/// <summary>
/// Parses the content and returns an object of proper type
/// </summary>
/// <param name="contentBytes"></param>
/// <param name="type"></param>
/// <param name="code"></param>
/// <param name="authenticator"></param>
/// <param name="sharedSecret"></param>
/// <returns></returns>
object ParseContentBytes(byte[] contentBytes, string type, uint code, byte[] authenticator, byte[] sharedSecret)
{
switch (type)
{
case "string":
return(Encoding.UTF8.GetString(contentBytes));
case "tagged-string":
return(Encoding.UTF8.GetString(contentBytes));
case "octet":
// If this is a password attribute it must be decrypted
if (code == 2)
{
return(RadiusPassword.Decrypt(sharedSecret, authenticator, contentBytes));
}
return(contentBytes);
case "integer":
return(BitConverter.ToUInt32(contentBytes.Reverse().ToArray(), 0));
case "tagged-integer":
return(BitConverter.ToUInt32(contentBytes.Reverse().ToArray(), 0));
case "ipaddr":
return(new IPAddress(contentBytes));
default:
return(null);
}
}
public void TestPasswordEncryptDecrypt(String password)
{
var secret = "xyzzy5461";
var authenticator = "1234567890123456";
var encrypted = RadiusPassword.Encrypt(Encoding.UTF8.GetBytes(secret), Encoding.UTF8.GetBytes(authenticator), Encoding.UTF8.GetBytes(password));
var decrypted = RadiusPassword.Decrypt(Encoding.UTF8.GetBytes(secret), Encoding.UTF8.GetBytes(authenticator), encrypted);
Assert.AreEqual(password, decrypted);
}
/// <summary>
/// Get the raw packet bytes
/// </summary>
/// <returns></returns>
public byte[] GetBytes(IRadiusPacket packet)
{
var packetBytes = new List <byte>
{
(byte)packet.Code,
packet.Identifier
};
packetBytes.AddRange(new byte[18]); // Placeholder for length and authenticator
var messageAuthenticatorPosition = 0;
foreach (var attribute in packet.Attributes)
{
// todo add logic to check attribute object type matches type in dictionary?
foreach (var value in attribute.Value)
{
var contentBytes = GetAttributeValueBytes(value);
var headerBytes = new byte[2];
var attributeType = _radiusDictionary.GetAttribute(attribute.Key);
switch (attributeType)
{
case DictionaryVendorAttribute _attributeType:
headerBytes = new byte[8];
headerBytes[0] = 26; // VSA type
var vendorId = BitConverter.GetBytes(_attributeType.VendorId);
Array.Reverse(vendorId);
Buffer.BlockCopy(vendorId, 0, headerBytes, 2, 4);
headerBytes[6] = (byte)_attributeType.VendorCode;
headerBytes[7] = (byte)(2 + contentBytes.Length); // length of the vsa part
break;
case DictionaryAttribute _attributeType:
headerBytes[0] = attributeType.Code;
// Encrypt password if this is a User-Password attribute
if (_attributeType.Code == 2)
{
contentBytes = RadiusPassword.Encrypt(packet.SharedSecret, packet.Authenticator, contentBytes);
}
else if (_attributeType.Code == 80) // Remember the position of the message authenticator, because it has to be added after everything else
{
messageAuthenticatorPosition = packetBytes.Count;
}
break;
default:
throw new InvalidOperationException($"Unknown attribute {attribute.Key}, check spelling or dictionary");
}
headerBytes[1] = (byte)(headerBytes.Length + contentBytes.Length);
packetBytes.AddRange(headerBytes);
packetBytes.AddRange(contentBytes);
}
}
// Note the order of the bytes...
var packetLengthBytes = BitConverter.GetBytes(packetBytes.Count);
packetBytes[2] = packetLengthBytes[1];
packetBytes[3] = packetLengthBytes[0];
var packetBytesArray = packetBytes.ToArray();
// todo refactor this...
if (packet.Code == PacketCode.AccountingRequest || packet.Code == PacketCode.DisconnectRequest || packet.Code == PacketCode.CoaRequest)
{
if (messageAuthenticatorPosition != 0)
{
var temp = new byte[16];
Buffer.BlockCopy(temp, 0, packetBytesArray, messageAuthenticatorPosition + 2, 16);
var messageAuthenticatorBytes = CalculateMessageAuthenticator(packetBytesArray, packet.SharedSecret, null);
Buffer.BlockCopy(messageAuthenticatorBytes, 0, packetBytesArray, messageAuthenticatorPosition + 2, 16);
}
var authenticator = CalculateRequestAuthenticator(packet.SharedSecret, packetBytesArray);
Buffer.BlockCopy(authenticator, 0, packetBytesArray, 4, 16);
}
else if (packet.Code == PacketCode.StatusServer)
{
var authenticator = packet.RequestAuthenticator != null?CalculateResponseAuthenticator(packet.SharedSecret, packet.RequestAuthenticator, packetBytesArray) : packet.Authenticator;
Buffer.BlockCopy(authenticator, 0, packetBytesArray, 4, 16);
if (messageAuthenticatorPosition != 0)
{
var temp = new byte[16];
Buffer.BlockCopy(temp, 0, packetBytesArray, messageAuthenticatorPosition + 2, 16);
var messageAuthenticatorBytes = CalculateMessageAuthenticator(packetBytesArray, packet.SharedSecret, packet.RequestAuthenticator);
Buffer.BlockCopy(messageAuthenticatorBytes, 0, packetBytesArray, messageAuthenticatorPosition + 2, 16);
}
}
else
{
if (messageAuthenticatorPosition != 0)
{
var temp = new byte[16];
Buffer.BlockCopy(temp, 0, packetBytesArray, messageAuthenticatorPosition + 2, 16);
var messageAuthenticatorBytes = CalculateMessageAuthenticator(packetBytesArray, packet.SharedSecret, packet.RequestAuthenticator);
Buffer.BlockCopy(messageAuthenticatorBytes, 0, packetBytesArray, messageAuthenticatorPosition + 2, 16);
}
var authenticator = packet.RequestAuthenticator != null?CalculateResponseAuthenticator(packet.SharedSecret, packet.RequestAuthenticator, packetBytesArray) : packet.Authenticator;
Buffer.BlockCopy(authenticator, 0, packetBytesArray, 4, 16);
}
return(packetBytesArray);
}
