[thirdparty/strongswan.git] / src / libradius / radius_message.h

/*
 * Copyright (C) 2009 Martin Willi
 * Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

/**
 * @defgroup libradius libradius
 *
 * @addtogroup libradius
 * RADIUS protocol support library.
 *
 * @defgroup radius_message radius_message
 * @{ @ingroup libradius
 */

#ifndef RADIUS_MESSAGE_H_
#define RADIUS_MESSAGE_H_

#include <library.h>
#include <pen/pen.h>

#define MAX_RADIUS_ATTRIBUTE_SIZE	253

#define RADIUS_TUNNEL_TYPE_ESP		9

typedef struct radius_message_t radius_message_t;
typedef enum radius_message_code_t radius_message_code_t;
typedef enum radius_attribute_type_t radius_attribute_type_t;

/**
 * RADIUS Message Codes.
 */
enum radius_message_code_t {
	RMC_ACCESS_REQUEST = 1,
	RMC_ACCESS_ACCEPT = 2,
	RMC_ACCESS_REJECT = 3,
	RMC_ACCOUNTING_REQUEST = 4,
	RMC_ACCOUNTING_RESPONSE = 5,
	RMC_ACCESS_CHALLENGE = 11,
	RMC_DISCONNECT_REQUEST = 40,
	RMC_DISCONNECT_ACK = 41,
	RMC_DISCONNECT_NAK = 42,
	RMC_COA_REQUEST = 43,
	RMC_COA_ACK = 44,
	RMC_COA_NAK = 45,
};

/**
 * Enum names for radius_attribute_type_t.
 */
extern enum_name_t *radius_message_code_names;

