Invalidate the right stack[] member

There was a shift of the index in the for loop, and invalidating the wrong
member could result in a double free in auth_tree_free() on process exit.

ok claudio job

rpki-client: avoid hard error when hitting the maximum cert id

Instead, continue processing what we can but avoid lots of warning noise.
Error out at the end of the parser process to avoid loading a bad config
into bgpd. This isn't great as it is and can be refined in tree.

ok claudio

Improve the check for is_ta in filemode

Instead of checking for EXFLAG_SS use the more accurate information
we already gathered.

ok job

Improve x509_get_purpose()

Instead of only differentiating between CA and BGPsec Router certs,
make it recognize TA and EE certs as well. TAs and CAs have the cA
boolean in the basic constraints, while EE and BGPsec router certs
do not.

TAs are self-signed, CAs not self-issued, all other certs with the
cA boolean are invalid. EE certs do not have an extended key usage
and BGPsec certs contain the id-kp-bgpsec-router OID.

Handle the new purposes where needed.
ok job

rpki-client: fix a crash in filemode

For an expired TA, cert is freed and zeroed in file mode and cert_print()
crashes. For such TAs (and otherwise invalid ones) expired and notafter
become dangling pointers. Invalidate them and set them only for valid TA
certs.

with/ok claudio

Instead of tracking certificates by SKI track them by an internal identifier.

The certificate SKI is not strictly unique so using it as a unique id is
problematic. It is also not really needed to do that since in theory we
already know the path (but this got lost in the privsep communication).
So add a cert id and pass this id back and forth between main process and
the parser. With this id we can lookup the authentication chain in the
parser and this even works with multiple paths to the same resource.
Since we no longer lookup by SKI the valid_aki_ski function is replaced
by find_issuer() which does the lookup by certid.

The loop protection is now extended to allow each TAL to reach each file
once but still triggers if a file is reaccessed by the tree of a TAL.

In filemode the lookup now uses an AIA uri based lookup tree. Again this
replaces the SKI based lookups from before.

Done together with tb@
OK tb@ job@

P-256 support is experimental so require -x to enable it.

Also clean up the externs a little bit by moving experimental and noop
to extern.h.
Reminded by and OK tb@

Replace protocol literal strings and strlen() calls with defined constants

OK tb@ claudio@

Rename parent to issuer in struct auth

Parent is confusing and issuer is the appropriate terminology. This is
a mechanical diff. The only remaining uses of 'parent' in this code
base now mean 'parent process'.

discussed with beck and job
ok job

Add support for RPKI Signed Prefix Lists

Signed Prefix List are a CMS protected content type for use with the
RPKI to carry the complete list of prefixes which an Autonomous System
may originate to all or any of its routing peers. The validation of a
Signed Prefix List confirms that the holder of the listed ASN produced
the object, and that this list is a current, accurate and complete
description of address prefixes that may be announced into the routing
system originated by this AS.

https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist

with and OK claudio@ tb@

Warn about overclaiming intermediate CAs, but don't error

OK tb@

Allow imposing constraints on RPKI trust anchors

The ability to constrain a RPKI Trust Anchor's effective signing
authority to a limited set of Internet Number Resources allows
Relying Parties to enjoy the potential benefits of assuming trust,
within a bounded scope.

Some examples: ARIN does not support inter-RIR IPv6 transfers, so
it wouldn't make any sense to see a ROA subordinate to ARIN's trust
anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't
make sense to observe a ROA covering ARIN-managed IPv6 space under
APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust
arc (a cryptographically valid certificate path) existed. Along these
same lines, AFRINIC doesn't support inter-RIR transfers of any kind,
and none of the RIRs have authority over private resources like
10.0.0.0/8 and 2001:db8::/32.

For more background see:
https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/
https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html

With and OK tb@, OK claudio@

Pass the talid to various parse functions

This will be needed by an upcoming feature where we will need to know
what trust anchor a given cert chains to. This doesn't change anything
except the size of the diff.

ok claudio job

Retire log.c

Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.

suggested by claudio
ok job

Fixup file modification timestamps to optimize failover from RRDP to RSYNC

In the RSYNC protocol a file's last modification time and its size are
used to determine whether sending a (partial) copy over the wire is needed.
Previously, when RRDP data structures are serialized to disk, the mtime of
files in DIR_VALID ended up being UTIME_NOW.

Thus, the mtimes of files obtained through RRDP will never match the mtimes
of the same files available through RSYNC - causing each and every file to
be added to the file transfer list.

Instead, use the internal timestamps of RPKI files as the last modified
timestamp. Specifically, for Signed Objects (ROAs, MFTs, GBRs, TAKs, ASPAs)
the CMS signing-time, for .cer files the X.509 notBefore, and for .crl files
the CRL lastUpdate. This results in a surprising optimization for the number
files which have to be transfered.

OK claudio@

Convert all of filemode to use the json API as well.
Output is mostly the same apart from some space differences.
OK tb@ job@

Fix a use-after-free in filemode

In case the TAL of a self-signed is unavailable, cert would be freed but
we'd still hold a reference to its expired time in expires, so invalidate
that pointer as well.

Found by, initial fix and ok job

Improve accounting by tracking things by repo and tal.
This fixes some wrong accounting for repositories that are referenced
from more than one TAL. It changes the ometric lable output a little bit
since there are repository metrics that no longer include the 'name' label.
OK tb@

Show MFTs as part of the signature path

no objection tb@

Don't lookup the signature path's expiry for trust anchor certs

In filemode, also print details for .cer certificates

In filemode, display the moment the signature path will expire

Previously this was only shown for ROA+ASPA. Now also show for
GBR, Geofeed, Certs, RSC, and TAK.

OK tb@

In filemode for ROAs/ASPAs display when the Signature path will expire

Also rename 'certification path' to 'signature path' for alignment

OK tb@

Merge calling print_certification_path() into adjacent else branch

OK tb@

Refactor whats printed when in filemode

OK tb@

Alphabetically sort various bits and pieces - mechanical change

Might make later refactors easier to follow

OK tb@

Improve decoded content printing in filemode

Looks reasonable claudio@

In filemode, print the certification path towards the Trust Anchor

with and OK tb@

Rework the main <-> parser/filemode communication protocol a bit.

Swap repo_id and filename to simplify the code in parser.c. In filemode
both repo_id and filename are ignored.
Additionally do not errx() in case of unknown file types. Instead send back
enough info that the code can move on.

OK tb@

Return an error string instead of surpressing the warning in valid_x509.
This way manifests can should a better error message when something fails.
With and OK tb@

Add support for authenticating geofeed data CSV files in filemode

RFC 9092 describes a scheme in which an authenticator is appended to a
geofeed (RFC 8805) file. It is a digest of the main body of the file
signed by the private key of the relevant RPKI certificate for a covering
address range. The authenticator is a detached CMS signature.

with and OK tb@

Format filemode output in a tabular fashion to improve readability

OK tb@ claudio@

Add support for draft-ietf-sidrops-signed-tal-12

Add support validation of Signed Objects containing Trust Anchor Keys
(TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs
to distribute and sign the next Trust Anchor with the current Trust
Anchor. This might be an improvement over visiting RIR websites and
copy+pasting TAL data by hand.

OK tb@

Properly free memory in filemode

OK tb@

Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10)

ASPA objects are published in the RPKI and can be used to detect and
mitigate BGP route leaks. Validated ASPA Payloads are visible through
filemode (-f) and the JSON output format (-j).

With feedback from tb@

OK claudio@ tb@

Make PEM printing available through increased verbosity (-vvf)

Suggestion from claudio@

OK tb@

In verbose filemode print details about encapsulated certificates.
Add command line flag to print the certificate in PEM format.

OK tb@

Fix newline in JSON filemode

OK tb@

Plug memory leak in filemode

OK tb@ claudio@

Check the resources in ROAs and RSCs against EE certs

The resources delegated in the RFC 3779 extensions of the EE cert for
ROAs or RSCs can be a subset of the resources in the auth chain. So far
we compared that the resources of ROAs and RSCs are covered by the auth
chain, which is not entirely correct. Extract the necessary data from
the EE cert into rpki-client's own data structures, then verify that
the EE cert's resources cover the ones claimed in the ROA or RSC.

Do this as part or ROA and RSC parsing, that the EE cert's resources are
covered by the auth chain is checked in valid_x509() later on.

All this is a bit more annoying and intrusive than it should be...

ok claudio job

In filemode check whether ROA & RSC resources are properly contained

with and OK tb@ claudio@

Add preliminary support for decoding RSC objects in filemode

This implements decoding support for draft-ietf-sidrops-rpki-rsc-06

There are three major outstanding issues:

* The wire image might still change to conform to the more widely deployed
3779 API in libressl/openssl. IETF discussion ongoing.
* Whether the resources listed in the ResourceBlock are contained within
the EE's RFC 3779 extension is not hooked up yet.
* There is a fair bit of duplicity between rsc.c and cert.c, look for XXX

OK tb@

zap extra blank line

trailing whitespace

In filemode emit the hash which uniquely identifies a given Signed Object

RPKI Signed Objects are not malleable; this means the SHA256 digest
of an input file containing a signed object is a very stable identifier
to associate with the decoded (validated) output shown in filemode.

The SHA256 in hash_id is base64 encoded (just like hashes on manifest listings).

OK tb@

Further refactor and cleanup filemode.c mainly remove the copies of
proc_parser_cert_validate() and proc_parser_root_cert() adjust
parse_load_certchain() and parse_load_ta() respectivly.
Also cleanup the functions in parser.c and make it possible to call
ta_parse and cert_parse with a NULL cert.
OK tb@

The filemode code is enough different from the regular parser code that it
makes sense to totally split it out. Duplicate proc_parser_cert_validate()
and proc_parser_root_cert() for now.

The valid_x509() plus the required static functions are moved to validate.c.
The crl_tree code moved into crl.c similar to the auth_tree handling in
cert.c. All the proc functions are now tagged with __attribute(noreturn)
which allows to remove the errx() after them.

