Support signing of RADIUS response messages
[strongswan.git] / src / libcharon / plugins / eap_radius / radius_message.h
index 266839d..3557145 100644 (file)
@@ -37,6 +37,12 @@ enum radius_message_code_t {
        RMC_ACCOUNTING_REQUEST = 4,
        RMC_ACCOUNTING_RESPONSE = 5,
        RMC_ACCESS_CHALLENGE = 11,
+       RMC_DISCONNECT_REQUEST = 40,
+       RMC_DISCONNECT_ACK = 41,
+       RMC_DISCONNECT_NAK = 42,
+       RMC_COA_REQUEST = 43,
+       RMC_COA_ACK = 44,
+       RMC_COA_NAK = 45,
 };
 
 /**
@@ -236,18 +242,22 @@ struct radius_message_t {
        /**
         * Calculate and add the Message-Authenticator attribute to the message.
         *
-        * @param rng                   RNG to create Request-Authenticator
+        * @param req_auth              16 byte Authenticator of request, or NULL
+        * @param secret                shared RADIUS secret
         * @param signer                HMAC-MD5 signer with secret set
+        * @param hasher                MD5 hasher
+        * @param rng                   RNG to create Message-Authenticator, NULL to omit
         */
-       void (*sign)(radius_message_t *this, rng_t *rng, signer_t *signer);
+       void (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
+                                hasher_t *hasher, signer_t *signer, rng_t *rng);
 
        /**
-        * Verify the integrity of a received RADIUS response.
+        * Verify the integrity of a received RADIUS message.
         *
-        * @param req_auth              16 byte Authenticator of the corresponding request
+        * @param req_auth              16 byte Authenticator of request, or NULL
         * @param secret                shared RADIUS secret
-        * @param hasher                hasher to verify Response-Authenticator
-        * @param signer                signer to verify Message-Authenticator attribute
+        * @param signer                HMAC-MD5 signer with secret set
+        * @param hasher                MD5 hasher
         */
        bool (*verify)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret,
                                   hasher_t *hasher, signer_t *signer);
@@ -259,18 +269,19 @@ struct radius_message_t {
 };
 
 /**
- * Create an empty RADIUS request message (RMT_ACCESS_REQUEST).
+ * Create an empty RADIUS message.
  *
+ * @param code                 request type
  * @return                             radius_message_t object
  */
-radius_message_t *radius_message_create_request();
+radius_message_t *radius_message_create(radius_message_code_t code);
 
 /**
- * Parse and verify a recevied RADIUS response.
+ * Parse and verify a recevied RADIUS message.
  *
  * @param data                 received message data
  * @return                             radius_message_t object, NULL if length invalid
  */
-radius_message_t *radius_message_parse_response(chunk_t data);
+radius_message_t *radius_message_parse(chunk_t data);
 
 #endif /** RADIUS_MESSAGE_H_ @}*/