/**
 * RADIUS Attribute Types.
 */
enum radius_attribute_type_t {
	RAT_USER_NAME = 1,
	RAT_USER_PASSWORD = 2,
	RAT_CHAP_PASSWORD = 3,
	RAT_NAS_IP_ADDRESS = 4,
	RAT_NAS_PORT = 5,
	RAT_SERVICE_TYPE = 6,
	RAT_FRAMED_PROTOCOL = 7,
	RAT_FRAMED_IP_ADDRESS = 8,
	RAT_FRAMED_IP_NETMASK = 9,
	RAT_FRAMED_ROUTING = 10,
	RAT_FILTER_ID = 11,
	RAT_FRAMED_MTU = 12,
	RAT_FRAMED_COMPRESSION = 13,
	RAT_LOGIN_IP_HOST = 14,
	RAT_LOGIN_SERVICE = 15,
	RAT_LOGIN_TCP_PORT = 16,
	RAT_REPLY_MESSAGE = 18,
	RAT_CALLBACK_NUMBER = 19,
	RAT_CALLBACK_ID = 20,
	RAT_FRAMED_ROUTE = 22,
	RAT_FRAMED_IPX_NETWORK = 23,
	RAT_STATE = 24,
	RAT_CLASS = 25,
	RAT_VENDOR_SPECIFIC = 26,
	RAT_SESSION_TIMEOUT = 27,
	RAT_IDLE_TIMEOUT = 28,
	RAT_TERMINATION_ACTION = 29,
	RAT_CALLED_STATION_ID = 30,
	RAT_CALLING_STATION_ID = 31,
	RAT_NAS_IDENTIFIER = 32,
	RAT_PROXY_STATE = 33,
	RAT_LOGIN_LAT_SERVICE = 34,
	RAT_LOGIN_LAT_NODE = 35,
	RAT_LOGIN_LAT_GROUP = 36,
	RAT_FRAMED_APPLETALK_LINK = 37,
	RAT_FRAMED_APPLETALK_NETWORK = 38,
	RAT_FRAMED_APPLETALK_ZONE = 39,
	RAT_ACCT_STATUS_TYPE = 40,
	RAT_ACCT_DELAY_TIME = 41,
	RAT_ACCT_INPUT_OCTETS = 42,
	RAT_ACCT_OUTPUT_OCTETS = 43,
	RAT_ACCT_SESSION_ID = 44,
	RAT_ACCT_AUTHENTIC = 45,
	RAT_ACCT_SESSION_TIME = 46,
	RAT_ACCT_INPUT_PACKETS = 47,
	RAT_ACCT_OUTPUT_PACKETS = 48,
	RAT_ACCT_TERMINATE_CAUSE = 49,
	RAT_ACCT_MULTI_SESSION_ID = 50,
	RAT_ACCT_LINK_COUNT = 51,
	RAT_ACCT_INPUT_GIGAWORDS = 52,
	RAT_ACCT_OUTPUT_GIGAWORDS = 53,
	RAT_EVENT_TIMESTAMP = 55,
	RAT_EGRESS_VLANID = 56,
	RAT_INGRESS_FILTERS = 57,
	RAT_EGRESS_VLAN_NAME = 58,
	RAT_USER_PRIORITY_TABLE = 59,
	RAT_CHAP_CHALLENGE = 60,
	RAT_NAS_PORT_TYPE = 61,
	RAT_PORT_LIMIT = 62,
	RAT_LOGIN_LAT_PORT = 63,
	RAT_TUNNEL_TYPE = 64,
	RAT_TUNNEL_MEDIUM_TYPE = 65,
	RAT_TUNNEL_CLIENT_ENDPOINT = 66,
	RAT_TUNNEL_SERVER_ENDPOINT = 67,
	RAT_ACCT_TUNNEL_CONNECTION = 68,
	RAT_TUNNEL_PASSWORD = 69,
	RAT_ARAP_PASSWORD = 70,
	RAT_ARAP_FEATURES = 71,
	RAT_ARAP_ZONE_ACCESS = 72,
	RAT_ARAP_SECURITY = 73,
	RAT_ARAP_SECURITY_DATA = 74,
	RAT_PASSWORD_RETRY = 75,
	RAT_PROMPT = 76,
	RAT_CONNECT_INFO = 77,
	RAT_CONFIGURATION_TOKEN = 78,
	RAT_EAP_MESSAGE = 79,
	RAT_MESSAGE_AUTHENTICATOR = 80,
	RAT_TUNNEL_PRIVATE_GROUP_ID = 81,
	RAT_TUNNEL_ASSIGNMENT_ID = 82,
	RAT_TUNNEL_PREFERENCE = 83,
	RAT_ARAP_CHALLENGE_RESPONSE = 84,
	RAT_ACCT_INTERIM_INTERVAL = 85,
	RAT_ACCT_TUNNEL_PACKETS_LOST = 86,
	RAT_NAS_PORT_ID = 87,
	RAT_FRAMED_POOL = 88,
	RAT_CUI = 89,
	RAT_TUNNEL_CLIENT_AUTH_ID = 90,
	RAT_TUNNEL_SERVER_AUTH_ID = 91,
	RAT_NAS_FILTER_RULE = 92,
	RAT_UNASSIGNED = 93,
	RAT_ORIGINATING_LINE_INFO = 94,
	RAT_NAS_IPV6_ADDRESS = 95,
	RAT_FRAMED_INTERFACE_ID = 96,
	RAT_FRAMED_IPV6_PREFIX = 97,
	RAT_LOGIN_IPV6_HOST = 98,
	RAT_FRAMED_IPV6_ROUTE = 99,
	RAT_FRAMED_IPV6_POOL = 100,
	RAT_ERROR_CAUSE = 101,
	RAT_EAP_KEY_NAME = 102,
	RAT_DIGEST_RESPONSE = 103,
	RAT_DIGEST_REALM = 104,
	RAT_DIGEST_NONCE = 105,
	RAT_DIGEST_RESPONSE_AUTH = 106,
	RAT_DIGEST_NEXTNONCE = 107,
	RAT_DIGEST_METHOD = 108,
	RAT_DIGEST_URI = 109,
	RAT_DIGEST_QOP = 110,
	RAT_DIGEST_ALGORITHM = 111,
	RAT_DIGEST_ENTITY_BODY_HASH = 112,
	RAT_DIGEST_CNONCE = 113,
	RAT_DIGEST_NONCE_COUNT = 114,
	RAT_DIGEST_USERNAME = 115,
	RAT_DIGEST_OPAQUE = 116,
	RAT_DIGEST_AUTH_PARAM = 117,
	RAT_DIGEST_AKA_AUTS = 118,
	RAT_DIGEST_DOMAIN = 119,
	RAT_DIGEST_STALE = 120,
	RAT_DIGEST_HA1 = 121,
	RAT_SIP_AOR = 122,
	RAT_DELEGATED_IPV6_PREFIX = 123,
	RAT_MIP6_FEATURE_VECTOR = 124,
	RAT_MIP6_HOME_LINK_PREFIX = 125,
	RAT_FRAMED_IPV6_ADDRESS = 168,
	RAT_FRAMED_IPV6_DNS_SERVER = 169,
	RAT_ROUTE_IPV6_INFORMATION = 170,
	RAT_DELEGATED_IPV6_PREFIX_POOL = 171,
	RAT_STATEFUL_IPV6_ADDRESS_POOL = 172,
};

