updated Doxyfile
[strongswan.git] / src / charon / plugins / eap_radius / radius_message.h
1 /*
2 * Copyright (C) 2009 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 *
15 * $Id$
16 */
17
18 /**
19 * @defgroup radius_message radius_message
20 * @{ @ingroup eap_radius
21 */
22
23 #ifndef RADIUS_MESSAGE_H_
24 #define RADIUS_MESSAGE_H_
25
26 #include <library.h>
27
28 typedef struct radius_message_t radius_message_t;
29 typedef enum radius_message_code_t radius_message_code_t;
30 typedef enum radius_attribute_type_t radius_attribute_type_t;
31
32 /**
33 * RADIUS Message Codes.
34 */
35 enum radius_message_code_t {
36 RMC_ACCESS_REQUEST = 1,
37 RMC_ACCESS_ACCEPT = 2,
38 RMC_ACCESS_REJECT = 3,
39 RMC_ACCOUNTING_REQUEST = 4,
40 RMC_ACCOUNTING_RESPONSE = 5,
41 RMC_ACCESS_CHALLENGE = 11,
42 };
43
44 /**
45 * Enum names for radius_attribute_type_t.
46 */
47 extern enum_name_t *radius_message_code_names;
48
49 /**
50 * RADIUS Attribute Types.
51 */
52 enum radius_attribute_type_t {
53 RAT_USER_NAME = 1,
54 RAT_USER_PASSWORD = 2,
55 RAT_CHAP_PASSWORD = 3,
56 RAT_NAS_IP_ADDRESS = 4,
57 RAT_NAS_PORT = 5,
58 RAT_SERVICE_TYPE = 6,
59 RAT_FRAMED_PROTOCOL = 7,
60 RAT_FRAMED_IP_ADDRESS = 8,
61 RAT_FRAMED_IP_NETMASK = 9,
62 RAT_FRAMED_ROUTING = 10,
63 RAT_FILTER_ID = 11,
64 RAT_FRAMED_MTU = 12,
65 RAT_FRAMED_COMPRESSION = 13,
66 RAT_LOGIN_IP_HOST = 14,
67 RAT_LOGIN_SERVICE = 15,
68 RAT_LOGIN_TCP_PORT = 16,
69 RAT_REPLY_MESSAGE = 18,
70 RAT_CALLBACK_NUMBER = 19,
71 RAT_CALLBACK_ID = 20,
72 RAT_FRAMED_ROUTE = 22,
73 RAT_FRAMED_IPX_NETWORK = 23,
74 RAT_STATE = 24,
75 RAT_CLASS = 25,
76 RAT_VENDOR_SPECIFIC = 26,
77 RAT_SESSION_TIMEOUT = 27,
78 RAT_IDLE_TIMEOUT = 28,
79 RAT_TERMINATION_ACTION = 29,
80 RAT_CALLED_STATION_ID = 30,
81 RAT_CALLING_STATION_ID = 31,
82 RAT_NAS_IDENTIFIER = 32,
83 RAT_PROXY_STATE = 33,
84 RAT_LOGIN_LAT_SERVICE = 34,
85 RAT_LOGIN_LAT_NODE = 35,
86 RAT_LOGIN_LAT_GROUP = 36,
87 RAT_FRAMED_APPLETALK_LINK = 37,
88 RAT_FRAMED_APPLETALK_NETWORK = 38,
89 RAT_FRAMED_APPLETALK_ZONE = 39,
90 RAT_ACCT_STATUS_TYPE = 40,
91 RAT_ACCT_DELAY_TIME = 41,
92 RAT_ACCT_INPUT_OCTETS = 42,
93 RAT_ACCT_OUTPUT_OCTETS = 43,
94 RAT_ACCT_SESSION_ID = 44,
95 RAT_ACCT_AUTHENTIC = 45,
96 RAT_ACCT_SESSION_TIME = 46,
97 RAT_ACCT_INPUT_PACKETS = 47,
98 RAT_ACCT_OUTPUT_PACKETS = 48,
99 RAT_ACCT_TERMINATE_CAUSE = 49,
100 RAT_ACCT_MULTI_SESSION_ID = 50,
