PROTOCOLS := \
arp \
bfd \
+ der \
dhcpv4 \
dhcpv6 \
dns \
--- /dev/null
+# -*- text -*-
+# Copyright (C) 2025 Network RADIUS SAS (legal@networkradius.com)
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+#
+# The FreeRADIUS Vendor-Specific dictionary for TLS operations.
+#
+# Version: $Id$
+#
+BEGIN PROTOCOL DER 11354911
+
+$INCLUDE dictionary.common
+$INCLUDE dictionary.oids
+$INCLUDE dictionary.rfc2986
+$INCLUDE dictionary.rfc5280
+
+END-PROTOCOL DER
--- /dev/null
+# -*- text -*-
+# Copyright (C) 2025 Network RADIUS SAS (legal@networkradius.com)
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+DEFINE GeneralName choice
+BEGIN GeneralName
+
+ATTRIBUTE otherName 0 sequence option=0
+BEGIN otherName
+DEFINE type-id string subtype=oid
+DEFINE Value-thing tlv subtype=sequence,class=context-specific,tagnum=0
+BEGIN Value-thing
+DEFINE userPrincipalName string subtype=utf8string
+END Value-thing
+END otherName
+
+ATTRIBUTE rfc822Name 1 ia5string option=1
+ATTRIBUTE dNSName 2 ia5string option=2
+
+ATTRIBUTE directoryName 4 sequence option=4
+BEGIN directoryName
+DEFINE RDNSequence sequence sequence_of=set
+BEGIN RDNSequence
+DEFINE RelativeDistinguishedName set
+BEGIN RelativeDistinguishedName
+DEFINE AttributeTypeAndValue group ref=OID-Tree,is_pair
+END RelativeDistinguishedName
+END RDNSequence
+END directoryName
+
+ATTRIBUTE uniformResourceIdentifier 6 ia5string option=6
+
+END GeneralName
+
+DEFINE DirectoryName choice
+BEGIN DirectoryName
+ATTRIBUTE printableString 19 printablestring
+ATTRIBUTE universalString 28 universalstring
+ATTRIBUTE utf8String 12 utf8string
+END DirectoryName
+
+DEFINE GeneralSubtree sequence
+BEGIN GeneralSubtree
+DEFINE base sequence clone=GeneralName
+DEFINE minimum integer option=0,has_default
+VALUE minimum DEFAULT 0
+DEFINE maximum integer option=1
+END GeneralSubtree
+
+DEFINE Name sequence
+BEGIN Name
+DEFINE RDNSequence sequence sequence_of=set
+BEGIN RDNSequence
+DEFINE RelativeDistinguishedName set
+BEGIN RelativeDistinguishedName
+DEFINE AttributeTypeAndValue group ref=OID-Tree,is_pair
+END RelativeDistinguishedName
+END RDNSequence
+END Name
--- /dev/null
+# -*- text -*-
+# Copyright (C) 2025 Network RADIUS SAS (legal@networkradius.com)
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+DEFINE Critical group ref=OID-Tree
+
+ATTRIBUTE authorityInfoAccess 1.3.6.1.5.5.7.1.1 sequence sequence_of=sequence,is_oid_leaf
+BEGIN 1.3.6.1.5.5.7.1.1
+DEFINE accessDescription sequence
+BEGIN accessDescription
+DEFINE accessMethod oid
+
+DEFINE accessLocation choice
+BEGIN accessLocation
+ATTRIBUTE otherName 0 sequence option=0
+BEGIN otherName
+DEFINE type-id string subtype=oid
+DEFINE Value-thing tlv subtype=sequence,class=context-specific,tagnum=0
+BEGIN Value-thing
+DEFINE userPrincipalName string subtype=utf8string
+END Value-thing
+END otherName
+
+ATTRIBUTE rfc822Name 1 ia5string option=1
+ATTRIBUTE dNSName 2 ia5string option=2
+
