Feature/der encoder decoder

share/dictionary/der/dictionary

@@ -0,0 +1,19 @@
+# -*- text -*-
+# Copyright (C) 2025 The FreeRADIUS Server project and contributors
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+#
+#	The FreeRADIUS Vendor-Specific dictionary for TLS operations.
+#
+# Version:	$Id$
+#
+
+PROTOCOL	DER		11354911
+BEGIN-PROTOCOL DER
+
+$INCLUDE dictionary.common
+$INCLUDE dictionary.oids
+$INCLUDE dictionary.rfc2986
+$INCLUDE dictionary.rfc5280
+
+END-PROTOCOL DER

share/dictionary/der/dictionary.common

@@ -0,0 +1,59 @@
+# -*- text -*-
+# Copyright (C) 2025 The FreeRADIUS Server project and contributors
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+DEFINE	GeneralName					choice
+BEGIN GeneralName
+
+ATTRIBUTE	otherName				0	sequence option=0
+BEGIN otherName
+DEFINE	type-id						string subtype=oid
+DEFINE	Value-thing					tlv subtype=sequence,class=context-specific,tagnum=0
+BEGIN Value-thing
+DEFINE	userPrincipalName				string subtype=utf8string
+END Value-thing
+END otherName
+
+ATTRIBUTE	rfc822Name				1	ia5string option=1
+ATTRIBUTE	dNSName					2	ia5string option=2
+
+ATTRIBUTE	directoryName				4	sequence  option=4
+BEGIN directoryName
+DEFINE	RDNSequence					sequence        sequence_of=set
+BEGIN RDNSequence
+DEFINE	RelativeDistinguishedName			set
+BEGIN RelativeDistinguishedName
+DEFINE	AttributeTypeAndValue				group   ref=OID-Tree,is_pair
+END RelativeDistinguishedName
+END RDNSequence
+END directoryName
+
+ATTRIBUTE	uniformResourceIdentifier		6	ia5string option=6
+
+END GeneralName
+
+DEFINE	DirectoryName					choice
+BEGIN DirectoryName
+ATTRIBUTE	printableString				19	printablestring
+ATTRIBUTE	universalString				28	universalstring
+ATTRIBUTE	utf8String				12	utf8string
+END DirectoryName
+
+DEFINE	GeneralSubtree					sequence
+BEGIN GeneralSubtree
+DEFINE	base						sequence        clone=GeneralName
+DEFINE	minimum						integer         option=0,has_default
+VALUE	minimum				DEFAULT			0
+DEFINE	maximum						integer         option=1
+END GeneralSubtree
+
+DEFINE	Name						sequence
+BEGIN Name
+DEFINE	RDNSequence					sequence        sequence_of=set
+BEGIN RDNSequence
+DEFINE	RelativeDistinguishedName			set
+BEGIN RelativeDistinguishedName
+DEFINE	AttributeTypeAndValue				group   ref=OID-Tree,is_pair
+END RelativeDistinguishedName
+END RDNSequence
+END Name