101 RAT_ACCT_LINK_COUNT = 51,
102 RAT_ACCT_INPUT_GIGAWORDS = 52,
103 RAT_ACCT_OUTPUT_GIGAWORDS = 53,
104 RAT_EVENT_TIMESTAMP = 55,
105 RAT_EGRESS_VLANID = 56,
106 RAT_INGRESS_FILTERS = 57,
107 RAT_EGRESS_VLAN_NAME = 58,
108 RAT_USER_PRIORITY_TABLE = 59,
109 RAT_CHAP_CHALLENGE = 60,
110 RAT_NAS_PORT_TYPE = 61,
111 RAT_PORT_LIMIT = 62,
112 RAT_LOGIN_LAT_PORT = 63,
113 RAT_TUNNEL_TYPE = 64,
114 RAT_TUNNEL_MEDIUM_TYPE = 65,
115 RAT_TUNNEL_CLIENT_ENDPOINT = 66,
116 RAT_TUNNEL_SERVER_ENDPOINT = 67,
117 RAT_ACCT_TUNNEL_CONNECTION = 68,
118 RAT_TUNNEL_PASSWORD = 69,
119 RAT_ARAP_PASSWORD = 70,
120 RAT_ARAP_FEATURES = 71,
121 RAT_ARAP_ZONE_ACCESS = 72,
122 RAT_ARAP_SECURITY = 73,
123 RAT_ARAP_SECURITY_DATA = 74,
124 RAT_PASSWORD_RETRY = 75,
125 RAT_PROMPT = 76,
126 RAT_CONNECT_INFO = 77,
127 RAT_CONFIGURATION_TOKEN = 78,
128 RAT_EAP_MESSAGE = 79,
129 RAT_MESSAGE_AUTHENTICATOR = 80,
130 RAT_TUNNEL_PRIVATE_GROUP_ID = 81,
131 RAT_TUNNEL_ASSIGNMENT_ID = 82,
132 RAT_TUNNEL_PREFERENCE = 83,
133 RAT_ARAP_CHALLENGE_RESPONSE = 84,
134 RAT_ACCT_INTERIM_INTERVAL = 85,
135 RAT_ACCT_TUNNEL_PACKETS_LOST = 86,
136 RAT_NAS_PORT_ID = 87,
137 RAT_FRAMED_POOL = 88,
138 RAT_CUI = 89,
139 RAT_TUNNEL_CLIENT_AUTH_ID = 90,
140 RAT_TUNNEL_SERVER_AUTH_ID = 91,
141 RAT_NAS_FILTER_RULE = 92,
142 RAT_UNASSIGNED = 93,
143 RAT_ORIGINATING_LINE_INFO = 94,
144 RAT_NAS_IPV6_ADDRESS = 95,
145 RAT_FRAMED_INTERFACE_ID = 96,
146 RAT_FRAMED_IPV6_PREFIX = 97,
147 RAT_LOGIN_IPV6_HOST = 98,
148 RAT_FRAMED_IPV6_ROUTE = 99,
149 RAT_FRAMED_IPV6_POOL = 100,
150 RAT_ERROR_CAUSE = 101,
151 RAT_EAP_KEY_NAME = 102,
152 RAT_DIGEST_RESPONSE = 103,
153 RAT_DIGEST_REALM = 104,
154 RAT_DIGEST_NONCE = 105,
155 RAT_DIGEST_RESPONSE_AUTH = 106,
156 RAT_DIGEST_NEXTNONCE = 107,
157 RAT_DIGEST_METHOD = 108,
158 RAT_DIGEST_URI = 109,
159 RAT_DIGEST_QOP = 110,
160 RAT_DIGEST_ALGORITHM = 111,
161 RAT_DIGEST_ENTITY_BODY_HASH = 112,
162 RAT_DIGEST_CNONCE = 113,
163 RAT_DIGEST_NONCE_COUNT = 114,
164 RAT_DIGEST_USERNAME = 115,
165 RAT_DIGEST_OPAQUE = 116,
166 RAT_DIGEST_AUTH_PARAM = 117,
167 RAT_DIGEST_AKA_AUTS = 118,
168 RAT_DIGEST_DOMAIN = 119,
169 RAT_DIGEST_STALE = 120,
170 RAT_DIGEST_HA1 = 121,
171 RAT_SIP_AOR = 122,
172 RAT_DELEGATED_IPV6_PREFIX = 123,
173 RAT_MIP6_FEATURE_VECTOR = 124,
174 RAT_MIP6_HOME_LINK_PREFIX = 125,
175 };
176
177 /**
178 * Enum names for radius_attribute_type_t.
