summaryrefslogtreecommitdiff
path: root/src/charon/encoding
diff options
context:
space:
mode:
Diffstat (limited to 'src/charon/encoding')
-rw-r--r--src/charon/encoding/generator.c9
-rw-r--r--src/charon/encoding/generator.h45
-rw-r--r--src/charon/encoding/message.c545
-rw-r--r--src/charon/encoding/message.h129
-rw-r--r--src/charon/encoding/parser.c121
-rw-r--r--src/charon/encoding/parser.h52
-rw-r--r--src/charon/encoding/payloads/auth_payload.c12
-rw-r--r--src/charon/encoding/payloads/auth_payload.h51
-rw-r--r--src/charon/encoding/payloads/cert_payload.c221
-rw-r--r--src/charon/encoding/payloads/cert_payload.h144
-rw-r--r--src/charon/encoding/payloads/certreq_payload.c201
-rw-r--r--src/charon/encoding/payloads/certreq_payload.h104
-rw-r--r--src/charon/encoding/payloads/configuration_attribute.c9
-rw-r--r--src/charon/encoding/payloads/configuration_attribute.h54
-rw-r--r--src/charon/encoding/payloads/cp_payload.c9
-rw-r--r--src/charon/encoding/payloads/cp_payload.h49
-rw-r--r--src/charon/encoding/payloads/delete_payload.c9
-rw-r--r--src/charon/encoding/payloads/delete_payload.h44
-rw-r--r--src/charon/encoding/payloads/eap_payload.c9
-rw-r--r--src/charon/encoding/payloads/eap_payload.h60
-rw-r--r--src/charon/encoding/payloads/encodings.c9
-rw-r--r--src/charon/encoding/payloads/encodings.h33
-rw-r--r--src/charon/encoding/payloads/encryption_payload.c69
-rw-r--r--src/charon/encoding/payloads/encryption_payload.h70
-rw-r--r--src/charon/encoding/payloads/endpoint_notify.c69
-rw-r--r--src/charon/encoding/payloads/endpoint_notify.h105
-rw-r--r--src/charon/encoding/payloads/id_payload.c9
-rw-r--r--src/charon/encoding/payloads/id_payload.h58
-rw-r--r--src/charon/encoding/payloads/ike_header.c31
-rw-r--r--src/charon/encoding/payloads/ike_header.h103
-rw-r--r--src/charon/encoding/payloads/ke_payload.c9
-rw-r--r--src/charon/encoding/payloads/ke_payload.h61
-rw-r--r--src/charon/encoding/payloads/nonce_payload.c9
-rw-r--r--src/charon/encoding/payloads/nonce_payload.h43
-rw-r--r--src/charon/encoding/payloads/notify_payload.c89
-rw-r--r--src/charon/encoding/payloads/notify_payload.h101
-rw-r--r--src/charon/encoding/payloads/payload.c22
-rw-r--r--src/charon/encoding/payloads/payload.h73
-rw-r--r--src/charon/encoding/payloads/proposal_substructure.c69
-rw-r--r--src/charon/encoding/payloads/proposal_substructure.h113
-rw-r--r--src/charon/encoding/payloads/sa_payload.c9
-rw-r--r--src/charon/encoding/payloads/sa_payload.h76
-rw-r--r--src/charon/encoding/payloads/traffic_selector_substructure.c9
-rw-r--r--src/charon/encoding/payloads/traffic_selector_substructure.h83
-rw-r--r--src/charon/encoding/payloads/transform_attribute.c9
-rw-r--r--src/charon/encoding/payloads/transform_attribute.h64
-rw-r--r--src/charon/encoding/payloads/transform_substructure.c37
-rw-r--r--src/charon/encoding/payloads/transform_substructure.h100
-rw-r--r--src/charon/encoding/payloads/ts_payload.c9
-rw-r--r--src/charon/encoding/payloads/ts_payload.h78
-rw-r--r--src/charon/encoding/payloads/unknown_payload.c9
-rw-r--r--src/charon/encoding/payloads/unknown_payload.h40
-rw-r--r--src/charon/encoding/payloads/vendor_id_payload.c9
-rw-r--r--src/charon/encoding/payloads/vendor_id_payload.h43
54 files changed, 1617 insertions, 1980 deletions
diff --git a/src/charon/encoding/generator.c b/src/charon/encoding/generator.c
index efa845bb3..3b68af84e 100644
--- a/src/charon/encoding/generator.c
+++ b/src/charon/encoding/generator.c
@@ -1,10 +1,3 @@
-/**
- * @file generator.c
- *
- * @brief Implementation of generator_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: generator.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stdlib.h>
diff --git a/src/charon/encoding/generator.h b/src/charon/encoding/generator.h
index 8eff957cc..b6f2af2cb 100644
--- a/src/charon/encoding/generator.h
+++ b/src/charon/encoding/generator.h
@@ -1,10 +1,3 @@
-/**
- * @file generator.h
- *
- * @brief Interface of generator_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: generator.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup generator generator
+ * @{ @ingroup encoding
*/
#ifndef GENERATOR_H_
@@ -33,21 +33,17 @@ typedef struct generator_t generator_t;
/**
* Generating is done in a data buffer.