+ATTRIBUTE uniformResourceIdentifier 6 ia5string option=6
+END accessLocation
+
+END accessDescription
+END 1.3.6.1.5.5.7.1.1
+
+ATTRIBUTE subjectInfoAccess 1.3.6.1.5.5.7.1.11 sequence sequence_of=sequence,is_oid_leaf
+BEGIN 1.3.6.1.5.5.7.1.11
+DEFINE accessDescription sequence
+BEGIN accessDescription
+DEFINE accessMethod oid
+
+DEFINE accessLocation choice
+BEGIN accessLocation
+ATTRIBUTE otherName 0 sequence option=0
+BEGIN otherName
+DEFINE type-id string subtype=oid
+DEFINE Value-thing tlv subtype=sequence,class=context-specific,tagnum=0
+BEGIN Value-thing
+DEFINE userPrincipalName string subtype=utf8string
+END Value-thing
+END otherName
+
+ATTRIBUTE rfc822Name 1 ia5string option=1
+ATTRIBUTE dNSName 2 ia5string option=2
+
+ATTRIBUTE uniformResourceIdentifier 6 ia5string option=6
+END accessLocation
+
+END accessDescription
+END 1.3.6.1.5.5.7.1.11
+
+ATTRIBUTE subjectKeyIdentifier 2.5.29.14 octetstring is_oid_leaf
+
+ATTRIBUTE keyUsage 2.5.29.15 struct subtype=bitstring,is_oid_leaf
+BEGIN 2.5.29.15
+MEMBER digitalSignature bit[1]
+MEMBER nonRepudation bit[1]
+MEMBER keyEncipherment bit[1]
+MEMBER dataEncipherment bit[1]
+MEMBER keyAgreement bit[1]
+MEMBER keyCertSign bit[1]
+MEMBER cRLSign bit[1]
+MEMBER encipherOnly bit[1]
+MEMBER decipherOnly bit[1]
+MEMBER unused_bits bit[7]
+END 2.5.29.15
+
+ATTRIBUTE subjectAltName 2.5.29.17 group ref=GeneralName,subtype=sequence,sequence_of=choice,is_oid_leaf
+
+ATTRIBUTE basicConstraints 2.5.29.19 sequence is_oid_leaf
+BEGIN 2.5.29.19
+DEFINE cA boolean has_default
+VALUE cA DEFAULT false
+DEFINE pathLenConstraint integer
+END 2.5.29.19
+
+ATTRIBUTE nameConstraints 2.5.29.30 sequence is_oid_leaf
+BEGIN 2.5.29.30
+DEFINE permittedSubtrees group ref=GeneralSubtree,sequence_of=sequence,option=0
+DEFINE excludedSubtrees group ref=GeneralSubtree,sequence_of=sequence,option=1
+END 2.5.29.30
+
+ATTRIBUTE cRLDIstributionPoints 2.5.29.31 sequence sequence_of=sequence,is_oid_leaf
+BEGIN 2.5.29.31
+DEFINE distributionPoint sequence
+BEGIN distributionPoint
+DEFINE distributionPointName sequence option=0
+BEGIN distributionPointName
+ATTRIBUTE fullName 0 group ref=GeneralName,subtype=sequence,sequence_of=choice,option=0
+ATTRIBUTE nameRelativeToCRLIssuer 1 sequence option=1
+BEGIN nameRelativeToCRLIssuer
+DEFINE RelativeDistinguishedName tlv subtype=set
+BEGIN RelativeDistinguishedName
+DEFINE AttributeTypeandValue group ref=OID-Tree,is_pair
+END RelativeDistinguishedName
+END nameRelativeToCRLIssuer
+END distributionPointName
+
+DEFINE reasons struct option=1
+BEGIN reasons
+MEMBER unused bit[1]
+MEMBER keyCompromise bit[1]
+MEMBER cACompromise bit[1]
+MEMBER affiliationChanged bit[1]
+MEMBER superseded bit[1]
+MEMBER cessationOfOperation bit[1]
+MEMBER certificateHold bit[1]
+MEMBER privilegeWithdrawn bit[1]
+MEMBER aACompromise bit[1]
+END reasons
+
+DEFINE cRLIssuer group ref=GeneralName,subtype=sequence,sequence_of=choice,option=2
+