/**
 * Enum names for radius_attribute_type_t.
 */
extern enum_name_t *radius_attribute_type_names;

/**
 * A RADIUS message, contains attributes.
 */
struct radius_message_t {

	/**
	 * Create an enumerator over contained RADIUS attributes.
	 *
	 * @return				enumerator over (int type, chunk_t data)
	 */
	enumerator_t* (*create_enumerator)(radius_message_t *this);

	/**
	 * Create an enumerator over contained RADIUS Vendor-ID attributes.
	 *
	 * This enumerator parses only vendor specific attributes in the format
	 * recommended in RFC2865.
	 *
	 * @return				enumerator over (int vendor, int type, chunk_t data)
	 */
	enumerator_t* (*create_vendor_enumerator)(radius_message_t *this);

	/**
	 * Add a RADIUS attribute to the message.
	 *
	 * @param type			type of attribute to add
	 * @param				attribute data, gets cloned
	 */
	void (*add)(radius_message_t *this, radius_attribute_type_t type,
				chunk_t data);

	/**
	 * Get the message type (code).
	 *
	 * @return				message code
	 */
	radius_message_code_t (*get_code)(radius_message_t *this);

	/**
	 * Get the message identifier.
	 *
	 * @return				message identifier
	 */
	uint8_t (*get_identifier)(radius_message_t *this);

	/**
	 * Set the message identifier.
	 *
	 * @param identifier	message identifier
	 */
	void (*set_identifier)(radius_message_t *this, uint8_t identifier);

	/**
	 * Get the 16 byte authenticator.
	 *
	 * @return				pointer to the Authenticator field
	 */
	uint8_t* (*get_authenticator)(radius_message_t *this);

	/**
	 * Get the RADIUS message in its encoded form.
	 *
	 * @return				chunk pointing to internal RADIUS message.
	 */
	chunk_t (*get_encoding)(radius_message_t *this);

	/**
	 * Calculate and add the Message-Authenticator attribute to the message.
	 *
	 * @param req_auth		16 byte Authenticator of request, or NULL
	 * @param secret		shared RADIUS secret
	 * @param signer		HMAC-MD5 signer with secret set
	 * @param hasher		MD5 hasher
	 * @param rng			RNG to create Request-Authenticator, NULL to omit
	 * @param msg_auth		calculate and add Message-Authenticator
	 * @return				TRUE if signed successfully
	 */
	bool (*sign)(radius_message_t *this, uint8_t *req_auth, chunk_t secret,
				 hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth);

	/**
	 * Verify the integrity of a received RADIUS message.
	 *
	 * @param req_auth		16 byte Authenticator of request, or NULL
	 * @param secret		shared RADIUS secret
	 * @param signer		HMAC-MD5 signer with secret set
	 * @param hasher		MD5 hasher
	 */
	bool (*verify)(radius_message_t *this, uint8_t *req_auth, chunk_t secret,
				   hasher_t *hasher, signer_t *signer);

	/**
	 * Perform RADIUS attribute en-/decryption.
	 *
	 * Performs en-/decryption by XOring the hash-extended secret into data,
	 * as specified in RFC 2865 5.2 and used by RFC 2548.
	 *
	 * @param salt			salt to append to message authenticator, if any
	 * @param in			data to en-/decrypt, multiple of HASH_SIZE_MD5
	 * @param out			en-/decrypted data, length equal to in
	 * @param secret		RADIUS secret
	 * @param hasher		MD5 hasher
	 * @return				TRUE if en-/decryption successful
	 */
	bool (*crypt)(radius_message_t *this, chunk_t salt, chunk_t in, chunk_t out,
				  chunk_t secret, hasher_t *hasher);

	/**
	 * Destroy the message.
	 */
	void (*destroy)(radius_message_t *this);
};

