# Copyright (C) 2025 Network RADIUS SAS (legal@networkradius.com)
# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
# Version $Id$
-DEFINE OID-Tree tlv
+DEFINE OID-Tree sequence
BEGIN OID-Tree
-ATTRIBUTE iso 1 tlv
-ATTRIBUTE member-body 1.2 tlv
-ATTRIBUTE us 1.2.840 tlv
-ATTRIBUTE ansi-x962 1.2.840.10045 tlv
-ATTRIBUTE keyType 1.2.840.10045.2 tlv
+ATTRIBUTE iso 1 sequence
+ATTRIBUTE member-body 1.2 sequence
+ATTRIBUTE us 1.2.840 sequence
+ATTRIBUTE ansi-x962 1.2.840.10045 sequence
+ATTRIBUTE keyType 1.2.840.10045.2 sequence
ATTRIBUTE ecPublicKey 1.2.840.10045.2.1 oid is_oid_leaf
-ATTRIBUTE signatures 1.2.840.10045.4 tlv
-ATTRIBUTE ecdsa-with-SHA2 1.2.840.10045.4.3 tlv
+ATTRIBUTE signatures 1.2.840.10045.4 sequence
+ATTRIBUTE ecdsa-with-SHA2 1.2.840.10045.4.3 sequence
ATTRIBUTE ecdsa-with-SHA384 1.2.840.10045.4.3.3 bool is_oid_leaf,has_default
VALUE 1.2.840.10045.4.3.3 DEFAULT false
-ATTRIBUTE rsadsi 1.2.840.113549 tlv
-ATTRIBUTE pkcs 1.2.840.113549.1 tlv
-ATTRIBUTE pkcs-1 1.2.840.113549.1.1 tlv
+ATTRIBUTE rsadsi 1.2.840.113549 sequence
+ATTRIBUTE pkcs 1.2.840.113549.1 sequence
+ATTRIBUTE pkcs-1 1.2.840.113549.1.1 sequence
ATTRIBUTE rsaEncryption 1.2.840.113549.1.1.1 null is_oid_leaf
ATTRIBUTE sha256WithRSAEncryption 1.2.840.113549.1.1.11 null is_oid_leaf
-ATTRIBUTE identified-organization 1.3 tlv
-ATTRIBUTE dod 1.3.6 tlv
-ATTRIBUTE internet 1.3.6.1 tlv
-ATTRIBUTE security 1.3.6.1.5 tlv
-ATTRIBUTE mechanisms 1.3.6.1.5.5 tlv
-ATTRIBUTE pkix 1.3.6.1.5.5.7 tlv
-ATTRIBUTE pe 1.3.6.1.5.5.7.1 tlv
+ATTRIBUTE identified-organization 1.3 sequence
+ATTRIBUTE dod 1.3.6 sequence
+ATTRIBUTE internet 1.3.6.1 sequence
+ATTRIBUTE security 1.3.6.1.5 sequence
+ATTRIBUTE mechanisms 1.3.6.1.5.5 sequence
+ATTRIBUTE pkix 1.3.6.1.5.5.7 sequence
+ATTRIBUTE pe 1.3.6.1.5.5.7.1 sequence
-ATTRIBUTE joint-iso-itu-t 2 tlv
-ATTRIBUTE ds 2.5 tlv
+ATTRIBUTE joint-iso-itu-t 2 sequence
+ATTRIBUTE ds 2.5 sequence
-ATTRIBUTE attributeType 2.5.4 tlv
+ATTRIBUTE attributeType 2.5.4 sequence
ATTRIBUTE commonName 2.5.4.3 printablestring is_oid_leaf
ATTRIBUTE countryName 2.5.4.6 string[2] der_type=printablestring,is_oid_leaf
ATTRIBUTE serialNumber 2.5.4.5 printablestring is_oid_leaf
ATTRIBUTE stateOrProvinceName 2.5.4.8 string is_oid_leaf
ATTRIBUTE organizationName 2.5.4.10 printablestring is_oid_leaf
-ATTRIBUTE certificateExtension 2.5.29 tlv
+ATTRIBUTE certificateExtension 2.5.29 sequence
$INCLUDE dictionary.extensions
# Copyright (C) 2025 Network RADIUS SAS (legal@networkradius.com)
# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
# Version $Id$
-DEFINE CertificateRequest tlv
+DEFINE CertificateRequest sequence
BEGIN CertificateRequest
-DEFINE certificationRequestInfo tlv
+DEFINE certificationRequestInfo sequence
BEGIN certificationRequestInfo
DEFINE version integer
-DEFINE subject tlv
+DEFINE subject sequence
BEGIN subject
DEFINE RelativeDistinguishedName set
BEGIN RelativeDistinguishedName
-DEFINE AttributeTypeandValue tlv
+DEFINE AttributeTypeandValue sequence
BEGIN AttributeTypeAndValue
DEFINE OID oid
DEFINE Value-Thing utf8string
END RelativeDistinguishedName
END subject
-DEFINE subjectPublicKeyInfo tlv
+DEFINE subjectPublicKeyInfo sequence
BEGIN subjectPublicKeyInfo
-DEFINE algorithm tlv
+DEFINE algorithm sequence
BEGIN algorithm
DEFINE OID oid
END algorithm