+END distributionPoint
+END 2.5.29.31
+
+ATTRIBUTE certificatePolicies 2.5.29.32 sequence sequence_of=sequence,is_oid_leaf
+BEGIN 2.5.29.32
+DEFINE policyInformation sequence
+BEGIN policyInformation
+DEFINE policyIdentifier oid
+
+DEFINE policyQualifiers sequence sequence_of=sequence
+BEGIN policyQualifiers
+DEFINE policyQualifierInfo group ref=OID-Tree,is_pair
+END policyQualifiers
+
+END policyInformation
+END 2.5.29.32
+
+ATTRIBUTE policyMappings 2.5.29.33 sequence is_oid_leaf
+BEGIN 2.5.29.33
+DEFINE issuerDomainPolicy oid
+DEFINE subjectDomainPolicy oid
+END 2.5.29.33
+
+ATTRIBUTE authorityKeyIdentifier 2.5.29.35 sequence sequence_of=choice,is_oid_leaf
+BEGIN 2.5.29.35
+ATTRIBUTE keyIdentifier 0 octetstring option=0
+ATTRIBUTE authorityCertIssuer 1 group ref=GeneralName,subtype=sequence,sequence_of=choice,option=1
+ATTRIBUTE authorityCertSerialNumber 2 octetstring option=2
+END 2.5.29.35
+
+ATTRIBUTE policyConstraints 2.5.29.36 sequence is_oid_leaf
+BEGIN 2.5.29.36
+DEFINE requireExplicitPolicy octetstring option=0
+DEFINE inhibitPolicyMapping octetstring option=1
+END 2.5.29.36
+
+ATTRIBUTE extKeyUsage 2.5.29.37 sequence sequence_of=oid,is_oid_leaf
+#DEFINE extKeyUsageSyntax sequence
+BEGIN 2.5.29.37
+DEFINE keyPurposeId oid
+END 2.5.29.37
+
+ATTRIBUTE freshestCRL 2.5.29.46 sequence sequence_of=sequence,is_oid_leaf
+DEFINE distributionPoint sequence
+BEGIN distributionPoint
+DEFINE distributionPointName sequence option=0
+BEGIN distributionPointName
+ATTRIBUTE fullName 0 group ref=GeneralName,subtype=sequence,sequence_of=choice,option=0
+ATTRIBUTE nameRelativeToCRLIssuer 1 sequence option=1
+BEGIN nameRelativeToCRLIssuer
+DEFINE RelativeDistinguishedName tlv subtype=set
+BEGIN RelativeDistinguishedName
+DEFINE AttributeTypeandValue group ref=OID-Tree,is_pair
+END RelativeDistinguishedName
+END nameRelativeToCRLIssuer
+END distributionPointName
+
+DEFINE reasons struct option=1
+BEGIN reasons
+MEMBER unused bit[1]
+MEMBER keyCompromise bit[1]
+MEMBER cACompromise bit[1]
+MEMBER affiliationChanged bit[1]
+MEMBER superseded bit[1]
+MEMBER cessationOfOperation bit[1]
+MEMBER certificateHold bit[1]
+MEMBER privilegeWithdrawn bit[1]
+MEMBER aACompromise bit[1]
+END reasons
+
+DEFINE cRLIssuer group ref=GeneralName,subtype=sequence,sequence_of=choice,option=2
+
+END distributionPoint
+
+ATTRIBUTE inhibitAnyPolicy 2.5.29.54 integer is_oid_leaf
--- /dev/null
+# -*- text -*-
+# Copyright (C) 2025 Network RADIUS SAS (legal@networkradius.com)
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+DEFINE OID-Tree tlv
+BEGIN OID-Tree
+ATTRIBUTE iso 1 tlv
+ATTRIBUTE member-body 1.2 tlv
+ATTRIBUTE us 1.2.840 tlv
+ATTRIBUTE ansi-x962 1.2.840.10045 tlv
+ATTRIBUTE keyType 1.2.840.10045.2 tlv
+ATTRIBUTE ecPublicKey 1.2.840.10045.2.1 oid is_oid_leaf
+
+ATTRIBUTE signatures 1.2.840.10045.4 tlv
+ATTRIBUTE ecdsa-with-SHA2 1.2.840.10045.4.3 tlv
+ATTRIBUTE ecdsa-with-SHA384 1.2.840.10045.4.3.3 bool is_oid_leaf,has_default