/**
 * Create an empty RADIUS message.
 *
 * @param code			request type
 * @return				radius_message_t object
 */
radius_message_t *radius_message_create(radius_message_code_t code);

/**
 * Parse and verify a received RADIUS message.
 *
 * @param data			received message data
 * @return				radius_message_t object, NULL if length invalid
 */
radius_message_t *radius_message_parse(chunk_t data);

/**
 * @}
 * @addtogroup libradius
 * @{
 *
 * Dummy libradius initialization function needed for integrity test
 */
void libradius_init(void);

#endif /** RADIUS_MESSAGE_H_ @}*/
Commit	Line	Data
4a6b84a9 MW	1	/*
	2	* Copyright (C) 2009 Martin Willi
	3	* Hochschule fuer Technik Rapperswil
	4	*
	5	* This program is free software; you can redistribute it and/or modify it
	6	* under the terms of the GNU General Public License as published by the
	7	* Free Software Foundation; either version 2 of the License, or (at your
	8	* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
	9	*
	10	* This program is distributed in the hope that it will be useful, but
	11	* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
	12	* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	13	* for more details.
4a6b84a9 MW	14	*/
	15
	16	/**
f0f94e2c MW	17	* @defgroup libradius libradius
	18	*
	19	* @addtogroup libradius
	20	* RADIUS protocol support library.
	21	*
4a6b84a9	22	* @defgroup radius_message radius_message
f0f94e2c	23	* @{ @ingroup libradius
4a6b84a9 MW	24	*/
	25
	26	#ifndef RADIUS_MESSAGE_H_
	27	#define RADIUS_MESSAGE_H_
	28
	29	#include <library.h>
54b3cbdc	30	#include <pen/pen.h>
4a6b84a9	31
4853efe8 AS	32	#define MAX_RADIUS_ATTRIBUTE_SIZE 253
4853efe8 AS	33
d90ade8f AS	34	#define RADIUS_TUNNEL_TYPE_ESP 9
d90ade8f AS	35
4a6b84a9 MW	36	typedef struct radius_message_t radius_message_t;
	37	typedef enum radius_message_code_t radius_message_code_t;
	38	typedef enum radius_attribute_type_t radius_attribute_type_t;
	39
	40	/**
	41	* RADIUS Message Codes.
	42	*/
	43	enum radius_message_code_t {
	44	RMC_ACCESS_REQUEST = 1,
	45	RMC_ACCESS_ACCEPT = 2,
	46	RMC_ACCESS_REJECT = 3,
	47	RMC_ACCOUNTING_REQUEST = 4,
	48	RMC_ACCOUNTING_RESPONSE = 5,
	49	RMC_ACCESS_CHALLENGE = 11,
3a42c089 MW	50	RMC_DISCONNECT_REQUEST = 40,
	51	RMC_DISCONNECT_ACK = 41,
	52	RMC_DISCONNECT_NAK = 42,
	53	RMC_COA_REQUEST = 43,
	54	RMC_COA_ACK = 44,
	55	RMC_COA_NAK = 45,
4a6b84a9 MW	56	};
	57
	58	/**
	59	* Enum names for radius_attribute_type_t.
	60	*/
	61	extern enum_name_t *radius_message_code_names;
	62
	63	/**
	64	* RADIUS Attribute Types.
	65	*/
	66	enum radius_attribute_type_t {
	67	RAT_USER_NAME = 1,
	68	RAT_USER_PASSWORD = 2,
	69	RAT_CHAP_PASSWORD = 3,
	70	RAT_NAS_IP_ADDRESS = 4,
	71	RAT_NAS_PORT = 5,
	72	RAT_SERVICE_TYPE = 6,
	73	RAT_FRAMED_PROTOCOL = 7,
	74	RAT_FRAMED_IP_ADDRESS = 8,
	75	RAT_FRAMED_IP_NETMASK = 9,
	76	RAT_FRAMED_ROUTING = 10,