DEFINE Attributes sequence option=0
BEGIN Attributes
-DEFINE Attribute-thing tlv
+DEFINE Attribute-thing sequence
BEGIN Attribute-thing
DEFINE OID oid
DEFINE Extensions group ref=OID-Tree,der_type=set,is_extensions
END certificationRequestInfo
-DEFINE signatureAlgorithm tlv
+DEFINE signatureAlgorithm sequence
BEGIN signatureAlgorithm
DEFINE OID oid
END signatureAlgorithm
# Copyright (C) 2025 Network RADIUS SAS (legal@networkradius.com)
# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
# Version $Id$
-DEFINE Certificate tlv
+DEFINE Certificate sequence
BEGIN Certificate
-DEFINE tbsCertificate tlv
+DEFINE tbsCertificate sequence
BEGIN tbsCertificate
DEFINE version sequence option=0
BEGIN version
DEFINE serialNumber octets der_type=integer
DEFINE signature group ref=OID-Tree,is_pair
-DEFINE issuer sequence sequence_of=set,is_pairs
+DEFINE issuer sequence sequence_of=set
BEGIN issuer
DEFINE RelativeDistinguishedName set
BEGIN RelativeDistinguishedName
END RelativeDistinguishedName
END issuer
-DEFINE validity tlv
+DEFINE validity sequence
BEGIN validity
DEFINE notBefore utctime
DEFINE notAfter utctime
END validity
-DEFINE subject tlv sequence_of=set,is_pairs
+DEFINE subject sequence sequence_of=set
BEGIN subject
DEFINE RelativeDistinguishedName set
BEGIN RelativeDistinguishedName
END RelativeDistinguishedName
END subject
-DEFINE subjectPublicKeyInfo tlv
+DEFINE subjectPublicKeyInfo sequence
BEGIN subjectPublicKeyInfo
DEFINE algorithm group ref=OID-Tree,is_pair
DEFINE subjectPublicKey bitstring
fr_der_tag_t der_type;
fr_type_t fr_type;
+ /*
+ * To avoid confusion, we want to use the DER names where
+ * possible.
+ *
+ * We only use the FreeRADIUS names where we don't have a
+ * choice. :(
+ */
+ switch (*type_p) {
+ case FR_TYPE_TLV:
+ fr_strerror_const("Cannot use 'tlv' in DER. Please use 'sequence'");
+ return false;
+
+ case FR_TYPE_IPV4_ADDR:
+ case FR_TYPE_IPV4_PREFIX:
+ case FR_TYPE_IPV6_ADDR:
+ case FR_TYPE_IPV6_PREFIX:
+ case FR_TYPE_IFID:
+ case FR_TYPE_COMBO_IP_ADDR:
+ case FR_TYPE_COMBO_IP_PREFIX:
+ case FR_TYPE_ETHERNET:
+ case FR_TYPE_FLOAT32:
+ case FR_TYPE_FLOAT64:
+ case FR_TYPE_VSA:
+ case FR_TYPE_VENDOR:
+ case FR_TYPE_VALUE_BOX:
+ case FR_TYPE_VOID:
+ case FR_TYPE_MAX:
+ fr_strerror_printf("Cannot use type '%s' in the DER dictionaries",
+ fr_type_to_str(*type_p));
+ return false;
+
+ /*
+ * We allow integers for now. They may be
+ * internal, or they may be inside of a struct.
+ */
+ default:
+ break;
+ }
+
/*
* Convert the DER data type to the underlying FreeRADIUS
* data type.
* in structs, because the struct encoder/decoder takes
* care of those.
*/
- if (fr_type_is_integer_except_bool(da->type) && (da->type != FR_TYPE_INT64) &&
+ if (fr_type_is_integer_except_bool(da->type) &&
+ !da->flags.internal &&
+ (da->type != FR_TYPE_INT64) &&
(da->type != FR_TYPE_DATE) && (da->type != FR_TYPE_TIME_DELTA) &&
(da->parent->type != FR_TYPE_STRUCT)) {
fr_strerror_printf("All integers in DER must be 'int64', and not '%s'",
MEMBER Test-Null null
END Seq-Integer-Null
-DEFINE Test-Oid string der_type=oid
+DEFINE Test-Oid oid
DEFINE Seq-Oid struct der_type=sequence
BEGIN Seq-Oid
-MEMBER Test-Oid string der_type=oid
+MEMBER Test-Oid oid
END Seq-Oid
DEFINE Test-Enumerated enumerated
projects / thirdparty / freeradius-server.git / commitdiff