OK tb@

rpki-client: avoid hard error when hitting the maximum cert id

Instead, continue processing what we can but avoid lots of warning noise.
Error out at the end of the parser process to avoid loading a bad config
into bgpd. This isn't great as it is and can be refined in tree.

ok claudio

Improve the check for is_ta in filemode

Instead of checking for EXFLAG_SS use the more accurate information
we already gathered.

ok job

Improve x509_get_purpose()

Instead of only differentiating between CA and BGPsec Router certs,
make it recognize TA and EE certs as well. TAs and CAs have the cA
boolean in the basic constraints, while EE and BGPsec router certs
do not.

TAs are self-signed, CAs not self-issued, all other certs with the
cA boolean are invalid. EE certs do not have an extended key usage
and BGPsec certs contain the id-kp-bgpsec-router OID.

Handle the new purposes where needed.
ok job

rpki-client: fix a crash in filemode

For an expired TA, cert is freed and zeroed in file mode and cert_print()
crashes. For such TAs (and otherwise invalid ones) expired and notafter
become dangling pointers. Invalidate them and set them only for valid TA
certs.

with/ok claudio

Instead of tracking certificates by SKI track them by an internal identifier.

The certificate SKI is not strictly unique so using it as a unique id is
problematic. It is also not really needed to do that since in theory we
already know the path (but this got lost in the privsep communication).
So add a cert id and pass this id back and forth between main process and
the parser. With this id we can lookup the authentication chain in the
parser and this even works with multiple paths to the same resource.
Since we no longer lookup by SKI the valid_aki_ski function is replaced
by find_issuer() which does the lookup by certid.

The loop protection is now extended to allow each TAL to reach each file
once but still triggers if a file is reaccessed by the tree of a TAL.

In filemode the lookup now uses an AIA uri based lookup tree. Again this
replaces the SKI based lookups from before.

Done together with tb@
OK tb@ job@

P-256 support is experimental so require -x to enable it.

Also clean up the externs a little bit by moving experimental and noop
to extern.h.
Reminded by and OK tb@

Replace protocol literal strings and strlen() calls with defined constants

OK tb@ claudio@

Rename parent to issuer in struct auth

Parent is confusing and issuer is the appropriate terminology. This is
a mechanical diff. The only remaining uses of 'parent' in this code
base now mean 'parent process'.

discussed with beck and job
ok job

Add support for RPKI Signed Prefix Lists

Signed Prefix List are a CMS protected content type for use with the
RPKI to carry the complete list of prefixes which an Autonomous System
may originate to all or any of its routing peers. The validation of a
Signed Prefix List confirms that the holder of the listed ASN produced
the object, and that this list is a current, accurate and complete
description of address prefixes that may be announced into the routing
system originated by this AS.

https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist

with and OK claudio@ tb@

Warn about overclaiming intermediate CAs, but don't error

OK tb@

Allow imposing constraints on RPKI trust anchors

The ability to constrain a RPKI Trust Anchor's effective signing
authority to a limited set of Internet Number Resources allows
Relying Parties to enjoy the potential benefits of assuming trust,
within a bounded scope.

Some examples: ARIN does not support inter-RIR IPv6 transfers, so
it wouldn't make any sense to see a ROA subordinate to ARIN's trust
anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't
make sense to observe a ROA covering ARIN-managed IPv6 space under
APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust
arc (a cryptographically valid certificate path) existed. Along these
same lines, AFRINIC doesn't support inter-RIR transfers of any kind,
and none of the RIRs have authority over private resources like
10.0.0.0/8 and 2001:db8::/32.

For more background see:
https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/
https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html

With and OK tb@, OK claudio@

Pass the talid to various parse functions

This will be needed by an upcoming feature where we will need to know
what trust anchor a given cert chains to. This doesn't change anything
except the size of the diff.

ok claudio job

Retire log.c

Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.

suggested by claudio
ok job

Fixup file modification timestamps to optimize failover from RRDP to RSYNC

In the RSYNC protocol a file's last modification time and its size are
used to determine whether sending a (partial) copy over the wire is needed.
Previously, when RRDP data structures are serialized to disk, the mtime of
files in DIR_VALID ended up being UTIME_NOW.

Thus, the mtimes of files obtained through RRDP will never match the mtimes
of the same files available through RSYNC - causing each and every file to
be added to the file transfer list.

Instead, use the internal timestamps of RPKI files as the last modified
timestamp. Specifically, for Signed Objects (ROAs, MFTs, GBRs, TAKs, ASPAs)
the CMS signing-time, for .cer files the X.509 notBefore, and for .crl files
the CRL lastUpdate. This results in a surprising optimization for the number
files which have to be transfered.

OK claudio@

Convert all of filemode to use the json API as well.
Output is mostly the same apart from some space differences.
OK tb@ job@

Fix a use-after-free in filemode

In case the TAL of a self-signed is unavailable, cert would be freed but
we'd still hold a reference to its expired time in expires, so invalidate
that pointer as well.

Found by, initial fix and ok job

Improve accounting by tracking things by repo and tal.
This fixes some wrong accounting for repositories that are referenced
from more than one TAL. It changes the ometric lable output a little bit
since there are repository metrics that no longer include the 'name' label.
OK tb@

Show MFTs as part of the signature path

no objection tb@

Don't lookup the signature path's expiry for trust anchor certs

In filemode, also print details for .cer certificates

In filemode, display the moment the signature path will expire

Previously this was only shown for ROA+ASPA. Now also show for
GBR, Geofeed, Certs, RSC, and TAK.

OK tb@

In filemode for ROAs/ASPAs display when the Signature path will expire

Also rename 'certification path' to 'signature path' for alignment

OK tb@

Merge calling print_certification_path() into adjacent else branch

OK tb@

Refactor whats printed when in filemode

OK tb@

Alphabetically sort various bits and pieces - mechanical change

Might make later refactors easier to follow

OK tb@

Improve decoded content printing in filemode

Looks reasonable claudio@

In filemode, print the certification path towards the Trust Anchor

with and OK tb@

Rework the main <-> parser/filemode communication protocol a bit.

Swap repo_id and filename to simplify the code in parser.c. In filemode
both repo_id and filename are ignored.
Additionally do not errx() in case of unknown file types. Instead send back
enough info that the code can move on.

OK tb@

Return an error string instead of surpressing the warning in valid_x509.
This way manifests can should a better error message when something fails.
With and OK tb@

Add support for authenticating geofeed data CSV files in filemode

RFC 9092 describes a scheme in which an authenticator is appended to a
geofeed (RFC 8805) file. It is a digest of the main body of the file
signed by the private key of the relevant RPKI certificate for a covering
address range. The authenticator is a detached CMS signature.

with and OK tb@

Format filemode output in a tabular fashion to improve readability

OK tb@ claudio@

Add support for draft-ietf-sidrops-signed-tal-12

Add support validation of Signed Objects containing Trust Anchor Keys
(TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs
to distribute and sign the next Trust Anchor with the current Trust
Anchor. This might be an improvement over visiting RIR websites and
copy+pasting TAL data by hand.

OK tb@

Properly free memory in filemode

OK tb@

Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10)

ASPA objects are published in the RPKI and can be used to detect and
mitigate BGP route leaks. Validated ASPA Payloads are visible through
filemode (-f) and the JSON output format (-j).

With feedback from tb@

OK claudio@ tb@

Make PEM printing available through increased verbosity (-vvf)

Suggestion from claudio@

OK tb@

In verbose filemode print details about encapsulated certificates.
Add command line flag to print the certificate in PEM format.

OK tb@

Fix newline in JSON filemode

OK tb@

Plug memory leak in filemode

OK tb@ claudio@

Check the resources in ROAs and RSCs against EE certs

The resources delegated in the RFC 3779 extensions of the EE cert for
ROAs or RSCs can be a subset of the resources in the auth chain. So far
we compared that the resources of ROAs and RSCs are covered by the auth
chain, which is not entirely correct. Extract the necessary data from
the EE cert into rpki-client's own data structures, then verify that
the EE cert's resources cover the ones claimed in the ROA or RSC.

Do this as part or ROA and RSC parsing, that the EE cert's resources are
covered by the auth chain is checked in valid_x509() later on.

All this is a bit more annoying and intrusive than it should be...

ok claudio job

In filemode check whether ROA & RSC resources are properly contained

with and OK tb@ claudio@

Add preliminary support for decoding RSC objects in filemode

This implements decoding support for draft-ietf-sidrops-rpki-rsc-06

There are three major outstanding issues:

* The wire image might still change to conform to the more widely deployed
3779 API in libressl/openssl. IETF discussion ongoing.
* Whether the resources listed in the ResourceBlock are contained within
the EE's RFC 3779 extension is not hooked up yet.
* There is a fair bit of duplicity between rsc.c and cert.c, look for XXX

OK tb@

zap extra blank line

trailing whitespace

In filemode emit the hash which uniquely identifies a given Signed Object

RPKI Signed Objects are not malleable; this means the SHA256 digest
of an input file containing a signed object is a very stable identifier
to associate with the decoded (validated) output shown in filemode.

The SHA256 in hash_id is base64 encoded (just like hashes on manifest listings).

OK tb@

Further refactor and cleanup filemode.c mainly remove the copies of
proc_parser_cert_validate() and proc_parser_root_cert() adjust
parse_load_certchain() and parse_load_ta() respectivly.
Also cleanup the functions in parser.c and make it possible to call
ta_parse and cert_parse with a NULL cert.
OK tb@

The filemode code is enough different from the regular parser code that it
makes sense to totally split it out. Duplicate proc_parser_cert_validate()
and proc_parser_root_cert() for now.

The valid_x509() plus the required static functions are moved to validate.c.
The crl_tree code moved into crl.c similar to the auth_tree handling in
cert.c. All the proc functions are now tagged with __attribute(noreturn)
which allows to remove the errx() after them.