	77	RAT_FILTER_ID = 11,
	78	RAT_FRAMED_MTU = 12,
	79	RAT_FRAMED_COMPRESSION = 13,
	80	RAT_LOGIN_IP_HOST = 14,
	81	RAT_LOGIN_SERVICE = 15,
	82	RAT_LOGIN_TCP_PORT = 16,
	83	RAT_REPLY_MESSAGE = 18,
	84	RAT_CALLBACK_NUMBER = 19,
	85	RAT_CALLBACK_ID = 20,
	86	RAT_FRAMED_ROUTE = 22,
	87	RAT_FRAMED_IPX_NETWORK = 23,
	88	RAT_STATE = 24,
	89	RAT_CLASS = 25,
	90	RAT_VENDOR_SPECIFIC = 26,
	91	RAT_SESSION_TIMEOUT = 27,
	92	RAT_IDLE_TIMEOUT = 28,
	93	RAT_TERMINATION_ACTION = 29,
	94	RAT_CALLED_STATION_ID = 30,
	95	RAT_CALLING_STATION_ID = 31,
	96	RAT_NAS_IDENTIFIER = 32,
	97	RAT_PROXY_STATE = 33,
	98	RAT_LOGIN_LAT_SERVICE = 34,
	99	RAT_LOGIN_LAT_NODE = 35,
	100	RAT_LOGIN_LAT_GROUP = 36,
	101	RAT_FRAMED_APPLETALK_LINK = 37,
	102	RAT_FRAMED_APPLETALK_NETWORK = 38,
	103	RAT_FRAMED_APPLETALK_ZONE = 39,
	104	RAT_ACCT_STATUS_TYPE = 40,
	105	RAT_ACCT_DELAY_TIME = 41,
	106	RAT_ACCT_INPUT_OCTETS = 42,
	107	RAT_ACCT_OUTPUT_OCTETS = 43,
	108	RAT_ACCT_SESSION_ID = 44,
	109	RAT_ACCT_AUTHENTIC = 45,
	110	RAT_ACCT_SESSION_TIME = 46,
	111	RAT_ACCT_INPUT_PACKETS = 47,
	112	RAT_ACCT_OUTPUT_PACKETS = 48,
	113	RAT_ACCT_TERMINATE_CAUSE = 49,
	114	RAT_ACCT_MULTI_SESSION_ID = 50,
	115	RAT_ACCT_LINK_COUNT = 51,
	116	RAT_ACCT_INPUT_GIGAWORDS = 52,
	117	RAT_ACCT_OUTPUT_GIGAWORDS = 53,
	118	RAT_EVENT_TIMESTAMP = 55,
	119	RAT_EGRESS_VLANID = 56,
120	RAT_INGRESS_FILTERS = 57,
121	RAT_EGRESS_VLAN_NAME = 58,
122	RAT_USER_PRIORITY_TABLE = 59,
123	RAT_CHAP_CHALLENGE = 60,
124	RAT_NAS_PORT_TYPE = 61,
125	RAT_PORT_LIMIT = 62,
126	RAT_LOGIN_LAT_PORT = 63,
127	RAT_TUNNEL_TYPE = 64,
128	RAT_TUNNEL_MEDIUM_TYPE = 65,
129	RAT_TUNNEL_CLIENT_ENDPOINT = 66,
130	RAT_TUNNEL_SERVER_ENDPOINT = 67,
131	RAT_ACCT_TUNNEL_CONNECTION = 68,
132	RAT_TUNNEL_PASSWORD = 69,
133	RAT_ARAP_PASSWORD = 70,
134	RAT_ARAP_FEATURES = 71,
135	RAT_ARAP_ZONE_ACCESS = 72,
136	RAT_ARAP_SECURITY = 73,
137	RAT_ARAP_SECURITY_DATA = 74,
138	RAT_PASSWORD_RETRY = 75,
139	RAT_PROMPT = 76,
140	RAT_CONNECT_INFO = 77,
141	RAT_CONFIGURATION_TOKEN = 78,
142	RAT_EAP_MESSAGE = 79,
143	RAT_MESSAGE_AUTHENTICATOR = 80,
144	RAT_TUNNEL_PRIVATE_GROUP_ID = 81,
145	RAT_TUNNEL_ASSIGNMENT_ID = 82,
146	RAT_TUNNEL_PREFERENCE = 83,
147	RAT_ARAP_CHALLENGE_RESPONSE = 84,
148	RAT_ACCT_INTERIM_INTERVAL = 85,
149	RAT_ACCT_TUNNEL_PACKETS_LOST = 86,
150	RAT_NAS_PORT_ID = 87,
151	RAT_FRAMED_POOL = 88,
152	RAT_CUI = 89,
153	RAT_TUNNEL_CLIENT_AUTH_ID = 90,
154	RAT_TUNNEL_SERVER_AUTH_ID = 91,
155	RAT_NAS_FILTER_RULE = 92,
156	RAT_UNASSIGNED = 93,
157	RAT_ORIGINATING_LINE_INFO = 94,
158	RAT_NAS_IPV6_ADDRESS = 95,
159	RAT_FRAMED_INTERFACE_ID = 96,
160	RAT_FRAMED_IPV6_PREFIX = 97,
161	RAT_LOGIN_IPV6_HOST = 98,
162	RAT_FRAMED_IPV6_ROUTE = 99,
163	RAT_FRAMED_IPV6_POOL = 100,
164	RAT_ERROR_CAUSE = 101,
165	RAT_EAP_KEY_NAME = 102,
166	RAT_DIGEST_RESPONSE = 103,
167	RAT_DIGEST_REALM = 104,
168	RAT_DIGEST_NONCE = 105,