+VALUE 1.2.840.10045.4.3.3 DEFAULT false
+
+ATTRIBUTE rsadsi 1.2.840.113549 tlv
+ATTRIBUTE pkcs 1.2.840.113549.1 tlv
+ATTRIBUTE pkcs-1 1.2.840.113549.1.1 tlv
+ATTRIBUTE rsaEncryption 1.2.840.113549.1.1.1 bool is_oid_leaf,subtype=null
+
+ATTRIBUTE sha256WithRSAEncryption 1.2.840.113549.1.1.11 bool is_oid_leaf,subtype=null
+
+ATTRIBUTE identified-organization 1.3 tlv
+ATTRIBUTE dod 1.3.6 tlv
+ATTRIBUTE internet 1.3.6.1 tlv
+ATTRIBUTE security 1.3.6.1.5 tlv
+ATTRIBUTE mechanisms 1.3.6.1.5.5 tlv
+ATTRIBUTE pkix 1.3.6.1.5.5.7 tlv
+ATTRIBUTE pe 1.3.6.1.5.5.7.1 tlv
+
+ATTRIBUTE joint-iso-itu-t 2 tlv
+ATTRIBUTE ds 2.5 tlv
+
+ATTRIBUTE attributeType 2.5.4 tlv
+ATTRIBUTE commonName 2.5.4.3 printablestring is_oid_leaf
+ATTRIBUTE countryName 2.5.4.6 string[2] subtype=printablestring,is_oid_leaf
+ATTRIBUTE serialNumber 2.5.4.5 printablestring is_oid_leaf
+ATTRIBUTE localityName 2.5.4.7 string is_oid_leaf
+ATTRIBUTE stateOrProvinceName 2.5.4.8 string is_oid_leaf
+ATTRIBUTE organizationName 2.5.4.10 printablestring is_oid_leaf
+
+ATTRIBUTE certificateExtension 2.5.29 tlv
+
+$INCLUDE dictionary.extensions
+
+END OID-Tree
--- /dev/null
+# -*- text -*-
+# Copyright (C) 2025 Network RADIUS SAS (legal@networkradius.com)
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+DEFINE CertificateRequest tlv
+BEGIN CertificateRequest
+
+DEFINE certificationRequestInfo tlv
+BEGIN certificationRequestInfo
+DEFINE version integer
+
+DEFINE subject tlv
+BEGIN subject
+DEFINE RelativeDistinguishedName tlv subtype=set
+BEGIN RelativeDistinguishedName
+DEFINE AttributeTypeandValue tlv
+BEGIN AttributeTypeAndValue
+DEFINE OID string subtype=oid
+DEFINE Value-Thing string subtype=utf8string
+END AttributeTypeAndValue
+END RelativeDistinguishedName
+END subject
+
+DEFINE subjectPublicKeyInfo tlv
+BEGIN subjectPublicKeyInfo
+DEFINE algorithm tlv
+BEGIN algorithm
+DEFINE OID string subtype=oid
+END algorithm
+DEFINE subjectPublicKey octets subtype=bitstring
+END subjectPublicKeyInfo
+
+DEFINE Attributes tlv class=context-specific,tagnum=0,subtype=sequence
+BEGIN Attributes
+DEFINE Attribute-thing tlv
+BEGIN Attribute-thing
+DEFINE OID string subtype=oid
+DEFINE Extensions group ref=OID-Tree,subtype=set,is_extensions
+END Attribute-thing
+END Attributes
+
+END certificationRequestInfo
+
+DEFINE signatureAlgorithm tlv
+BEGIN signatureAlgorithm
+DEFINE OID string subtype=oid
+END signatureAlgorithm
+
+DEFINE signature octets subtype=bitstring
+END CertificateRequest
--- /dev/null
+# -*- text -*-
+# Copyright (C) 2025 Network RADIUS SAS (legal@networkradius.com)
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+DEFINE Certificate tlv
+BEGIN Certificate
+
+DEFINE tbsCertificate tlv
+BEGIN tbsCertificate
+DEFINE version tlv class=context-specific,tagnum=0,subtype=sequence
+BEGIN version
+DEFINE VersionNum integer
+END version
+DEFINE serialNumber octets tagnum=2
+DEFINE signature group ref=OID-Tree,is_pair