OK tb@

Improve the check for is_ta in filemode

Instead of checking for EXFLAG_SS use the more accurate information
we already gathered.

ok job

Improve x509_get_purpose()

Instead of only differentiating between CA and BGPsec Router certs,
make it recognize TA and EE certs as well. TAs and CAs have the cA
boolean in the basic constraints, while EE and BGPsec router certs
do not.

TAs are self-signed, CAs not self-issued, all other certs with the
cA boolean are invalid. EE certs do not have an extended key usage
and BGPsec certs contain the id-kp-bgpsec-router OID.

Handle the new purposes where needed.
ok job

rpki-client: fix a crash in filemode

For an expired TA, cert is freed and zeroed in file mode and cert_print()
crashes. For such TAs (and otherwise invalid ones) expired and notafter
become dangling pointers. Invalidate them and set them only for valid TA
certs.

with/ok claudio

Instead of tracking certificates by SKI track them by an internal identifier.

The certificate SKI is not strictly unique so using it as a unique id is
problematic. It is also not really needed to do that since in theory we
already know the path (but this got lost in the privsep communication).
So add a cert id and pass this id back and forth between main process and
the parser. With this id we can lookup the authentication chain in the
parser and this even works with multiple paths to the same resource.
Since we no longer lookup by SKI the valid_aki_ski function is replaced
by find_issuer() which does the lookup by certid.

The loop protection is now extended to allow each TAL to reach each file
once but still triggers if a file is reaccessed by the tree of a TAL.

In filemode the lookup now uses an AIA uri based lookup tree. Again this
replaces the SKI based lookups from before.

Done together with tb@
OK tb@ job@

P-256 support is experimental so require -x to enable it.

Also clean up the externs a little bit by moving experimental and noop
to extern.h.
Reminded by and OK tb@

Replace protocol literal strings and strlen() calls with defined constants

OK tb@ claudio@

Rename parent to issuer in struct auth

Parent is confusing and issuer is the appropriate terminology. This is
a mechanical diff. The only remaining uses of 'parent' in this code
base now mean 'parent process'.

discussed with beck and job
ok job

Add support for RPKI Signed Prefix Lists

Signed Prefix List are a CMS protected content type for use with the
RPKI to carry the complete list of prefixes which an Autonomous System
may originate to all or any of its routing peers. The validation of a
Signed Prefix List confirms that the holder of the listed ASN produced
the object, and that this list is a current, accurate and complete
description of address prefixes that may be announced into the routing
system originated by this AS.

https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist

with and OK claudio@ tb@

Warn about overclaiming intermediate CAs, but don't error

OK tb@

Allow imposing constraints on RPKI trust anchors

The ability to constrain a RPKI Trust Anchor's effective signing
authority to a limited set of Internet Number Resources allows
Relying Parties to enjoy the potential benefits of assuming trust,
within a bounded scope.

Some examples: ARIN does not support inter-RIR IPv6 transfers, so
it wouldn't make any sense to see a ROA subordinate to ARIN's trust
anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't
make sense to observe a ROA covering ARIN-managed IPv6 space under
APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust
arc (a cryptographically valid certificate path) existed. Along these
same lines, AFRINIC doesn't support inter-RIR transfers of any kind,
and none of the RIRs have authority over private resources like
10.0.0.0/8 and 2001:db8::/32.

For more background see:
https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/
https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html

With and OK tb@, OK claudio@

Pass the talid to various parse functions

This will be needed by an upcoming feature where we will need to know
what trust anchor a given cert chains to. This doesn't change anything
except the size of the diff.

ok claudio job

Retire log.c

Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.

suggested by claudio
ok job

Fixup file modification timestamps to optimize failover from RRDP to RSYNC

In the RSYNC protocol a file's last modification time and its size are
used to determine whether sending a (partial) copy over the wire is needed.
Previously, when RRDP data structures are serialized to disk, the mtime of
files in DIR_VALID ended up being UTIME_NOW.

Thus, the mtimes of files obtained through RRDP will never match the mtimes
of the same files available through RSYNC - causing each and every file to
be added to the file transfer list.

Instead, use the internal timestamps of RPKI files as the last modified
timestamp. Specifically, for Signed Objects (ROAs, MFTs, GBRs, TAKs, ASPAs)
the CMS signing-time, for .cer files the X.509 notBefore, and for .crl files
the CRL lastUpdate. This results in a surprising optimization for the number
files which have to be transfered.

OK claudio@

Convert all of filemode to use the json API as well.
Output is mostly the same apart from some space differences.
OK tb@ job@

Fix a use-after-free in filemode

In case the TAL of a self-signed is unavailable, cert would be freed but
we'd still hold a reference to its expired time in expires, so invalidate
that pointer as well.

Found by, initial fix and ok job

Improve accounting by tracking things by repo and tal.
This fixes some wrong accounting for repositories that are referenced
from more than one TAL. It changes the ometric lable output a little bit
since there are repository metrics that no longer include the 'name' label.
OK tb@

Show MFTs as part of the signature path

no objection tb@

Don't lookup the signature path's expiry for trust anchor certs

In filemode, also print details for .cer certificates

In filemode, display the moment the signature path will expire

Previously this was only shown for ROA+ASPA. Now also show for
GBR, Geofeed, Certs, RSC, and TAK.

OK tb@

In filemode for ROAs/ASPAs display when the Signature path will expire

Also rename 'certification path' to 'signature path' for alignment

OK tb@

Merge calling print_certification_path() into adjacent else branch

OK tb@

Refactor whats printed when in filemode

OK tb@

Alphabetically sort various bits and pieces - mechanical change

Might make later refactors easier to follow

OK tb@

Improve decoded content printing in filemode

Looks reasonable claudio@

In filemode, print the certification path towards the Trust Anchor

with and OK tb@

Rework the main <-> parser/filemode communication protocol a bit.

Swap repo_id and filename to simplify the code in parser.c. In filemode
both repo_id and filename are ignored.
Additionally do not errx() in case of unknown file types. Instead send back
enough info that the code can move on.

OK tb@

Return an error string instead of surpressing the warning in valid_x509.
This way manifests can should a better error message when something fails.
With and OK tb@

Add support for authenticating geofeed data CSV files in filemode

RFC 9092 describes a scheme in which an authenticator is appended to a
geofeed (RFC 8805) file. It is a digest of the main body of the file
signed by the private key of the relevant RPKI certificate for a covering
address range. The authenticator is a detached CMS signature.

with and OK tb@

Format filemode output in a tabular fashion to improve readability

OK tb@ claudio@

Add support for draft-ietf-sidrops-signed-tal-12

Add support validation of Signed Objects containing Trust Anchor Keys
(TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs
to distribute and sign the next Trust Anchor with the current Trust
Anchor. This might be an improvement over visiting RIR websites and
copy+pasting TAL data by hand.

OK tb@

Properly free memory in filemode

OK tb@

Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10)

ASPA objects are published in the RPKI and can be used to detect and
mitigate BGP route leaks. Validated ASPA Payloads are visible through
filemode (-f) and the JSON output format (-j).

With feedback from tb@

OK claudio@ tb@

Make PEM printing available through increased verbosity (-vvf)

Suggestion from claudio@

OK tb@

In verbose filemode print details about encapsulated certificates.
Add command line flag to print the certificate in PEM format.

OK tb@

Fix newline in JSON filemode

OK tb@

Plug memory leak in filemode

OK tb@ claudio@

Check the resources in ROAs and RSCs against EE certs

The resources delegated in the RFC 3779 extensions of the EE cert for
ROAs or RSCs can be a subset of the resources in the auth chain. So far
we compared that the resources of ROAs and RSCs are covered by the auth
chain, which is not entirely correct. Extract the necessary data from
the EE cert into rpki-client's own data structures, then verify that
the EE cert's resources cover the ones claimed in the ROA or RSC.

Do this as part or ROA and RSC parsing, that the EE cert's resources are
covered by the auth chain is checked in valid_x509() later on.

All this is a bit more annoying and intrusive than it should be...

ok claudio job

In filemode check whether ROA & RSC resources are properly contained

with and OK tb@ claudio@

Add preliminary support for decoding RSC objects in filemode

This implements decoding support for draft-ietf-sidrops-rpki-rsc-06

There are three major outstanding issues:

* The wire image might still change to conform to the more widely deployed
3779 API in libressl/openssl. IETF discussion ongoing.
* Whether the resources listed in the ResourceBlock are contained within
the EE's RFC 3779 extension is not hooked up yet.
* There is a fair bit of duplicity between rsc.c and cert.c, look for XXX

OK tb@

zap extra blank line

trailing whitespace

In filemode emit the hash which uniquely identifies a given Signed Object

RPKI Signed Objects are not malleable; this means the SHA256 digest
of an input file containing a signed object is a very stable identifier
to associate with the decoded (validated) output shown in filemode.

The SHA256 in hash_id is base64 encoded (just like hashes on manifest listings).

OK tb@

Further refactor and cleanup filemode.c mainly remove the copies of
proc_parser_cert_validate() and proc_parser_root_cert() adjust
parse_load_certchain() and parse_load_ta() respectivly.
Also cleanup the functions in parser.c and make it possible to call
ta_parse and cert_parse with a NULL cert.
OK tb@

The filemode code is enough different from the regular parser code that it
makes sense to totally split it out. Duplicate proc_parser_cert_validate()
and proc_parser_root_cert() for now.

The valid_x509() plus the required static functions are moved to validate.c.
The crl_tree code moved into crl.c similar to the auth_tree handling in
cert.c. All the proc functions are now tagged with __attribute(noreturn)
which allows to remove the errx() after them.

OK tb@

rpki-client: fix a crash in filemode

For an expired TA, cert is freed and zeroed in file mode and cert_print()
crashes. For such TAs (and otherwise invalid ones) expired and notafter
become dangling pointers. Invalidate them and set them only for valid TA
certs.

with/ok claudio

Instead of tracking certificates by SKI track them by an internal identifier.