* This is thehe start size of this buffer in bytes.
- *
- * @ingroup enconding
*/
#define GENERATOR_DATA_BUFFER_SIZE 500
/**
* Number of bytes to increase the buffer, if it is to small.
- *
- * @ingroup enconding
*/
#define GENERATOR_DATA_BUFFER_INCREASE_VALUE 500
/**
- * @brief A generator_t class used to generate IKEv2 payloads.
+ * A generator_t class used to generate IKEv2 payloads.
*
* After creation, multiple payloads can be generated with the generate_payload
* method. The generated bytes are appended. After all payloads are added,
@@ -56,47 +52,36 @@ typedef struct generator_t generator_t;
* The generater uses a set of encoding rules, which it can get from
* the supplied payload. With this rules, the generater can generate
* the payload and all substructures automatically.
- *
- * @b Constructor:
- * - generator_create()
- *
- * @ingroup encoding
*/
struct generator_t {
/**
- * @brief Generates a specific payload from given payload object.
+ * Generates a specific payload from given payload object.
*
* Remember: Header and substructures are also handled as payloads.
*
- * @param this generator_t object
- * @param[in] payload interface payload_t implementing object
+ * @param payload interface payload_t implementing object
*/
void (*generate_payload) (generator_t *this,payload_t *payload);
/**
- * @brief Writes all generated data of the generator to a chunk.
+ * Writes all generated data of the generator to a chunk.
*
- * @param this generator_t object
- * @param[out] data chunk to write the data to
+ * @param data chunk to write the data to
*/
void (*write_to_chunk) (generator_t *this,chunk_t *data);
/**
- * @brief Destroys a generator_t object.
- *
- * @param this generator_t object
+ * Destroys a generator_t object.
*/
void (*destroy) (generator_t *this);
};
/**
- * @brief Constructor to create a generator.
+ * Constructor to create a generator.
*
* @return generator_t object.
- *
- * @ingroup encoding
*/
generator_t *generator_create(void);
-#endif /*GENERATOR_H_*/
+#endif /*GENERATOR_H_ @} */
diff --git a/src/charon/encoding/message.c b/src/charon/encoding/message.c
index 3dfa64fb9..af9483192 100644
--- a/src/charon/encoding/message.c
+++ b/src/charon/encoding/message.c
@@ -1,10 +1,3 @@
-/**
- * @file message.c
- *
- * @brief Implementation of message_t.
- *
- */
-
/*
* Copyright (C) 2006-2007 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
@@ -21,6 +14,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: message.c 3991 2008-05-21 17:56:21Z martin $
*/
#include <stdlib.h>
@@ -82,13 +77,31 @@ struct payload_rule_t {
bool sufficient;
};
+typedef struct payload_order_t payload_order_t;
+
+/**
+ * payload ordering structure allows us to reorder payloads according to RFC.
+ */
+struct payload_order_t {
+
+ /**
+ * payload type
+ */
+ payload_type_t type;
+
+ /**
+ * notify type, if payload == NOTIFY
+ */
+ notify_type_t notify;
+};
+
+
typedef struct message_rule_t message_rule_t;
/**
* A message rule defines the kind of a message,
* if it has encrypted contents and a list
- * of payload rules.
- *
+ * of payload ordering rules and payload parsing rules.
*/
struct message_rule_t {
/**
@@ -109,161 +122,398 @@ struct message_rule_t {
/**
* Number of payload rules which will follow
*/
- size_t payload_rule_count;
+ int payload_rule_count;
/**
* Pointer to first payload rule
*/
payload_rule_t *payload_rules;
+
+ /**
+ * Number of payload order rules
+ */
+ int payload_order_count;
+
+ /**
+ * payload ordering rules
+ */
+ payload_order_t *payload_order;
};
/**
* Message rule for IKE_SA_INIT from initiator.
