Annotation of embedaddon/strongswan/src/libradius/radius_message.h, revision 1.1.1.1

1.1       misho       1: /*
                      2:  * Copyright (C) 2009 Martin Willi
                      3:  * HSR Hochschule fuer Technik Rapperswil
                      4:  *
                      5:  * This program is free software; you can redistribute it and/or modify it
                      6:  * under the terms of the GNU General Public License as published by the
                      7:  * Free Software Foundation; either version 2 of the License, or (at your
                      8:  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
                      9:  *
                     10:  * This program is distributed in the hope that it will be useful, but
                     11:  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
                     12:  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
                     13:  * for more details.
                     14:  */
                     15: 
                     16: /**
                     17:  * @defgroup libradius libradius
                     18:  *
                     19:  * @addtogroup libradius
                     20:  * RADIUS protocol support library.
                     21:  *
                     22:  * @defgroup radius_message radius_message
                     23:  * @{ @ingroup libradius
                     24:  */
                     25: 
                     26: #ifndef RADIUS_MESSAGE_H_
                     27: #define RADIUS_MESSAGE_H_
                     28: 
                     29: #include <library.h>
                     30: #include <pen/pen.h>
                     31: 
                     32: #define MAX_RADIUS_ATTRIBUTE_SIZE      253
                     33: 
                     34: #define RADIUS_TUNNEL_TYPE_ESP         9
                     35: 
                     36: typedef struct radius_message_t radius_message_t;
                     37: typedef enum radius_message_code_t radius_message_code_t;
                     38: typedef enum radius_attribute_type_t radius_attribute_type_t;
                     39: 
                     40: /**
                     41:  * RADIUS Message Codes.
                     42:  */
                     43: enum radius_message_code_t {
                     44:        RMC_ACCESS_REQUEST = 1,
                     45:        RMC_ACCESS_ACCEPT = 2,
                     46:        RMC_ACCESS_REJECT = 3,
                     47:        RMC_ACCOUNTING_REQUEST = 4,
                     48:        RMC_ACCOUNTING_RESPONSE = 5,
                     49:        RMC_ACCESS_CHALLENGE = 11,
                     50:        RMC_DISCONNECT_REQUEST = 40,
                     51:        RMC_DISCONNECT_ACK = 41,
                     52:        RMC_DISCONNECT_NAK = 42,
                     53:        RMC_COA_REQUEST = 43,
                     54:        RMC_COA_ACK = 44,
                     55:        RMC_COA_NAK = 45,
                     56: };
                     57: 
                     58: /**
                     59:  * Enum names for radius_attribute_type_t.
                     60:  */
                     61: extern enum_name_t *radius_message_code_names;
                     62: 
                     63: /**
                     64:  * RADIUS Attribute Types.
                     65:  */
                     66: enum radius_attribute_type_t {
                     67:        RAT_USER_NAME = 1,
                     68:        RAT_USER_PASSWORD = 2,
                     69:        RAT_CHAP_PASSWORD = 3,
                     70:        RAT_NAS_IP_ADDRESS = 4,
                     71:        RAT_NAS_PORT = 5,
                     72:        RAT_SERVICE_TYPE = 6,
                     73:        RAT_FRAMED_PROTOCOL = 7,
                     74:        RAT_FRAMED_IP_ADDRESS = 8,
                     75:        RAT_FRAMED_IP_NETMASK = 9,
                     76:        RAT_FRAMED_ROUTING = 10,
                     77:        RAT_FILTER_ID = 11,
                     78:        RAT_FRAMED_MTU = 12,
                     79:        RAT_FRAMED_COMPRESSION = 13,
                     80:        RAT_LOGIN_IP_HOST = 14,
                     81:        RAT_LOGIN_SERVICE = 15,
                     82:        RAT_LOGIN_TCP_PORT = 16,
                     83:        RAT_REPLY_MESSAGE = 18,