share/dictionary/der/dictionary.extensions

@@ -0,0 +1,195 @@
+# -*- text -*-
+# Copyright (C) 2025 The FreeRADIUS Server project and contributors
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+DEFINE	Critical					group ref=OID-Tree
+
+ATTRIBUTE	authorityInfoAccess			1.3.6.1.5.5.7.1.1	sequence        sequence_of=sequence,is_oid_leaf
+BEGIN 1.3.6.1.5.5.7.1.1
+DEFINE	accessDescription				sequence
+BEGIN accessDescription
+DEFINE	accessMethod					oid
+
+DEFINE	accessLocation					choice
+BEGIN accessLocation
+ATTRIBUTE	otherName				0	sequence option=0
+BEGIN otherName
+DEFINE	type-id						string subtype=oid
+DEFINE	Value-thing					tlv subtype=sequence,class=context-specific,tagnum=0
+BEGIN Value-thing
+DEFINE	userPrincipalName				string subtype=utf8string
+END Value-thing
+END otherName
+
+ATTRIBUTE	rfc822Name				1	ia5string option=1
+ATTRIBUTE	dNSName					2	ia5string option=2
+
+ATTRIBUTE	uniformResourceIdentifier		6	ia5string option=6
+END accessLocation
+
+END accessDescription
+END 1.3.6.1.5.5.7.1.1
+
+ATTRIBUTE	subjectInfoAccess			1.3.6.1.5.5.7.1.11	sequence        sequence_of=sequence,is_oid_leaf
+BEGIN 1.3.6.1.5.5.7.1.11
+DEFINE	accessDescription				sequence
+BEGIN accessDescription
+DEFINE	accessMethod					oid
+
+DEFINE	accessLocation					choice
+BEGIN accessLocation
+ATTRIBUTE	otherName				0	sequence option=0
+BEGIN otherName
+DEFINE	type-id						string subtype=oid
+DEFINE	Value-thing					tlv subtype=sequence,class=context-specific,tagnum=0
+BEGIN Value-thing
+DEFINE	userPrincipalName				string subtype=utf8string
+END Value-thing
+END otherName
+
+ATTRIBUTE	rfc822Name				1	ia5string option=1
+ATTRIBUTE	dNSName					2	ia5string option=2
+
+ATTRIBUTE	uniformResourceIdentifier		6	ia5string option=6
+END accessLocation
+
+END accessDescription
+END 1.3.6.1.5.5.7.1.11
+
+ATTRIBUTE	subjectKeyIdentifier			2.5.29.14	octetstring     is_oid_leaf
+
+ATTRIBUTE	keyUsage				2.5.29.15	struct  subtype=bitstring,is_oid_leaf
+BEGIN 2.5.29.15
+MEMBER		digitalSignature			bit[1]
+MEMBER		nonRepudation				bit[1]
+MEMBER		keyEncipherment				bit[1]
+MEMBER		dataEncipherment			bit[1]
+MEMBER		keyAgreement				bit[1]
+MEMBER		keyCertSign				bit[1]
+MEMBER		cRLSign					bit[1]
+MEMBER		encipherOnly				bit[1]
+MEMBER		decipherOnly				bit[1]
+MEMBER		unused_bits				bit[7]
+END 2.5.29.15
+
+ATTRIBUTE	subjectAltName				2.5.29.17	group ref=GeneralName,subtype=sequence,sequence_of=choice,is_oid_leaf
+
+ATTRIBUTE	basicConstraints			2.5.29.19	sequence is_oid_leaf
+BEGIN 2.5.29.19
+DEFINE	cA						boolean has_default
+VALUE	cA				DEFAULT			false
+DEFINE	pathLenConstraint				integer
+END 2.5.29.19
+
+ATTRIBUTE	nameConstraints				2.5.29.30	sequence        is_oid_leaf
+BEGIN 2.5.29.30
+DEFINE	permittedSubtrees				group   ref=GeneralSubtree,sequence_of=sequence,option=0
+DEFINE	excludedSubtrees				group   ref=GeneralSubtree,sequence_of=sequence,option=1
+END 2.5.29.30
+
+ATTRIBUTE	cRLDIstributionPoints			2.5.29.31	sequence        sequence_of=sequence,is_oid_leaf
+BEGIN 2.5.29.31
+DEFINE	distributionPoint				sequence
+BEGIN distributionPoint
+DEFINE	distributionPointName				sequence  option=0
+BEGIN distributionPointName
+ATTRIBUTE	fullName				0	group   ref=GeneralName,subtype=sequence,sequence_of=choice,option=0
+ATTRIBUTE	nameRelativeToCRLIssuer			1	sequence        option=1