169	RAT_DIGEST_RESPONSE_AUTH = 106,
170	RAT_DIGEST_NEXTNONCE = 107,
171	RAT_DIGEST_METHOD = 108,
172	RAT_DIGEST_URI = 109,
173	RAT_DIGEST_QOP = 110,
174	RAT_DIGEST_ALGORITHM = 111,
175	RAT_DIGEST_ENTITY_BODY_HASH = 112,
176	RAT_DIGEST_CNONCE = 113,
177	RAT_DIGEST_NONCE_COUNT = 114,
178	RAT_DIGEST_USERNAME = 115,
179	RAT_DIGEST_OPAQUE = 116,
180	RAT_DIGEST_AUTH_PARAM = 117,
181	RAT_DIGEST_AKA_AUTS = 118,
182	RAT_DIGEST_DOMAIN = 119,
183	RAT_DIGEST_STALE = 120,
184	RAT_DIGEST_HA1 = 121,
185	RAT_SIP_AOR = 122,
186	RAT_DELEGATED_IPV6_PREFIX = 123,
187	RAT_MIP6_FEATURE_VECTOR = 124,
188	RAT_MIP6_HOME_LINK_PREFIX = 125,
ec490e68 TB	189	RAT_FRAMED_IPV6_ADDRESS = 168,
	190	RAT_FRAMED_IPV6_DNS_SERVER = 169,
	191	RAT_ROUTE_IPV6_INFORMATION = 170,
	192	RAT_DELEGATED_IPV6_PREFIX_POOL = 171,
	193	RAT_STATEFUL_IPV6_ADDRESS_POOL = 172,
4a6b84a9 MW	194	};
	195
	196	/**
	197	* Enum names for radius_attribute_type_t.
	198	*/
	199	extern enum_name_t *radius_attribute_type_names;
	200
	201	/**
	202	* A RADIUS message, contains attributes.
	203	*/
	204	struct radius_message_t {
7daf5226	205
4a6b84a9 MW	206	/**
	207	* Create an enumerator over contained RADIUS attributes.
	208	*
	209	* @return enumerator over (int type, chunk_t data)
	210	*/
	211	enumerator_t* (create_enumerator)(radius_message_t this);
7daf5226	212
54b3cbdc MW	213	/**
	214	* Create an enumerator over contained RADIUS Vendor-ID attributes.
	215	*
	216	* This enumerator parses only vendor specific attributes in the format
	217	* recommended in RFC2865.
	218	*
	219	* @return enumerator over (int vendor, int type, chunk_t data)
	220	*/
	221	enumerator_t* (create_vendor_enumerator)(radius_message_t this);
	222
4a6b84a9 MW	223	/**
	224	* Add a RADIUS attribute to the message.
	225	*
	226	* @param type type of attribute to add
	227	* @param attribute data, gets cloned
	228	*/
	229	void (add)(radius_message_t this, radius_attribute_type_t type,
	230	chunk_t data);
7daf5226	231
4a6b84a9 MW	232	/**
	233	* Get the message type (code).
	234	*
	235	* @return message code
	236	*/
	237	radius_message_code_t (get_code)(radius_message_t this);
7daf5226	238
4a6b84a9 MW	239	/**
	240	* Get the message identifier.
	241	*
	242	* @return message identifier
	243	*/
b12c53ce	244	uint8_t (get_identifier)(radius_message_t this);
7daf5226	245
4a6b84a9 MW	246	/**
	247	* Set the message identifier.
	248	*
	249	* @param identifier message identifier
	250	*/
b12c53ce	251	void (set_identifier)(radius_message_t this, uint8_t identifier);
7daf5226	252
4a6b84a9 MW	253	/**
	254	* Get the 16 byte authenticator.
	255	*
	256	* @return pointer to the Authenticator field
	257	*/
b12c53ce	258	uint8_t* (get_authenticator)(radius_message_t this);
7daf5226	259
4a6b84a9 MW	260	/**
	261	* Get the RADIUS message in its encoded form.
	262	*
	263	* @return chunk pointing to internal RADIUS message.
	264	*/