179 */
180 extern enum_name_t *radius_attribute_type_names;
181
182 /**
183 * A RADIUS message, contains attributes.
184 */
185 struct radius_message_t {
186
187 /**
188 * Create an enumerator over contained RADIUS attributes.
189 *
190 * @return enumerator over (int type, chunk_t data)
191 */
192 enumerator_t* (*create_enumerator)(radius_message_t *this);
193
194 /**
195 * Add a RADIUS attribute to the message.
196 *
197 * @param type type of attribute to add
198 * @param attribute data, gets cloned
199 */
200 void (*add)(radius_message_t *this, radius_attribute_type_t type,
201 chunk_t data);
202
203 /**
204 * Get the message type (code).
205 *
206 * @return message code
207 */
208 radius_message_code_t (*get_code)(radius_message_t *this);
209
210 /**
211 * Get the message identifier.
212 *
213 * @return message identifier
214 */
215 u_int8_t (*get_identifier)(radius_message_t *this);
216
217 /**
218 * Set the message identifier.
219 *
220 * @param identifier message identifier
221 */
222 void (*set_identifier)(radius_message_t *this, u_int8_t identifier);
223
224 /**
225 * Get the 16 byte authenticator.
226 *
227 * @return pointer to the Authenticator field
228 */
229 u_int8_t* (*get_authenticator)(radius_message_t *this);
230
231 /**
232 * Get the RADIUS message in its encoded form.
233 *
234 * @return chunk pointing to internal RADIUS message.
235 */
236 chunk_t (*get_encoding)(radius_message_t *this);
237
238 /**
239 * Calculate and add the Message-Authenticator attribute to the message.
240 *
241 * @param rng RNG to create Request-Authenticator
242 * @param signer HMAC-MD5 signer with secret set
243 */
244 void (*sign)(radius_message_t *this, rng_t *rng, signer_t *signer);
245
246 /**
247 * Verify the integrity of a received RADIUS response.
248 *
249 * @param req_auth 16 byte Authenticator of the corresponding request
250 * @param secret shared RADIUS secret
251 * @param hasher hasher to verify Response-Authenticator
252 * @param signer signer to verify Message-Authenticator attribute
253 */
254 bool (*verify)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
255 hasher_t *hasher, signer_t *signer);
256
257 /**
258 * Destroy the message.
259 */
260 void (*destroy)(radius_message_t *this);
261 };
262
263 /**
264 * Create an empty RADIUS request message (RMT_ACCESS_REQUEST).
265 *
266 * @return radius_message_t object
267 */
268 radius_message_t *radius_message_create_request();
269
270 /**
271 * Parse and verify a recevied RADIUS response.
272 *
273 * @param data received message data
274 * @return radius_message_t object, NULL if length invalid
275 */
276 radius_message_t *radius_message_parse_response(chunk_t data);
277
278 #endif /** RADIUS_MESSAGE_H_ @}*/