+BEGIN nameRelativeToCRLIssuer
+DEFINE	RelativeDistinguishedName			tlv subtype=set
+BEGIN RelativeDistinguishedName
+DEFINE	AttributeTypeandValue				group ref=OID-Tree,is_pair
+END RelativeDistinguishedName
+END nameRelativeToCRLIssuer
+END distributionPointName
+
+DEFINE	reasons						struct  option=1
+BEGIN reasons
+MEMBER		unused					bit[1]
+MEMBER		keyCompromise				bit[1]
+MEMBER		cACompromise				bit[1]
+MEMBER		affiliationChanged			bit[1]
+MEMBER		superseded				bit[1]
+MEMBER		cessationOfOperation			bit[1]
+MEMBER		certificateHold				bit[1]
+MEMBER		privilegeWithdrawn			bit[1]
+MEMBER		aACompromise				bit[1]
+END reasons
+
+DEFINE	cRLIssuer					group   ref=GeneralName,subtype=sequence,sequence_of=choice,option=2
+
+END distributionPoint
+END 2.5.29.31
+
+ATTRIBUTE	certificatePolicies			2.5.29.32	sequence        sequence_of=sequence,is_oid_leaf
+BEGIN 2.5.29.32
+DEFINE	policyInformation				sequence
+BEGIN policyInformation
+DEFINE	policyIdentifier				oid
+
+DEFINE	policyQualifiers				sequence        sequence_of=sequence
+BEGIN policyQualifiers
+DEFINE	policyQualifierInfo				group           ref=OID-Tree,is_pair
+END policyQualifiers
+
+END policyInformation
+END 2.5.29.32
+
+ATTRIBUTE	policyMappings				2.5.29.33	sequence        is_oid_leaf
+BEGIN 2.5.29.33
+DEFINE	issuerDomainPolicy				oid
+DEFINE	subjectDomainPolicy				oid
+END 2.5.29.33
+
+ATTRIBUTE	authorityKeyIdentifier			2.5.29.35	sequence        sequence_of=choice,is_oid_leaf
+BEGIN 2.5.29.35
+ATTRIBUTE	keyIdentifier				0	octetstring  option=0
+ATTRIBUTE	authorityCertIssuer			1	group   ref=GeneralName,subtype=sequence,sequence_of=choice,option=1
+ATTRIBUTE	authorityCertSerialNumber		2	octetstring option=2
+END 2.5.29.35
+
+ATTRIBUTE	policyConstraints			2.5.29.36	sequence        is_oid_leaf
+BEGIN 2.5.29.36
+DEFINE	requireExplicitPolicy				octetstring option=0
+DEFINE	inhibitPolicyMapping				octetstring option=1
+END 2.5.29.36
+
+ATTRIBUTE	extKeyUsage				2.5.29.37	sequence        sequence_of=oid,is_oid_leaf
+#DEFINE extKeyUsageSyntax        sequence
+BEGIN 2.5.29.37
+DEFINE	keyPurposeId					oid
+END 2.5.29.37
+
+ATTRIBUTE	freshestCRL				2.5.29.46	sequence        sequence_of=sequence,is_oid_leaf
+DEFINE	distributionPoint				sequence
+BEGIN distributionPoint
+DEFINE	distributionPointName				sequence  option=0
+BEGIN distributionPointName
+ATTRIBUTE	fullName				0	group   ref=GeneralName,subtype=sequence,sequence_of=choice,option=0
+ATTRIBUTE	nameRelativeToCRLIssuer			1	sequence        option=1
+BEGIN nameRelativeToCRLIssuer
+DEFINE	RelativeDistinguishedName			tlv subtype=set
+BEGIN RelativeDistinguishedName
+DEFINE	AttributeTypeandValue				group ref=OID-Tree,is_pair
+END RelativeDistinguishedName
+END nameRelativeToCRLIssuer
+END distributionPointName
+
+DEFINE	reasons						struct  option=1
+BEGIN reasons
+MEMBER		unused					bit[1]
+MEMBER		keyCompromise				bit[1]
+MEMBER		cACompromise				bit[1]
+MEMBER		affiliationChanged			bit[1]
+MEMBER		superseded				bit[1]
+MEMBER		cessationOfOperation			bit[1]
+MEMBER		certificateHold				bit[1]
+MEMBER		privilegeWithdrawn			bit[1]
+MEMBER		aACompromise				bit[1]
+END reasons
+
+DEFINE	cRLIssuer					group   ref=GeneralName,subtype=sequence,sequence_of=choice,option=2
+
+END distributionPoint
+
+ATTRIBUTE	inhibitAnyPolicy			2.5.29.54	integer is_oid_leaf