                     84:        RAT_CALLBACK_NUMBER = 19,
                     85:        RAT_CALLBACK_ID = 20,
                     86:        RAT_FRAMED_ROUTE = 22,
                     87:        RAT_FRAMED_IPX_NETWORK = 23,
                     88:        RAT_STATE = 24,
                     89:        RAT_CLASS = 25,
                     90:        RAT_VENDOR_SPECIFIC = 26,
                     91:        RAT_SESSION_TIMEOUT = 27,
                     92:        RAT_IDLE_TIMEOUT = 28,
                     93:        RAT_TERMINATION_ACTION = 29,
                     94:        RAT_CALLED_STATION_ID = 30,
                     95:        RAT_CALLING_STATION_ID = 31,
                     96:        RAT_NAS_IDENTIFIER = 32,
                     97:        RAT_PROXY_STATE = 33,
                     98:        RAT_LOGIN_LAT_SERVICE = 34,
                     99:        RAT_LOGIN_LAT_NODE = 35,
                    100:        RAT_LOGIN_LAT_GROUP = 36,
                    101:        RAT_FRAMED_APPLETALK_LINK = 37,
                    102:        RAT_FRAMED_APPLETALK_NETWORK = 38,
                    103:        RAT_FRAMED_APPLETALK_ZONE = 39,
                    104:        RAT_ACCT_STATUS_TYPE = 40,
                    105:        RAT_ACCT_DELAY_TIME = 41,
                    106:        RAT_ACCT_INPUT_OCTETS = 42,
                    107:        RAT_ACCT_OUTPUT_OCTETS = 43,
                    108:        RAT_ACCT_SESSION_ID = 44,
                    109:        RAT_ACCT_AUTHENTIC = 45,
                    110:        RAT_ACCT_SESSION_TIME = 46,
                    111:        RAT_ACCT_INPUT_PACKETS = 47,
                    112:        RAT_ACCT_OUTPUT_PACKETS = 48,
                    113:        RAT_ACCT_TERMINATE_CAUSE = 49,
                    114:        RAT_ACCT_MULTI_SESSION_ID = 50,
                    115:        RAT_ACCT_LINK_COUNT = 51,
                    116:        RAT_ACCT_INPUT_GIGAWORDS = 52,
                    117:        RAT_ACCT_OUTPUT_GIGAWORDS = 53,
                    118:        RAT_EVENT_TIMESTAMP = 55,
                    119:        RAT_EGRESS_VLANID = 56,
                    120:        RAT_INGRESS_FILTERS = 57,
                    121:        RAT_EGRESS_VLAN_NAME = 58,
                    122:        RAT_USER_PRIORITY_TABLE = 59,
                    123:        RAT_CHAP_CHALLENGE = 60,
                    124:        RAT_NAS_PORT_TYPE = 61,
                    125:        RAT_PORT_LIMIT = 62,
                    126:        RAT_LOGIN_LAT_PORT = 63,
                    127:        RAT_TUNNEL_TYPE = 64,
                    128:        RAT_TUNNEL_MEDIUM_TYPE = 65,
                    129:        RAT_TUNNEL_CLIENT_ENDPOINT = 66,
                    130:        RAT_TUNNEL_SERVER_ENDPOINT = 67,
                    131:        RAT_ACCT_TUNNEL_CONNECTION = 68,
                    132:        RAT_TUNNEL_PASSWORD = 69,
                    133:        RAT_ARAP_PASSWORD = 70,
                    134:        RAT_ARAP_FEATURES = 71,
                    135:        RAT_ARAP_ZONE_ACCESS = 72,
                    136:        RAT_ARAP_SECURITY = 73,
                    137:        RAT_ARAP_SECURITY_DATA = 74,
                    138:        RAT_PASSWORD_RETRY = 75,
                    139:        RAT_PROMPT = 76,
                    140:        RAT_CONNECT_INFO = 77,
                    141:        RAT_CONFIGURATION_TOKEN = 78,
                    142:        RAT_EAP_MESSAGE = 79,
                    143:        RAT_MESSAGE_AUTHENTICATOR = 80,
                    144:        RAT_TUNNEL_PRIVATE_GROUP_ID = 81,
                    145:        RAT_TUNNEL_ASSIGNMENT_ID = 82,
                    146:        RAT_TUNNEL_PREFERENCE = 83,
                    147:        RAT_ARAP_CHALLENGE_RESPONSE = 84,
                    148:        RAT_ACCT_INTERIM_INTERVAL = 85,
                    149:        RAT_ACCT_TUNNEL_PACKETS_LOST = 86,
                    150:        RAT_NAS_PORT_ID = 87,
                    151:        RAT_FRAMED_POOL = 88,
                    152:        RAT_CUI = 89,
                    153:        RAT_TUNNEL_CLIENT_AUTH_ID = 90,
                    154:        RAT_TUNNEL_SERVER_AUTH_ID = 91,
                    155:        RAT_NAS_FILTER_RULE = 92,
                    156:        RAT_UNASSIGNED = 93,
                    157:        RAT_ORIGINATING_LINE_INFO = 94,