	265	chunk_t (get_encoding)(radius_message_t this);
7daf5226	266
4a6b84a9 MW	267	/**
	268	* Calculate and add the Message-Authenticator attribute to the message.
	269	*
392618d4 MW	270	* @param req_auth 16 byte Authenticator of request, or NULL
392618d4 MW	271	* @param secret shared RADIUS secret
4a6b84a9	272	* @param signer HMAC-MD5 signer with secret set
a69aff5f	273	* @param hasher MD5 hasher
b3ec6521 AS	274	* @param rng RNG to create Request-Authenticator, NULL to omit
b3ec6521 AS	275	* @param msg_auth calculate and add Message-Authenticator
5fb719e0	276	* @return TRUE if signed successfully
4a6b84a9	277	*/
b12c53ce	278	bool (sign)(radius_message_t this, uint8_t *req_auth, chunk_t secret,
b3ec6521	279	hasher_t hasher, signer_t signer, rng_t *rng, bool msg_auth);
7daf5226	280
4a6b84a9	281	/**
e8a81797	282	* Verify the integrity of a received RADIUS message.
4a6b84a9	283	*
e8a81797	284	* @param req_auth 16 byte Authenticator of request, or NULL
4a6b84a9	285	* @param secret shared RADIUS secret
392618d4 MW	286	* @param signer HMAC-MD5 signer with secret set
392618d4 MW	287	* @param hasher MD5 hasher
4a6b84a9	288	*/
b12c53ce	289	bool (verify)(radius_message_t this, uint8_t *req_auth, chunk_t secret,
4a6b84a9	290	hasher_t hasher, signer_t signer);
7daf5226	291
15483a62 MW	292	/**
	293	* Perform RADIUS attribute en-/decryption.
	294	*
	295	* Performs en-/decryption by XOring the hash-extended secret into data,
	296	* as specified in RFC 2865 5.2 and used by RFC 2548.
	297	*
	298	* @param salt salt to append to message authenticator, if any
	299	* @param in data to en-/decrypt, multiple of HASH_SIZE_MD5
	300	* @param out en-/decrypted data, length equal to in
	301	* @param secret RADIUS secret
	302	* @param hasher MD5 hasher
	303	* @return TRUE if en-/decryption successful
	304	*/
	305	bool (crypt)(radius_message_t this, chunk_t salt, chunk_t in, chunk_t out,
	306	chunk_t secret, hasher_t *hasher);
	307
4a6b84a9 MW	308	/**
	309	* Destroy the message.
	310	*/
	311	void (destroy)(radius_message_t this);
	312	};
	313
	314	/**
3bc18292	315	* Create an empty RADIUS message.
4a6b84a9	316	*
b96eb46d	317	* @param code request type
4a6b84a9 MW	318	* @return radius_message_t object
4a6b84a9 MW	319	*/
3bc18292	320	radius_message_t *radius_message_create(radius_message_code_t code);
4a6b84a9 MW	321
4a6b84a9 MW	322	/**
2db6d5b8	323	* Parse and verify a received RADIUS message.
4a6b84a9 MW	324	*
	325	* @param data received message data
	326	* @return radius_message_t object, NULL if length invalid
	327	*/
3bc18292	328	radius_message_t *radius_message_parse(chunk_t data);
4a6b84a9	329
11adf114 TB	330	/**
	331	* @}
	332	* @addtogroup libradius
	333	* @{
	334	*
	335	* Dummy libradius initialization function needed for integrity test
	336	*/
	337	void libradius_init(void);
	338
1490ff4d	339	#endif /** RADIUS_MESSAGE_H_ @}*/