The certificate SKI is not strictly unique so using it as a unique id is
problematic. It is also not really needed to do that since in theory we
already know the path (but this got lost in the privsep communication).
So add a cert id and pass this id back and forth between main process and
the parser. With this id we can lookup the authentication chain in the
parser and this even works with multiple paths to the same resource.
Since we no longer lookup by SKI the valid_aki_ski function is replaced
by find_issuer() which does the lookup by certid.

The loop protection is now extended to allow each TAL to reach each file
once but still triggers if a file is reaccessed by the tree of a TAL.

In filemode the lookup now uses an AIA uri based lookup tree. Again this
replaces the SKI based lookups from before.

Done together with tb@
OK tb@ job@

P-256 support is experimental so require -x to enable it.

Also clean up the externs a little bit by moving experimental and noop
to extern.h.
Reminded by and OK tb@

Replace protocol literal strings and strlen() calls with defined constants

OK tb@ claudio@

Rename parent to issuer in struct auth

Parent is confusing and issuer is the appropriate terminology. This is
a mechanical diff. The only remaining uses of 'parent' in this code
base now mean 'parent process'.

discussed with beck and job
ok job

Add support for RPKI Signed Prefix Lists

Signed Prefix List are a CMS protected content type for use with the
RPKI to carry the complete list of prefixes which an Autonomous System
may originate to all or any of its routing peers. The validation of a
Signed Prefix List confirms that the holder of the listed ASN produced
the object, and that this list is a current, accurate and complete
description of address prefixes that may be announced into the routing
system originated by this AS.

https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist

with and OK claudio@ tb@

Warn about overclaiming intermediate CAs, but don't error

OK tb@

Allow imposing constraints on RPKI trust anchors

The ability to constrain a RPKI Trust Anchor's effective signing
authority to a limited set of Internet Number Resources allows
Relying Parties to enjoy the potential benefits of assuming trust,
within a bounded scope.

Some examples: ARIN does not support inter-RIR IPv6 transfers, so
it wouldn't make any sense to see a ROA subordinate to ARIN's trust
anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't
make sense to observe a ROA covering ARIN-managed IPv6 space under
APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust
arc (a cryptographically valid certificate path) existed. Along these
same lines, AFRINIC doesn't support inter-RIR transfers of any kind,
and none of the RIRs have authority over private resources like
10.0.0.0/8 and 2001:db8::/32.

For more background see:
https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/
https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html

With and OK tb@, OK claudio@

Pass the talid to various parse functions

This will be needed by an upcoming feature where we will need to know
what trust anchor a given cert chains to. This doesn't change anything
except the size of the diff.

ok claudio job

Retire log.c

Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.

suggested by claudio
ok job

Fixup file modification timestamps to optimize failover from RRDP to RSYNC

In the RSYNC protocol a file's last modification time and its size are
used to determine whether sending a (partial) copy over the wire is needed.
Previously, when RRDP data structures are serialized to disk, the mtime of
files in DIR_VALID ended up being UTIME_NOW.

Thus, the mtimes of files obtained through RRDP will never match the mtimes
of the same files available through RSYNC - causing each and every file to
be added to the file transfer list.

Instead, use the internal timestamps of RPKI files as the last modified
timestamp. Specifically, for Signed Objects (ROAs, MFTs, GBRs, TAKs, ASPAs)
the CMS signing-time, for .cer files the X.509 notBefore, and for .crl files
the CRL lastUpdate. This results in a surprising optimization for the number
files which have to be transfered.

OK claudio@

Convert all of filemode to use the json API as well.
Output is mostly the same apart from some space differences.
OK tb@ job@

Fix a use-after-free in filemode

In case the TAL of a self-signed is unavailable, cert would be freed but
we'd still hold a reference to its expired time in expires, so invalidate
that pointer as well.

Found by, initial fix and ok job

Improve accounting by tracking things by repo and tal.
This fixes some wrong accounting for repositories that are referenced
from more than one TAL. It changes the ometric lable output a little bit
since there are repository metrics that no longer include the 'name' label.
OK tb@

Show MFTs as part of the signature path

no objection tb@

Don't lookup the signature path's expiry for trust anchor certs

In filemode, also print details for .cer certificates

In filemode, display the moment the signature path will expire

Previously this was only shown for ROA+ASPA. Now also show for
GBR, Geofeed, Certs, RSC, and TAK.

OK tb@

In filemode for ROAs/ASPAs display when the Signature path will expire

Also rename 'certification path' to 'signature path' for alignment

OK tb@

Merge calling print_certification_path() into adjacent else branch

OK tb@

Refactor whats printed when in filemode

OK tb@

Alphabetically sort various bits and pieces - mechanical change

Might make later refactors easier to follow

OK tb@

Improve decoded content printing in filemode

Looks reasonable claudio@

In filemode, print the certification path towards the Trust Anchor

with and OK tb@

Rework the main <-> parser/filemode communication protocol a bit.

Swap repo_id and filename to simplify the code in parser.c. In filemode
both repo_id and filename are ignored.
Additionally do not errx() in case of unknown file types. Instead send back
enough info that the code can move on.

OK tb@

Return an error string instead of surpressing the warning in valid_x509.
This way manifests can should a better error message when something fails.
With and OK tb@

Add support for authenticating geofeed data CSV files in filemode

RFC 9092 describes a scheme in which an authenticator is appended to a
geofeed (RFC 8805) file. It is a digest of the main body of the file
signed by the private key of the relevant RPKI certificate for a covering
address range. The authenticator is a detached CMS signature.

with and OK tb@

Format filemode output in a tabular fashion to improve readability

OK tb@ claudio@

Add support for draft-ietf-sidrops-signed-tal-12

Add support validation of Signed Objects containing Trust Anchor Keys
(TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs
to distribute and sign the next Trust Anchor with the current Trust
Anchor. This might be an improvement over visiting RIR websites and
copy+pasting TAL data by hand.

OK tb@

Properly free memory in filemode

OK tb@

Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10)

ASPA objects are published in the RPKI and can be used to detect and
mitigate BGP route leaks. Validated ASPA Payloads are visible through
filemode (-f) and the JSON output format (-j).

With feedback from tb@

OK claudio@ tb@

Make PEM printing available through increased verbosity (-vvf)

Suggestion from claudio@

OK tb@

In verbose filemode print details about encapsulated certificates.
Add command line flag to print the certificate in PEM format.

OK tb@

Fix newline in JSON filemode

OK tb@

Plug memory leak in filemode

OK tb@ claudio@

Check the resources in ROAs and RSCs against EE certs

The resources delegated in the RFC 3779 extensions of the EE cert for
ROAs or RSCs can be a subset of the resources in the auth chain. So far
we compared that the resources of ROAs and RSCs are covered by the auth
chain, which is not entirely correct. Extract the necessary data from
the EE cert into rpki-client's own data structures, then verify that
the EE cert's resources cover the ones claimed in the ROA or RSC.

Do this as part or ROA and RSC parsing, that the EE cert's resources are
covered by the auth chain is checked in valid_x509() later on.

All this is a bit more annoying and intrusive than it should be...

ok claudio job

In filemode check whether ROA & RSC resources are properly contained

with and OK tb@ claudio@

Add preliminary support for decoding RSC objects in filemode

This implements decoding support for draft-ietf-sidrops-rpki-rsc-06

There are three major outstanding issues:

* The wire image might still change to conform to the more widely deployed
3779 API in libressl/openssl. IETF discussion ongoing.
* Whether the resources listed in the ResourceBlock are contained within
the EE's RFC 3779 extension is not hooked up yet.
* There is a fair bit of duplicity between rsc.c and cert.c, look for XXX

OK tb@

zap extra blank line

trailing whitespace

In filemode emit the hash which uniquely identifies a given Signed Object

RPKI Signed Objects are not malleable; this means the SHA256 digest
of an input file containing a signed object is a very stable identifier
to associate with the decoded (validated) output shown in filemode.

The SHA256 in hash_id is base64 encoded (just like hashes on manifest listings).

OK tb@

Further refactor and cleanup filemode.c mainly remove the copies of
proc_parser_cert_validate() and proc_parser_root_cert() adjust
parse_load_certchain() and parse_load_ta() respectivly.
Also cleanup the functions in parser.c and make it possible to call
ta_parse and cert_parse with a NULL cert.
OK tb@

The filemode code is enough different from the regular parser code that it
makes sense to totally split it out. Duplicate proc_parser_cert_validate()
and proc_parser_root_cert() for now.

The valid_x509() plus the required static functions are moved to validate.c.
The crl_tree code moved into crl.c similar to the auth_tree handling in
cert.c. All the proc functions are now tagged with __attribute(noreturn)
which allows to remove the errx() after them.

OK tb@

Instead of tracking certificates by SKI track them by an internal identifier.

The certificate SKI is not strictly unique so using it as a unique id is
problematic. It is also not really needed to do that since in theory we
already know the path (but this got lost in the privsep communication).
So add a cert id and pass this id back and forth between main process and
the parser. With this id we can lookup the authentication chain in the
parser and this even works with multiple paths to the same resource.
Since we no longer lookup by SKI the valid_aki_ski function is replaced
by find_issuer() which does the lookup by certid.

The loop protection is now extended to allow each TAL to reach each file
once but still triggers if a file is reaccessed by the tree of a TAL.

In filemode the lookup now uses an AIA uri based lookup tree. Again this
replaces the SKI based lookups from before.

Done together with tb@
OK tb@ job@

P-256 support is experimental so require -x to enable it.

