,6 +508,8 @@ id-pe 10 : ac-proxying id-pe 11 : subjectInfoAccess : Subject Information Access id-pe 14 : proxyCertInfo : Proxy Certificate Information id-pe 24 : tlsfeature : TLS Feature +id-pe 28 : sbgp-ipAddrBlockv2 +id-pe 29 : sbgp-autonomousSysNumv2 # PKIX policyQualifiers for Internet policy qualifiers id-qt 1 : id-qt-cps : Policy Qualifier CPS @@ -642,6 +649,10 @@ id-aca 6 : id-aca-encAttrs # qualified certificate statements id-qcs 1 : id-qcs-pkixQCSyntax-v1 +# PKIX Certificate Policies +id-cp 2 : ipAddr-asNumber +id-cp 3 : ipAddr-asNumberv2 + # CMC content types id-cct 1 : id-cct-crs id-cct 2 : id-cct-PKIData @@ -662,7 +673,9 @@ id-ad 3 : ad_timestamping : AD Time Stamping !Cname ad-dvcs id-ad 4 : AD_DVCS : ad dvcs id-ad 5 : caRepository : CA Repository - +id-ad 10 : rpkiManifest : RPKI Manifest +id-ad 11 : signedObject : Signed Object +id-ad 13 : rpkiNotify : RPKI Notify !Alias id-pkix-OCSP ad-OCSP !module id-pkix-OCSP |