share/dictionary/der/dictionary.oids

@@ -0,0 +1,49 @@
+# -*- text -*-
+# Copyright (C) 2025 The FreeRADIUS Server project and contributors
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+DEFINE	OID-Tree					tlv
+BEGIN OID-Tree
+ATTRIBUTE	iso					1	tlv
+ATTRIBUTE	member-body				1.2	tlv
+ATTRIBUTE	us					1.2.840	tlv
+ATTRIBUTE	ansi-x962				1.2.840.10045	tlv
+ATTRIBUTE	keyType					1.2.840.10045.2	tlv
+ATTRIBUTE	ecPublicKey				1.2.840.10045.2.1	oid     is_oid_leaf
+
+ATTRIBUTE	signatures				1.2.840.10045.4	tlv
+ATTRIBUTE	ecdsa-with-SHA2				1.2.840.10045.4.3	tlv
+ATTRIBUTE	ecdsa-with-SHA384			1.2.840.10045.4.3.3	bool     is_oid_leaf,has_default
+VALUE 1.2.840.10045.4.3.3       DEFAULT false
+
+ATTRIBUTE	rsadsi					1.2.840.113549	tlv
+ATTRIBUTE	pkcs					1.2.840.113549.1	tlv
+ATTRIBUTE	pkcs-1					1.2.840.113549.1.1	tlv
+ATTRIBUTE	rsaEncryption				1.2.840.113549.1.1.1	bool    is_oid_leaf,subtype=null
+
+ATTRIBUTE	sha256WithRSAEncryption			1.2.840.113549.1.1.11	bool    is_oid_leaf,subtype=null
+
+ATTRIBUTE	identified-organization			1.3	tlv
+ATTRIBUTE	dod					1.3.6	tlv
+ATTRIBUTE	internet				1.3.6.1	tlv
+ATTRIBUTE	security				1.3.6.1.5	tlv
+ATTRIBUTE	mechanisms				1.3.6.1.5.5	tlv
+ATTRIBUTE	pkix					1.3.6.1.5.5.7	tlv
+ATTRIBUTE	pe					1.3.6.1.5.5.7.1	tlv
+
+ATTRIBUTE	joint-iso-itu-t				2	tlv
+ATTRIBUTE	ds					2.5	tlv
+
+ATTRIBUTE	attributeType				2.5.4	tlv
+ATTRIBUTE	commonName				2.5.4.3	printablestring is_oid_leaf
+ATTRIBUTE	countryName				2.5.4.6	string[2]       subtype=printablestring,is_oid_leaf
+ATTRIBUTE	serialNumber				2.5.4.5	printablestring is_oid_leaf
+ATTRIBUTE	localityName				2.5.4.7	string  is_oid_leaf
+ATTRIBUTE	stateOrProvinceName			2.5.4.8	string  is_oid_leaf
+ATTRIBUTE	organizationName			2.5.4.10	printablestring is_oid_leaf
+
+ATTRIBUTE	certificateExtension			2.5.29	tlv
+
+$INCLUDE dictionary.extensions
+
+END OID-Tree

share/dictionary/der/dictionary.rfc2986

@@ -0,0 +1,51 @@
+# -*- text -*-
+# Copyright (C) 2025 The FreeRADIUS Server project and contributors
+# This work is licensed under CC-BY version 4.0 https://creativecommons.org/licenses/by/4.0
+# Version $Id$
+#--MINIMAL CLONING--
+DEFINE	CertificationRequest-Cloneless			tlv
+BEGIN CertificationRequest-Cloneless
+
+DEFINE	certificationRequestInfo			tlv
+BEGIN certificationRequestInfo
+DEFINE	version						integer
+
+DEFINE	subject						tlv
+BEGIN subject
+DEFINE	RelativeDistinguishedName			tlv subtype=set
+BEGIN RelativeDistinguishedName
+DEFINE	AttributeTypeandValue				tlv
+BEGIN AttributeTypeAndValue
+DEFINE	OID						string subtype=oid
+DEFINE	Value-Thing					string subtype=utf8string
+END AttributeTypeAndValue
+END RelativeDistinguishedName
+END subject
+
+DEFINE	subjectPublicKeyInfo				tlv
+BEGIN subjectPublicKeyInfo
+DEFINE	algorithm					tlv
+BEGIN algorithm
+DEFINE	OID						string subtype=oid
+END algorithm
+DEFINE	subjectPublicKey				octets subtype=bitstring
+END subjectPublicKeyInfo
+
+DEFINE	Attributes					tlv class=context-specific,tagnum=0,subtype=sequence
+BEGIN Attributes
+DEFINE	Attribute-thing					tlv
+BEGIN Attribute-thing
+DEFINE	OID						string subtype=oid
+DEFINE	Extensions					group ref=OID-Tree,subtype=set,is_extensions
+END Attribute-thing
+END Attributes
+
+END certificationRequestInfo
+
+DEFINE	signatureAlgorithm				tlv
+BEGIN signatureAlgorithm
+DEFINE	OID						string subtype=oid
+END signatureAlgorithm
+
+DEFINE	signature					octets subtype=bitstring
+END CertificationRequest-Cloneless