Also clean up the externs a little bit by moving experimental and noop
to extern.h.
Reminded by and OK tb@

Replace protocol literal strings and strlen() calls with defined constants

OK tb@ claudio@

Rename parent to issuer in struct auth

Parent is confusing and issuer is the appropriate terminology. This is
a mechanical diff. The only remaining uses of 'parent' in this code
base now mean 'parent process'.

discussed with beck and job
ok job

Add support for RPKI Signed Prefix Lists

Signed Prefix List are a CMS protected content type for use with the
RPKI to carry the complete list of prefixes which an Autonomous System
may originate to all or any of its routing peers. The validation of a
Signed Prefix List confirms that the holder of the listed ASN produced
the object, and that this list is a current, accurate and complete
description of address prefixes that may be announced into the routing
system originated by this AS.

https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist

with and OK claudio@ tb@

Warn about overclaiming intermediate CAs, but don't error

OK tb@

Allow imposing constraints on RPKI trust anchors

The ability to constrain a RPKI Trust Anchor's effective signing
authority to a limited set of Internet Number Resources allows
Relying Parties to enjoy the potential benefits of assuming trust,
within a bounded scope.

Some examples: ARIN does not support inter-RIR IPv6 transfers, so
it wouldn't make any sense to see a ROA subordinate to ARIN's trust
anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't
make sense to observe a ROA covering ARIN-managed IPv6 space under
APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust
arc (a cryptographically valid certificate path) existed. Along these
same lines, AFRINIC doesn't support inter-RIR transfers of any kind,
and none of the RIRs have authority over private resources like
10.0.0.0/8 and 2001:db8::/32.

For more background see:
https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/
https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html

With and OK tb@, OK claudio@

Pass the talid to various parse functions

This will be needed by an upcoming feature where we will need to know
what trust anchor a given cert chains to. This doesn't change anything
except the size of the diff.

ok claudio job

Retire log.c

Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.

suggested by claudio
ok job

Fixup file modification timestamps to optimize failover from RRDP to RSYNC

In the RSYNC protocol a file's last modification time and its size are
used to determine whether sending a (partial) copy over the wire is needed.
Previously, when RRDP data structures are serialized to disk, the mtime of
files in DIR_VALID ended up being UTIME_NOW.

Thus, the mtimes of files obtained through RRDP will never match the mtimes
of the same files available through RSYNC - causing each and every file to
be added to the file transfer list.

Instead, use the internal timestamps of RPKI files as the last modified
timestamp. Specifically, for Signed Objects (ROAs, MFTs, GBRs, TAKs, ASPAs)
the CMS signing-time, for .cer files the X.509 notBefore, and for .crl files
the CRL lastUpdate. This results in a surprising optimization for the number
files which have to be transfered.

OK claudio@

Convert all of filemode to use the json API as well.
Output is mostly the same apart from some space differences.
OK tb@ job@

Fix a use-after-free in filemode

In case the TAL of a self-signed is unavailable, cert would be freed but
we'd still hold a reference to its expired time in expires, so invalidate
that pointer as well.

Found by, initial fix and ok job

Improve accounting by tracking things by repo and tal.
This fixes some wrong accounting for repositories that are referenced
from more than one TAL. It changes the ometric lable output a little bit
since there are repository metrics that no longer include the 'name' label.
OK tb@

Show MFTs as part of the signature path

no objection tb@

Don't lookup the signature path's expiry for trust anchor certs

In filemode, also print details for .cer certificates

In filemode, display the moment the signature path will expire

Previously this was only shown for ROA+ASPA. Now also show for
GBR, Geofeed, Certs, RSC, and TAK.

OK tb@

In filemode for ROAs/ASPAs display when the Signature path will expire

Also rename 'certification path' to 'signature path' for alignment

OK tb@

Merge calling print_certification_path() into adjacent else branch

OK tb@

Refactor whats printed when in filemode

OK tb@

Alphabetically sort various bits and pieces - mechanical change

Might make later refactors easier to follow

OK tb@

Improve decoded content printing in filemode

Looks reasonable claudio@

In filemode, print the certification path towards the Trust Anchor

with and OK tb@

Rework the main <-> parser/filemode communication protocol a bit.

Swap repo_id and filename to simplify the code in parser.c. In filemode
both repo_id and filename are ignored.
Additionally do not errx() in case of unknown file types. Instead send back
enough info that the code can move on.

OK tb@

Return an error string instead of surpressing the warning in valid_x509.
This way manifests can should a better error message when something fails.
With and OK tb@

Add support for authenticating geofeed data CSV files in filemode

RFC 9092 describes a scheme in which an authenticator is appended to a
geofeed (RFC 8805) file. It is a digest of the main body of the file
signed by the private key of the relevant RPKI certificate for a covering
address range. The authenticator is a detached CMS signature.

with and OK tb@

Format filemode output in a tabular fashion to improve readability

OK tb@ claudio@

Add support for draft-ietf-sidrops-signed-tal-12

Add support validation of Signed Objects containing Trust Anchor Keys
(TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs
to distribute and sign the next Trust Anchor with the current Trust
Anchor. This might be an improvement over visiting RIR websites and
copy+pasting TAL data by hand.

OK tb@

Properly free memory in filemode

OK tb@

Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10)

ASPA objects are published in the RPKI and can be used to detect and
mitigate BGP route leaks. Validated ASPA Payloads are visible through
filemode (-f) and the JSON output format (-j).

With feedback from tb@

OK claudio@ tb@

Make PEM printing available through increased verbosity (-vvf)

Suggestion from claudio@

OK tb@

In verbose filemode print details about encapsulated certificates.
Add command line flag to print the certificate in PEM format.

OK tb@

Fix newline in JSON filemode

OK tb@

Plug memory leak in filemode

OK tb@ claudio@

Check the resources in ROAs and RSCs against EE certs

The resources delegated in the RFC 3779 extensions of the EE cert for
ROAs or RSCs can be a subset of the resources in the auth chain. So far
we compared that the resources of ROAs and RSCs are covered by the auth
chain, which is not entirely correct. Extract the necessary data from
the EE cert into rpki-client's own data structures, then verify that
the EE cert's resources cover the ones claimed in the ROA or RSC.

Do this as part or ROA and RSC parsing, that the EE cert's resources are
covered by the auth chain is checked in valid_x509() later on.

All this is a bit more annoying and intrusive than it should be...

ok claudio job

In filemode check whether ROA & RSC resources are properly contained

with and OK tb@ claudio@

Add preliminary support for decoding RSC objects in filemode

This implements decoding support for draft-ietf-sidrops-rpki-rsc-06

There are three major outstanding issues:

* The wire image might still change to conform to the more widely deployed
3779 API in libressl/openssl. IETF discussion ongoing.
* Whether the resources listed in the ResourceBlock are contained within
the EE's RFC 3779 extension is not hooked up yet.
* There is a fair bit of duplicity between rsc.c and cert.c, look for XXX

OK tb@

zap extra blank line

trailing whitespace

In filemode emit the hash which uniquely identifies a given Signed Object

RPKI Signed Objects are not malleable; this means the SHA256 digest
of an input file containing a signed object is a very stable identifier
to associate with the decoded (validated) output shown in filemode.

The SHA256 in hash_id is base64 encoded (just like hashes on manifest listings).

OK tb@

Further refactor and cleanup filemode.c mainly remove the copies of
proc_parser_cert_validate() and proc_parser_root_cert() adjust
parse_load_certchain() and parse_load_ta() respectivly.
Also cleanup the functions in parser.c and make it possible to call
ta_parse and cert_parse with a NULL cert.
OK tb@

The filemode code is enough different from the regular parser code that it
makes sense to totally split it out. Duplicate proc_parser_cert_validate()
and proc_parser_root_cert() for now.

The valid_x509() plus the required static functions are moved to validate.c.
The crl_tree code moved into crl.c similar to the auth_tree handling in
cert.c. All the proc functions are now tagged with __attribute(noreturn)
which allows to remove the errx() after them.

OK tb@

P-256 support is experimental so require -x to enable it.

Also clean up the externs a little bit by moving experimental and noop
to extern.h.
Reminded by and OK tb@

Replace protocol literal strings and strlen() calls with defined constants

OK tb@ claudio@

Rename parent to issuer in struct auth

Parent is confusing and issuer is the appropriate terminology. This is
a mechanical diff. The only remaining uses of 'parent' in this code
base now mean 'parent process'.

discussed with beck and job
ok job

Add support for RPKI Signed Prefix Lists

Signed Prefix List are a CMS protected content type for use with the
RPKI to carry the complete list of prefixes which an Autonomous System
may originate to all or any of its routing peers. The validation of a
Signed Prefix List confirms that the holder of the listed ASN produced
the object, and that this list is a current, accurate and complete
description of address prefixes that may be announced into the routing
system originated by this AS.

https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist

with and OK claudio@ tb@

Warn about overclaiming intermediate CAs, but don't error

OK tb@

Allow imposing constraints on RPKI trust anchors

The ability to constrain a RPKI Trust Anchor's effective signing
authority to a limited set of Internet Number Resources allows
Relying Parties to enjoy the potential benefits of assuming trust,
within a bounded scope.

Some examples: ARIN does not support inter-RIR IPv6 transfers, so
it wouldn't make any sense to see a ROA subordinate to ARIN's trust
anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't
make sense to observe a ROA covering ARIN-managed IPv6 space under
APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust
arc (a cryptographically valid certificate path) existed. Along these
same lines, AFRINIC doesn't support inter-RIR transfers of any kind,
and none of the RIRs have authority over private resources like
10.0.0.0/8 and 2001:db8::/32.

For more background see:
https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/
https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html

With and OK tb@, OK claudio@

Pass the talid to various parse functions

This will be needed by an upcoming feature where we will need to know
what trust anchor a given cert chains to. This doesn't change anything
except the size of the diff.

ok claudio job

Retire log.c

Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.

suggested by claudio
ok job

Fixup file modification timestamps to optimize failover from RRDP to RSYNC

In the RSYNC protocol a file's last modification time and its size are
used to determine whether sending a (partial) copy over the wire is needed.
Previously, when RRDP data structures are serialized to disk, the mtime of
files in DIR_VALID ended up being UTIME_NOW.