                    158:        RAT_NAS_IPV6_ADDRESS = 95,
                    159:        RAT_FRAMED_INTERFACE_ID = 96,
                    160:        RAT_FRAMED_IPV6_PREFIX = 97,
                    161:        RAT_LOGIN_IPV6_HOST = 98,
                    162:        RAT_FRAMED_IPV6_ROUTE = 99,
                    163:        RAT_FRAMED_IPV6_POOL = 100,
                    164:        RAT_ERROR_CAUSE = 101,
                    165:        RAT_EAP_KEY_NAME = 102,
                    166:        RAT_DIGEST_RESPONSE = 103,
                    167:        RAT_DIGEST_REALM = 104,
                    168:        RAT_DIGEST_NONCE = 105,
                    169:        RAT_DIGEST_RESPONSE_AUTH = 106,
                    170:        RAT_DIGEST_NEXTNONCE = 107,
                    171:        RAT_DIGEST_METHOD = 108,
                    172:        RAT_DIGEST_URI = 109,
                    173:        RAT_DIGEST_QOP = 110,
                    174:        RAT_DIGEST_ALGORITHM = 111,
                    175:        RAT_DIGEST_ENTITY_BODY_HASH = 112,
                    176:        RAT_DIGEST_CNONCE = 113,
                    177:        RAT_DIGEST_NONCE_COUNT = 114,
                    178:        RAT_DIGEST_USERNAME = 115,
                    179:        RAT_DIGEST_OPAQUE = 116,
                    180:        RAT_DIGEST_AUTH_PARAM = 117,
                    181:        RAT_DIGEST_AKA_AUTS = 118,
                    182:        RAT_DIGEST_DOMAIN = 119,
                    183:        RAT_DIGEST_STALE = 120,
                    184:        RAT_DIGEST_HA1 = 121,
                    185:        RAT_SIP_AOR = 122,
                    186:        RAT_DELEGATED_IPV6_PREFIX = 123,
                    187:        RAT_MIP6_FEATURE_VECTOR = 124,
                    188:        RAT_MIP6_HOME_LINK_PREFIX = 125,
                    189:        RAT_FRAMED_IPV6_ADDRESS = 168,
                    190:        RAT_FRAMED_IPV6_DNS_SERVER = 169,
                    191:        RAT_ROUTE_IPV6_INFORMATION = 170,
                    192:        RAT_DELEGATED_IPV6_PREFIX_POOL = 171,
                    193:        RAT_STATEFUL_IPV6_ADDRESS_POOL = 172,
                    194: };
                    195: 
                    196: /**
                    197:  * Enum names for radius_attribute_type_t.
                    198:  */
                    199: extern enum_name_t *radius_attribute_type_names;
                    200: 
                    201: /**
                    202:  * A RADIUS message, contains attributes.
                    203:  */
                    204: struct radius_message_t {
                    205: 
                    206:        /**
                    207:         * Create an enumerator over contained RADIUS attributes.
                    208:         *
                    209:         * @return                              enumerator over (int type, chunk_t data)
                    210:         */
                    211:        enumerator_t* (*create_enumerator)(radius_message_t *this);
                    212: 
                    213:        /**
                    214:         * Create an enumerator over contained RADIUS Vendor-ID attributes.
                    215:         *
                    216:         * This enumerator parses only vendor specific attributes in the format
                    217:         * recommended in RFC2865.
                    218:         *
                    219:         * @return                              enumerator over (int vendor, int type, chunk_t data)
                    220:         */
                    221:        enumerator_t* (*create_vendor_enumerator)(radius_message_t *this);
                    222: 
                    223:        /**
                    224:         * Add a RADIUS attribute to the message.
                    225:         *
                    226:         * @param type                  type of attribute to add
                    227:         * @param                               attribute data, gets cloned
                    228:         */
                    229:        void (*add)(radius_message_t *this, radius_attribute_type_t type,
                    230:                                chunk_t data);
                    231: 
                    232:        /**
                    233:         * Get the message type (code).