+
+DEFINE issuer tlv subtype=sequence,sequence_of=set,is_pairs
+BEGIN issuer
+DEFINE RelativeDistinguishedName tlv subtype=set
+BEGIN RelativeDistinguishedName
+DEFINE AttributeTypeAndValue group ref=OID-Tree,is_pair
+END RelativeDistinguishedName
+END issuer
+
+DEFINE validity tlv
+BEGIN validity
+DEFINE notBefore utctime
+DEFINE notAfter utctime
+END validity
+
+DEFINE subject tlv sequence_of=set,is_pairs
+BEGIN subject
+DEFINE RelativeDistinguishedName tlv subtype=set
+BEGIN RelativeDistinguishedName
+DEFINE AttributeTypeandValue group ref=OID-Tree,is_pair
+END RelativeDistinguishedName
+END subject
+
+DEFINE subjectPublicKeyInfo tlv
+BEGIN subjectPublicKeyInfo
+DEFINE algorithm group ref=OID-Tree,is_pair
+DEFINE subjectPublicKey octets subtype=bitstring
+END subjectPublicKeyInfo
+
+DEFINE extensions x509_extensions ref=OID-Tree
+
+END tbsCertificate
+
+DEFINE signatureAlgorithm group ref=OID-Tree,is_pair
+
+DEFINE signature octets subtype=bitstring
+END Certificate
{ L("utf8string"), FR_DER_TAG_UTF8_STRING },
{ L("visiblestring"), FR_DER_TAG_VISIBLE_STRING },
};
-
static size_t tag_name_to_number_len = NUM_ELEMENTS(tag_name_to_number);
int fr_der_global_init(void)
static int dict_flag_tagnum(fr_dict_attr_t **da_p, char const *value, UNUSED fr_dict_flag_parser_rule_t const *rules)
{
fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
- long num;
+ unsigned long num;
char *end = NULL;
num = strtoul(value, &end, 10);
- if ((num > 255) || !*end) {
+ if ((num > 255) || *end) {
fr_strerror_printf("Invalid tag number '%s'", value);
return -1;
}
static bool attr_type(fr_type_t *type ,fr_dict_attr_t **da_p, char const *name)
{
- static fr_table_num_sorted_t const table[] = {
+ static fr_table_num_sorted_t const type_table[] = {
{ L("bitstring"), FR_TYPE_OCTETS },
{ L("boolean"), FR_TYPE_BOOL },
{ L("choice"), FR_TYPE_TLV },
{ L("visiblestring"), FR_TYPE_STRING },
{ L("x509_extensions"), FR_TYPE_GROUP }
};
- static size_t table_len = NUM_ELEMENTS(table);
+ static size_t type_table_len = NUM_ELEMENTS(type_table);
static fr_table_num_sorted_t const der_tag_table[] = {
{ L("bitstring"), FR_DER_TAG_BITSTRING },
fr_der_attr_flags_t *flags = fr_dict_attr_ext(*da_p, FR_DICT_ATTR_EXT_PROTOCOL_SPECIFIC);
fr_der_tag_num_t subtype;
- *type = fr_table_value_by_str(table, name, UINT8_MAX);
+ *type = fr_table_value_by_str(type_table, name, UINT8_MAX);
if (*type == UINT8_MAX) {
fr_strerror_printf("Invalid type '%s'", name);
return false;
dict_flag_sequence_of(da_p, "sequence", NULL);
}
- flags->is_choice =(strcmp(name, "choice") == 0);
+ flags->is_choice = (strcmp(name, "choice") == 0);
return true;
}
.valid = attr_valid
},
- .init = fr_der_global_init,
- .free = fr_der_global_free,
+ .init = fr_der_global_init,
+ .free = fr_der_global_free,
// .decode = fr_der_decode_foreign,
// .encode = fr_der_encode_foreign,
projects / thirdparty / freeradius-server.git / commitdiff