Thus, the mtimes of files obtained through RRDP will never match the mtimes
of the same files available through RSYNC - causing each and every file to
be added to the file transfer list.

Instead, use the internal timestamps of RPKI files as the last modified
timestamp. Specifically, for Signed Objects (ROAs, MFTs, GBRs, TAKs, ASPAs)
the CMS signing-time, for .cer files the X.509 notBefore, and for .crl files
the CRL lastUpdate. This results in a surprising optimization for the number
files which have to be transfered.

OK claudio@

Convert all of filemode to use the json API as well.
Output is mostly the same apart from some space differences.
OK tb@ job@

Fix a use-after-free in filemode

In case the TAL of a self-signed is unavailable, cert would be freed but
we'd still hold a reference to its expired time in expires, so invalidate
that pointer as well.

Found by, initial fix and ok job

Improve accounting by tracking things by repo and tal.
This fixes some wrong accounting for repositories that are referenced
from more than one TAL. It changes the ometric lable output a little bit
since there are repository metrics that no longer include the 'name' label.
OK tb@

Show MFTs as part of the signature path

no objection tb@

Don't lookup the signature path's expiry for trust anchor certs

In filemode, also print details for .cer certificates

In filemode, display the moment the signature path will expire

Previously this was only shown for ROA+ASPA. Now also show for
GBR, Geofeed, Certs, RSC, and TAK.

OK tb@

In filemode for ROAs/ASPAs display when the Signature path will expire

Also rename 'certification path' to 'signature path' for alignment

OK tb@

Merge calling print_certification_path() into adjacent else branch

OK tb@

Refactor whats printed when in filemode

OK tb@

Alphabetically sort various bits and pieces - mechanical change

Might make later refactors easier to follow

OK tb@

Improve decoded content printing in filemode

Looks reasonable claudio@

In filemode, print the certification path towards the Trust Anchor

with and OK tb@

Rework the main <-> parser/filemode communication protocol a bit.

Swap repo_id and filename to simplify the code in parser.c. In filemode
both repo_id and filename are ignored.
Additionally do not errx() in case of unknown file types. Instead send back
enough info that the code can move on.

OK tb@

Return an error string instead of surpressing the warning in valid_x509.
This way manifests can should a better error message when something fails.
With and OK tb@

Add support for authenticating geofeed data CSV files in filemode

RFC 9092 describes a scheme in which an authenticator is appended to a
geofeed (RFC 8805) file. It is a digest of the main body of the file
signed by the private key of the relevant RPKI certificate for a covering
address range. The authenticator is a detached CMS signature.

with and OK tb@

Format filemode output in a tabular fashion to improve readability

OK tb@ claudio@

Add support for draft-ietf-sidrops-signed-tal-12

Add support validation of Signed Objects containing Trust Anchor Keys
(TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs
to distribute and sign the next Trust Anchor with the current Trust
Anchor. This might be an improvement over visiting RIR websites and
copy+pasting TAL data by hand.

OK tb@

Properly free memory in filemode

OK tb@

Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10)

ASPA objects are published in the RPKI and can be used to detect and
mitigate BGP route leaks. Validated ASPA Payloads are visible through
filemode (-f) and the JSON output format (-j).

With feedback from tb@

OK claudio@ tb@

Make PEM printing available through increased verbosity (-vvf)

Suggestion from claudio@

OK tb@

In verbose filemode print details about encapsulated certificates.
Add command line flag to print the certificate in PEM format.

OK tb@

Fix newline in JSON filemode

OK tb@

Plug memory leak in filemode

OK tb@ claudio@

Check the resources in ROAs and RSCs against EE certs

The resources delegated in the RFC 3779 extensions of the EE cert for
ROAs or RSCs can be a subset of the resources in the auth chain. So far
we compared that the resources of ROAs and RSCs are covered by the auth
chain, which is not entirely correct. Extract the necessary data from
the EE cert into rpki-client's own data structures, then verify that
the EE cert's resources cover the ones claimed in the ROA or RSC.

Do this as part or ROA and RSC parsing, that the EE cert's resources are
covered by the auth chain is checked in valid_x509() later on.

All this is a bit more annoying and intrusive than it should be...

ok claudio job

In filemode check whether ROA & RSC resources are properly contained

with and OK tb@ claudio@

Add preliminary support for decoding RSC objects in filemode

This implements decoding support for draft-ietf-sidrops-rpki-rsc-06

There are three major outstanding issues:

* The wire image might still change to conform to the more widely deployed
3779 API in libressl/openssl. IETF discussion ongoing.
* Whether the resources listed in the ResourceBlock are contained within
the EE's RFC 3779 extension is not hooked up yet.
* There is a fair bit of duplicity between rsc.c and cert.c, look for XXX

OK tb@

zap extra blank line

trailing whitespace

In filemode emit the hash which uniquely identifies a given Signed Object

RPKI Signed Objects are not malleable; this means the SHA256 digest
of an input file containing a signed object is a very stable identifier
to associate with the decoded (validated) output shown in filemode.

The SHA256 in hash_id is base64 encoded (just like hashes on manifest listings).

OK tb@

Further refactor and cleanup filemode.c mainly remove the copies of
proc_parser_cert_validate() and proc_parser_root_cert() adjust
parse_load_certchain() and parse_load_ta() respectivly.
Also cleanup the functions in parser.c and make it possible to call
ta_parse and cert_parse with a NULL cert.
OK tb@

The filemode code is enough different from the regular parser code that it
makes sense to totally split it out. Duplicate proc_parser_cert_validate()
and proc_parser_root_cert() for now.

The valid_x509() plus the required static functions are moved to validate.c.
The crl_tree code moved into crl.c similar to the auth_tree handling in
cert.c. All the proc functions are now tagged with __attribute(noreturn)
which allows to remove the errx() after them.

OK tb@

Replace protocol literal strings and strlen() calls with defined constants

OK tb@ claudio@

Rename parent to issuer in struct auth

Parent is confusing and issuer is the appropriate terminology. This is
a mechanical diff. The only remaining uses of 'parent' in this code
base now mean 'parent process'.

discussed with beck and job
ok job

Add support for RPKI Signed Prefix Lists

Signed Prefix List are a CMS protected content type for use with the
RPKI to carry the complete list of prefixes which an Autonomous System
may originate to all or any of its routing peers. The validation of a
Signed Prefix List confirms that the holder of the listed ASN produced
the object, and that this list is a current, accurate and complete
description of address prefixes that may be announced into the routing
system originated by this AS.

https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist

with and OK claudio@ tb@

Warn about overclaiming intermediate CAs, but don't error

OK tb@

Allow imposing constraints on RPKI trust anchors

The ability to constrain a RPKI Trust Anchor's effective signing
authority to a limited set of Internet Number Resources allows
Relying Parties to enjoy the potential benefits of assuming trust,
within a bounded scope.

Some examples: ARIN does not support inter-RIR IPv6 transfers, so
it wouldn't make any sense to see a ROA subordinate to ARIN's trust
anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't
make sense to observe a ROA covering ARIN-managed IPv6 space under
APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust
arc (a cryptographically valid certificate path) existed. Along these
same lines, AFRINIC doesn't support inter-RIR transfers of any kind,
and none of the RIRs have authority over private resources like
10.0.0.0/8 and 2001:db8::/32.

For more background see:
https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/
https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html

With and OK tb@, OK claudio@

Pass the talid to various parse functions

This will be needed by an upcoming feature where we will need to know
what trust anchor a given cert chains to. This doesn't change anything
except the size of the diff.

ok claudio job

Retire log.c

Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.

suggested by claudio
ok job

Fixup file modification timestamps to optimize failover from RRDP to RSYNC

In the RSYNC protocol a file's last modification time and its size are
used to determine whether sending a (partial) copy over the wire is needed.
Previously, when RRDP data structures are serialized to disk, the mtime of
files in DIR_VALID ended up being UTIME_NOW.

Thus, the mtimes of files obtained through RRDP will never match the mtimes
of the same files available through RSYNC - causing each and every file to
be added to the file transfer list.

Instead, use the internal timestamps of RPKI files as the last modified
timestamp. Specifically, for Signed Objects (ROAs, MFTs, GBRs, TAKs, ASPAs)
the CMS signing-time, for .cer files the X.509 notBefore, and for .crl files
the CRL lastUpdate. This results in a surprising optimization for the number
files which have to be transfered.

OK claudio@

Convert all of filemode to use the json API as well.
Output is mostly the same apart from some space differences.
OK tb@ job@

Fix a use-after-free in filemode

In case the TAL of a self-signed is unavailable, cert would be freed but
we'd still hold a reference to its expired time in expires, so invalidate
that pointer as well.

Found by, initial fix and ok job

Improve accounting by tracking things by repo and tal.
This fixes some wrong accounting for repositories that are referenced
from more than one TAL. It changes the ometric lable output a little bit
since there are repository metrics that no longer include the 'name' label.
OK tb@

Show MFTs as part of the signature path

no objection tb@

Don't lookup the signature path's expiry for trust anchor certs

In filemode, also print details for .cer certificates

In filemode, display the moment the signature path will expire

Previously this was only shown for ROA+ASPA. Now also show for
GBR, Geofeed, Certs, RSC, and TAK.

OK tb@

In filemode for ROAs/ASPAs display when the Signature path will expire

Also rename 'certification path' to 'signature path' for alignment

OK tb@

Merge calling print_certification_path() into adjacent else branch

OK tb@

Refactor whats printed when in filemode

OK tb@

Alphabetically sort various bits and pieces - mechanical change

Might make later refactors easier to follow

OK tb@

Improve decoded content printing in filemode

Looks reasonable claudio@

In filemode, print the certification path towards the Trust Anchor

with and OK tb@

Rework the main <-> parser/filemode communication protocol a bit.

Swap repo_id and filename to simplify the code in parser.c. In filemode
both repo_id and filename are ignored.
Additionally do not errx() in case of unknown file types. Instead send back
enough info that the code can move on.