                    234:         *
                    235:         * @return                              message code
                    236:         */
                    237:        radius_message_code_t (*get_code)(radius_message_t *this);
                    238: 
                    239:        /**
                    240:         * Get the message identifier.
                    241:         *
                    242:         * @return                              message identifier
                    243:         */
                    244:        uint8_t (*get_identifier)(radius_message_t *this);
                    245: 
                    246:        /**
                    247:         * Set the message identifier.
                    248:         *
                    249:         * @param identifier    message identifier
                    250:         */
                    251:        void (*set_identifier)(radius_message_t *this, uint8_t identifier);
                    252: 
                    253:        /**
                    254:         * Get the 16 byte authenticator.
                    255:         *
                    256:         * @return                              pointer to the Authenticator field
                    257:         */
                    258:        uint8_t* (*get_authenticator)(radius_message_t *this);
                    259: 
                    260:        /**
                    261:         * Get the RADIUS message in its encoded form.
                    262:         *
                    263:         * @return                              chunk pointing to internal RADIUS message.
                    264:         */
                    265:        chunk_t (*get_encoding)(radius_message_t *this);
                    266: 
                    267:        /**
                    268:         * Calculate and add the Message-Authenticator attribute to the message.
                    269:         *
                    270:         * @param req_auth              16 byte Authenticator of request, or NULL
                    271:         * @param secret                shared RADIUS secret
                    272:         * @param signer                HMAC-MD5 signer with secret set
                    273:         * @param hasher                MD5 hasher
                    274:         * @param rng                   RNG to create Request-Authenticator, NULL to omit
                    275:         * @param msg_auth              calculate and add Message-Authenticator
                    276:         * @return                              TRUE if signed successfully
                    277:         */
                    278:        bool (*sign)(radius_message_t *this, uint8_t *req_auth, chunk_t secret,
                    279:                                 hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth);
                    280: 
                    281:        /**
                    282:         * Verify the integrity of a received RADIUS message.
                    283:         *
                    284:         * @param req_auth              16 byte Authenticator of request, or NULL
                    285:         * @param secret                shared RADIUS secret
                    286:         * @param signer                HMAC-MD5 signer with secret set
                    287:         * @param hasher                MD5 hasher
                    288:         */
                    289:        bool (*verify)(radius_message_t *this, uint8_t *req_auth, chunk_t secret,
                    290:                                   hasher_t *hasher, signer_t *signer);
                    291: 
                    292:        /**
                    293:         * Perform RADIUS attribute en-/decryption.
                    294:         *
                    295:         * Performs en-/decryption by XOring the hash-extended secret into data,
                    296:         * as specified in RFC 2865 5.2 and used by RFC 2548.
                    297:         *
                    298:         * @param salt                  salt to append to message authenticator, if any
                    299:         * @param in                    data to en-/decrypt, multiple of HASH_SIZE_MD5
                    300:         * @param out                   en-/decrypted data, length equal to in
                    301:         * @param secret                RADIUS secret
                    302:         * @param hasher                MD5 hasher
                    303:         * @return                              TRUE if en-/decryption successful
                    304:         */
                    305:        bool (*crypt)(radius_message_t *this, chunk_t salt, chunk_t in, chunk_t out,
                    306:                                  chunk_t secret, hasher_t *hasher);
                    307: 
                    308:        /**
                    309:         * Destroy the message.
                    310:         */
                    311:        void (*destroy)(radius_message_t *this);
                    312: };
                    313: 
                    314: /**
                    315:  * Create an empty RADIUS message.
                    316:  *
                    317:  * @param code                 request type
                    318:  * @return                             radius_message_t object
                    319:  */
                    320: radius_message_t *radius_message_create(radius_message_code_t code);
                    321: 
                    322: /**
                    323:  * Parse and verify a received RADIUS message.
                    324:  *
                    325:  * @param data                 received message data
                    326:  * @return                             radius_message_t object, NULL if length invalid
                    327:  */
                    328: radius_message_t *radius_message_parse(chunk_t data);
                    329: 
                    330: /**
                    331:  * @}
                    332:  * @addtogroup libradius
                    333:  * @{
                    334:  *
                    335:  * Dummy libradius initialization function needed for integrity test
                    336:  */
                    337: void libradius_init(void);
                    338: 
                    339: #endif /** RADIUS_MESSAGE_H_ @}*/

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>