OK tb@

Return an error string instead of surpressing the warning in valid_x509.
This way manifests can should a better error message when something fails.
With and OK tb@

Add support for authenticating geofeed data CSV files in filemode

RFC 9092 describes a scheme in which an authenticator is appended to a
geofeed (RFC 8805) file. It is a digest of the main body of the file
signed by the private key of the relevant RPKI certificate for a covering
address range. The authenticator is a detached CMS signature.

with and OK tb@

Format filemode output in a tabular fashion to improve readability

OK tb@ claudio@

Add support for draft-ietf-sidrops-signed-tal-12

Add support validation of Signed Objects containing Trust Anchor Keys
(TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs
to distribute and sign the next Trust Anchor with the current Trust
Anchor. This might be an improvement over visiting RIR websites and
copy+pasting TAL data by hand.

OK tb@

Properly free memory in filemode

OK tb@

Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10)

ASPA objects are published in the RPKI and can be used to detect and
mitigate BGP route leaks. Validated ASPA Payloads are visible through
filemode (-f) and the JSON output format (-j).

With feedback from tb@

OK claudio@ tb@

Make PEM printing available through increased verbosity (-vvf)

Suggestion from claudio@

OK tb@

In verbose filemode print details about encapsulated certificates.
Add command line flag to print the certificate in PEM format.

OK tb@

Fix newline in JSON filemode

OK tb@

Plug memory leak in filemode

OK tb@ claudio@

Check the resources in ROAs and RSCs against EE certs

The resources delegated in the RFC 3779 extensions of the EE cert for
ROAs or RSCs can be a subset of the resources in the auth chain. So far
we compared that the resources of ROAs and RSCs are covered by the auth
chain, which is not entirely correct. Extract the necessary data from
the EE cert into rpki-client's own data structures, then verify that
the EE cert's resources cover the ones claimed in the ROA or RSC.

Do this as part or ROA and RSC parsing, that the EE cert's resources are
covered by the auth chain is checked in valid_x509() later on.

All this is a bit more annoying and intrusive than it should be...

ok claudio job

In filemode check whether ROA & RSC resources are properly contained

with and OK tb@ claudio@

Add preliminary support for decoding RSC objects in filemode

This implements decoding support for draft-ietf-sidrops-rpki-rsc-06

There are three major outstanding issues:

* The wire image might still change to conform to the more widely deployed
3779 API in libressl/openssl. IETF discussion ongoing.
* Whether the resources listed in the ResourceBlock are contained within
the EE's RFC 3779 extension is not hooked up yet.
* There is a fair bit of duplicity between rsc.c and cert.c, look for XXX

OK tb@

zap extra blank line

trailing whitespace

In filemode emit the hash which uniquely identifies a given Signed Object

RPKI Signed Objects are not malleable; this means the SHA256 digest
of an input file containing a signed object is a very stable identifier
to associate with the decoded (validated) output shown in filemode.

The SHA256 in hash_id is base64 encoded (just like hashes on manifest listings).

OK tb@

Further refactor and cleanup filemode.c mainly remove the copies of
proc_parser_cert_validate() and proc_parser_root_cert() adjust
parse_load_certchain() and parse_load_ta() respectivly.
Also cleanup the functions in parser.c and make it possible to call
ta_parse and cert_parse with a NULL cert.
OK tb@

The filemode code is enough different from the regular parser code that it
makes sense to totally split it out. Duplicate proc_parser_cert_validate()
and proc_parser_root_cert() for now.

The valid_x509() plus the required static functions are moved to validate.c.
The crl_tree code moved into crl.c similar to the auth_tree handling in
cert.c. All the proc functions are now tagged with __attribute(noreturn)
which allows to remove the errx() after them.

OK tb@

Rename parent to issuer in struct auth

Parent is confusing and issuer is the appropriate terminology. This is
a mechanical diff. The only remaining uses of 'parent' in this code
base now mean 'parent process'.

discussed with beck and job
ok job

Add support for RPKI Signed Prefix Lists

Signed Prefix List are a CMS protected content type for use with the
RPKI to carry the complete list of prefixes which an Autonomous System
may originate to all or any of its routing peers. The validation of a
Signed Prefix List confirms that the holder of the listed ASN produced
the object, and that this list is a current, accurate and complete
description of address prefixes that may be announced into the routing
system originated by this AS.

https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist

with and OK claudio@ tb@

Warn about overclaiming intermediate CAs, but don't error

OK tb@

Allow imposing constraints on RPKI trust anchors

The ability to constrain a RPKI Trust Anchor's effective signing
authority to a limited set of Internet Number Resources allows
Relying Parties to enjoy the potential benefits of assuming trust,
within a bounded scope.

Some examples: ARIN does not support inter-RIR IPv6 transfers, so
it wouldn't make any sense to see a ROA subordinate to ARIN's trust
anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't
make sense to observe a ROA covering ARIN-managed IPv6 space under
APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust
arc (a cryptographically valid certificate path) existed. Along these
same lines, AFRINIC doesn't support inter-RIR transfers of any kind,
and none of the RIRs have authority over private resources like
10.0.0.0/8 and 2001:db8::/32.

For more background see:
https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/
https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html

With and OK tb@, OK claudio@

Pass the talid to various parse functions

This will be needed by an upcoming feature where we will need to know
what trust anchor a given cert chains to. This doesn't change anything
except the size of the diff.

ok claudio job

Retire log.c

Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.

suggested by claudio
ok job

Fixup file modification timestamps to optimize failover from RRDP to RSYNC

In the RSYNC protocol a file's last modification time and its size are
used to determine whether sending a (partial) copy over the wire is needed.
Previously, when RRDP data structures are serialized to disk, the mtime of
files in DIR_VALID ended up being UTIME_NOW.

Thus, the mtimes of files obtained through RRDP will never match the mtimes
of the same files available through RSYNC - causing each and every file to
be added to the file transfer list.

Instead, use the internal timestamps of RPKI files as the last modified
timestamp. Specifically, for Signed Objects (ROAs, MFTs, GBRs, TAKs, ASPAs)
the CMS signing-time, for .cer files the X.509 notBefore, and for .crl files
the CRL lastUpdate. This results in a surprising optimization for the number
files which have to be transfered.

OK claudio@

Convert all of filemode to use the json API as well.
Output is mostly the same apart from some space differences.
OK tb@ job@

Fix a use-after-free in filemode

In case the TAL of a self-signed is unavailable, cert would be freed but
we'd still hold a reference to its expired time in expires, so invalidate
that pointer as well.

Found by, initial fix and ok job

Improve accounting by tracking things by repo and tal.
This fixes some wrong accounting for repositories that are referenced
from more than one TAL. It changes the ometric lable output a little bit
since there are repository metrics that no longer include the 'name' label.
OK tb@

Show MFTs as part of the signature path

no objection tb@

Don't lookup the signature path's expiry for trust anchor certs

In filemode, also print details for .cer certificates

In filemode, display the moment the signature path will expire

Previously this was only shown for ROA+ASPA. Now also show for
GBR, Geofeed, Certs, RSC, and TAK.

OK tb@

In filemode for ROAs/ASPAs display when the Signature path will expire

Also rename 'certification path' to 'signature path' for alignment

OK tb@

Merge calling print_certification_path() into adjacent else branch

OK tb@

Refactor whats printed when in filemode

OK tb@

Alphabetically sort various bits and pieces - mechanical change

Might make later refactors easier to follow

OK tb@

Improve decoded content printing in filemode

Looks reasonable claudio@

In filemode, print the certification path towards the Trust Anchor

with and OK tb@

Rework the main <-> parser/filemode communication protocol a bit.

Swap repo_id and filename to simplify the code in parser.c. In filemode
both repo_id and filename are ignored.
Additionally do not errx() in case of unknown file types. Instead send back
enough info that the code can move on.

OK tb@

Return an error string instead of surpressing the warning in valid_x509.
This way manifests can should a better error message when something fails.
With and OK tb@

Add support for authenticating geofeed data CSV files in filemode

RFC 9092 describes a scheme in which an authenticator is appended to a
geofeed (RFC 8805) file. It is a digest of the main body of the file
signed by the private key of the relevant RPKI certificate for a covering
address range. The authenticator is a detached CMS signature.

with and OK tb@

Format filemode output in a tabular fashion to improve readability

OK tb@ claudio@

Add support for draft-ietf-sidrops-signed-tal-12

Add support validation of Signed Objects containing Trust Anchor Keys
(TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs
to distribute and sign the next Trust Anchor with the current Trust
Anchor. This might be an improvement over visiting RIR websites and
copy+pasting TAL data by hand.

OK tb@

Properly free memory in filemode

OK tb@

Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10)

ASPA objects are published in the RPKI and can be used to detect and
mitigate BGP route leaks. Validated ASPA Payloads are visible through
filemode (-f) and the JSON output format (-j).

With feedback from tb@

OK claudio@ tb@

Make PEM printing available through increased verbosity (-vvf)

Suggestion from claudio@

OK tb@

In verbose filemode print details about encapsulated certificates.
Add command line flag to print the certificate in PEM format.

OK tb@

Fix newline in JSON filemode

OK tb@

Plug memory leak in filemode

OK tb@ claudio@

Check the resources in ROAs and RSCs against EE certs

The resources delegated in the RFC 3779 extensions of the EE cert for
ROAs or RSCs can be a subset of the resources in the auth chain. So far
we compared that the resources of ROAs and RSCs are covered by the auth
chain, which is not entirely correct. Extract the necessary data from
the EE cert into rpki-client's own data structures, then verify that
the EE cert's resources cover the ones claimed in the ROA or RSC.

Do this as part or ROA and RSC parsing, that the EE cert's resources are
covered by the auth chain is checked in valid_x509() later on.

All this is a bit more annoying and intrusive than it should be...

ok claudio job

In filemode check whether ROA & RSC resources are properly contained

with and OK tb@ claudio@

Add preliminary support for decoding RSC objects in filemode

This implements decoding support for draft-ietf-sidrops-rpki-rsc-06

There are three major outstanding issues:

* The wire image might still change to conform to the more widely deployed
3779 API in libressl/openssl. IETF discussion ongoing.
* Whether the resources listed in the ResourceBlock are contained within
the EE's RFC 3779 extension is not hooked up yet.
* There is a fair bit of duplicity between rsc.c and cert.c, look for XXX

OK tb@

zap extra blank line

trailing whitespace

In filemode emit the hash which uniquely identifies a given Signed Object

RPKI Signed Objects are not malleable; this means the SHA256 digest
of an input file containing a signed object is a very stable identifier
to associate with the decoded (validated) output shown in filemode.

The SHA256 in hash_id is base64 encoded (just like hashes on manifest listings).

OK tb@

Further refactor and cleanup filemode.c mainly remove the copies of
proc_parser_cert_validate() and proc_parser_root_cert() adjust
parse_load_certchain() and parse_load_ta() respectivly.
Also cleanup the functions in parser.c and make it possible to call
ta_parse and cert_parse with a NULL cert.
OK tb@

The filemode code is enough different from the regular parser code that it
makes sense to totally split it out. Duplicate proc_parser_cert_validate()
and proc_parser_root_cert() for now.

The valid_x509() plus the required static functions are moved to validate.c.
The crl_tree code moved into crl.c similar to the auth_tree handling in
cert.c. All the proc functions are now tagged with __attribute(noreturn)
which allows to remove the errx() after them.

OK tb@

Add support for RPKI Signed Prefix Lists

Signed Prefix List are a CMS protected content type for use with the
RPKI to carry the complete list of prefixes which an Autonomous System
may originate to all or any of its routing peers. The validation of a
Signed Prefix List confirms that the holder of the listed ASN produced
the object, and that this list is a current, accurate and complete
description of address prefixes that may be announced into the routing
system originated by this AS.

https://datatracker.ietf.org/doc/html/draft-ietf-sidrops-rpki-prefixlist

with and OK claudio@ tb@

Warn about overclaiming intermediate CAs, but don't error

OK tb@

Allow imposing constraints on RPKI trust anchors

The ability to constrain a RPKI Trust Anchor's effective signing
authority to a limited set of Internet Number Resources allows
Relying Parties to enjoy the potential benefits of assuming trust,
within a bounded scope.

Some examples: ARIN does not support inter-RIR IPv6 transfers, so
it wouldn't make any sense to see a ROA subordinate to ARIN's trust
anchor covering RIPE-managed IPv6 space. Conversely, it wouldn't
make sense to observe a ROA covering ARIN-managed IPv6 space under
APNIC's, LACNIC's, or RIPE's trust anchor - even if a derived trust
arc (a cryptographically valid certificate path) existed. Along these
same lines, AFRINIC doesn't support inter-RIR transfers of any kind,
and none of the RIRs have authority over private resources like
10.0.0.0/8 and 2001:db8::/32.

For more background see:
https://datatracker.ietf.org/doc/draft-snijders-constraining-rpki-trust-anchors/
https://mailman.nanog.org/pipermail/nanog/2023-September/223354.html

With and OK tb@, OK claudio@

Pass the talid to various parse functions

This will be needed by an upcoming feature where we will need to know
what trust anchor a given cert chains to. This doesn't change anything
except the size of the diff.

ok claudio job

Retire log.c

Convert all cryptowarnx() and cryptoerrx() to appropriate versions of
warn() and err{,x}(). Neither users nor developers benefit from them.
If we need better errors, we need to do some thinking. libcrypto won't
do that for us.

suggested by claudio
ok job

Fixup file modification timestamps to optimize failover from RRDP to RSYNC

In the RSYNC protocol a file's last modification time and its size are
used to determine whether sending a (partial) copy over the wire is needed.
Previously, when RRDP data structures are serialized to disk, the mtime of
files in DIR_VALID ended up being UTIME_NOW.

Thus, the mtimes of files obtained through RRDP will never match the mtimes
of the same files available through RSYNC - causing each and every file to
be added to the file transfer list.

Instead, use the internal timestamps of RPKI files as the last modified
timestamp. Specifically, for Signed Objects (ROAs, MFTs, GBRs, TAKs, ASPAs)
the CMS signing-time, for .cer files the X.509 notBefore, and for .crl files
the CRL lastUpdate. This results in a surprising optimization for the number
files which have to be transfered.

OK claudio@

Convert all of filemode to use the json API as well.
Output is mostly the same apart from some space differences.
OK tb@ job@

Fix a use-after-free in filemode

In case the TAL of a self-signed is unavailable, cert would be freed but
we'd still hold a reference to its expired time in expires, so invalidate
that pointer as well.

Found by, initial fix and ok job

Improve accounting by tracking things by repo and tal.
This fixes some wrong accounting for repositories that are referenced
from more than one TAL. It changes the ometric lable output a little bit
since there are repository metrics that no longer include the 'name' label.
OK tb@

Show MFTs as part of the signature path

no objection tb@

Don't lookup the signature path's expiry for trust anchor certs

In filemode, also print details for .cer certificates

In filemode, display the moment the signature path will expire

Previously this was only shown for ROA+ASPA. Now also show for
GBR, Geofeed, Certs, RSC, and TAK.

OK tb@

In filemode for ROAs/ASPAs display when the Signature path will expire

Also rename 'certification path' to 'signature path' for alignment

OK tb@

Merge calling print_certification_path() into adjacent else branch

OK tb@

Refactor whats printed when in filemode

OK tb@

Alphabetically sort various bits and pieces - mechanical change

Might make later refactors easier to follow

OK tb@

Improve decoded content printing in filemode

Looks reasonable claudio@

In filemode, print the certification path towards the Trust Anchor

with and OK tb@

Rework the main <-> parser/filemode communication protocol a bit.

Swap repo_id and filename to simplify the code in parser.c. In filemode
both repo_id and filename are ignored.
Additionally do not errx() in case of unknown file types. Instead send back
enough info that the code can move on.

OK tb@

Return an error string instead of surpressing the warning in valid_x509.
This way manifests can should a better error message when something fails.
With and OK tb@

Add support for authenticating geofeed data CSV files in filemode

RFC 9092 describes a scheme in which an authenticator is appended to a
geofeed (RFC 8805) file. It is a digest of the main body of the file
signed by the private key of the relevant RPKI certificate for a covering
address range. The authenticator is a detached CMS signature.

with and OK tb@

Format filemode output in a tabular fashion to improve readability

OK tb@ claudio@

Add support for draft-ietf-sidrops-signed-tal-12

Add support validation of Signed Objects containing Trust Anchor Keys
(TAKs - aka 'Signed TALs'). Signed TALs provide a mechanism for RIRs
to distribute and sign the next Trust Anchor with the current Trust
Anchor. This might be an improvement over visiting RIR websites and
copy+pasting TAL data by hand.

OK tb@

Properly free memory in filemode

OK tb@

Add support for ASPA objects (draft-ietf-sidrops-aspa-profile-10)

ASPA objects are published in the RPKI and can be used to detect and
mitigate BGP route leaks. Validated ASPA Payloads are visible through
filemode (-f) and the JSON output format (-j).

With feedback from tb@

OK claudio@ tb@

Make PEM printing available through increased verbosity (-vvf)

Suggestion from claudio@

OK tb@

In verbose filemode print details about encapsulated certificates.
Add command line flag to print the certificate in PEM format.

OK tb@

Fix newline in JSON filemode

OK tb@

Plug memory leak in filemode

OK tb@ claudio@

Check the resources in ROAs and RSCs against EE certs

The resources delegated in the RFC 3779 extensions of the EE cert for
ROAs or RSCs can be a subset of the resources in the auth chain. So far
we compared that the resources of ROAs and RSCs are covered by the auth
chain, which is not entirely correct. Extract the necessary data from
the EE cert into rpki-client's own data structures, then verify that
the EE cert's resources cover the ones claimed in the ROA or RSC.

Do this as part or ROA and RSC parsing, that the EE cert's resources are
covered by the auth chain is checked in valid_x509() later on.

All this is a bit more annoying and intrusive than it should be...

ok claudio job

In filemode check whether ROA & RSC resources are properly contained

with and OK tb@ claudio@

Add preliminary support for decoding RSC objects in filemode

This implements decoding support for draft-ietf-sidrops-rpki-rsc-06

There are three major outstanding issues:

* The wire image might still change to conform to the more widely deployed
3779 API in libressl/openssl. IETF discussion ongoing.
* Whether the resources listed in the ResourceBlock are contained within
the EE's RFC 3779 extension is not hooked up yet.
* There is a fair bit of duplicity between rsc.c and cert.c, look for XXX

OK tb@

zap extra blank line

trailing whitespace

In filemode emit the hash which uniquely identifies a given Signed Object

RPKI Signed Objects are not malleable; this means the SHA256 digest
of an input file containing a signed object is a very stable identifier
to associate with the decoded (validated) output shown in filemode.

The SHA256 in hash_id is base64 encoded (just like hashes on manifest listings).

OK tb@

Further refactor and cleanup filemode.c mainly remove the copies of
proc_parser_cert_validate() and proc_parser_root_cert() adjust
parse_load_certchain() and parse_load_ta() respectivly.
Also cleanup the functions in parser.c and make it possible to call
ta_parse and cert_parse with a NULL cert.
OK tb@

The filemode code is enough different from the regular parser code that it
makes sense to totally split it out. Duplicate proc_parser_cert_validate()
and proc_parser_root_cert() for now.

The valid_x509() plus the required static functions are moved to validate.c.
The crl_tree code moved into crl.c similar to the auth_tree handling in
cert.c. All the proc functions are now tagged with __attribute(noreturn)
which allows to remove the errx() after them.

OK tb@

Warn about overclaiming intermediate CAs, but don't error

OK tb@