*/
static payload_rule_t ike_sa_init_i_payload_rules[] = {
- {NOTIFY,0,MAX_NOTIFY_PAYLOADS,FALSE,FALSE},
- {SECURITY_ASSOCIATION,1,1,FALSE,FALSE},
- {KEY_EXCHANGE,1,1,FALSE,FALSE},
- {NONCE,1,1,FALSE,FALSE},
- {VENDOR_ID,0,10,FALSE,FALSE},
+/* payload type min max encr suff */
+ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, FALSE},
+ {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
+ {KEY_EXCHANGE, 1, 1, FALSE, FALSE},
+ {NONCE, 1, 1, FALSE, FALSE},
+ {VENDOR_ID, 0, 10, FALSE, FALSE},
+};
+
+/**
+ * payload order for IKE_SA_INIT initiator
+ */
+static payload_order_t ike_sa_init_i_payload_order[] = {
+/* payload type notify type */
+ {NOTIFY, COOKIE},
+ {SECURITY_ASSOCIATION, 0},
+ {KEY_EXCHANGE, 0},
+ {NONCE, 0},
+ {NOTIFY, NAT_DETECTION_SOURCE_IP},
+ {NOTIFY, NAT_DETECTION_DESTINATION_IP},
+ {NOTIFY, 0},
+ {VENDOR_ID, 0},
};
/**
* Message rule for IKE_SA_INIT from responder.
*/
static payload_rule_t ike_sa_init_r_payload_rules[] = {
- {NOTIFY,0,MAX_NOTIFY_PAYLOADS,FALSE,TRUE},
- {SECURITY_ASSOCIATION,1,1,FALSE,FALSE},
- {KEY_EXCHANGE,1,1,FALSE,FALSE},
- {NONCE,1,1,FALSE,FALSE},
- {VENDOR_ID,0,10,FALSE,FALSE},
+/* payload type min max encr suff */
+ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, FALSE, TRUE},
+ {SECURITY_ASSOCIATION, 1, 1, FALSE, FALSE},
+ {KEY_EXCHANGE, 1, 1, FALSE, FALSE},
+ {NONCE, 1, 1, FALSE, FALSE},
+ {VENDOR_ID, 0, 10, FALSE, FALSE},
+};
+
+/**
+ * payload order for IKE_SA_INIT responder
+ */
+static payload_order_t ike_sa_init_r_payload_order[] = {
+/* payload type notify type */
+ {SECURITY_ASSOCIATION, 0},
+ {KEY_EXCHANGE, 0},
+ {NONCE, 0},
+ {NOTIFY, NAT_DETECTION_SOURCE_IP},
+ {NOTIFY, NAT_DETECTION_DESTINATION_IP},
+ {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED},
+ {CERTIFICATE_REQUEST, 0},
+ {NOTIFY, 0},
+ {VENDOR_ID, 0},
};
/**
* Message rule for IKE_AUTH from initiator.
*/
static payload_rule_t ike_auth_i_payload_rules[] = {
- {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,FALSE},
- {EXTENSIBLE_AUTHENTICATION,0,1,TRUE,TRUE},
- {AUTHENTICATION,0,1,TRUE,TRUE},
- {ID_INITIATOR,1,1,TRUE,FALSE},
- {CERTIFICATE,0,1,TRUE,FALSE},
- {CERTIFICATE_REQUEST,0,1,TRUE,FALSE},
- {ID_RESPONDER,0,1,TRUE,FALSE},
-#ifdef P2P
- {SECURITY_ASSOCIATION,0,1,TRUE,FALSE},
- {TRAFFIC_SELECTOR_INITIATOR,0,1,TRUE,FALSE},
- {TRAFFIC_SELECTOR_RESPONDER,0,1,TRUE,FALSE},
+/* payload type min max encr suff */
+ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
+ {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
+ {AUTHENTICATION, 0, 1, TRUE, TRUE},
+ {ID_INITIATOR, 1, 1, TRUE, FALSE},
+ {CERTIFICATE, 0, 4, TRUE, FALSE},
+ {CERTIFICATE_REQUEST, 0, 1, TRUE, FALSE},
+ {ID_RESPONDER, 0, 1, TRUE, FALSE},
+#ifdef ME
+ {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
+ {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
+ {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
#else
- {SECURITY_ASSOCIATION,1,1,TRUE,FALSE},
- {TRAFFIC_SELECTOR_INITIATOR,1,1,TRUE,FALSE},
- {TRAFFIC_SELECTOR_RESPONDER,1,1,TRUE,FALSE},
-#endif /* P2P */
- {CONFIGURATION,0,1,TRUE,FALSE},
- {VENDOR_ID,0,10,TRUE,FALSE},
+ {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
+ {TRAFFIC_SELECTOR_INITIATOR, 1, 1, TRUE, FALSE},
+ {TRAFFIC_SELECTOR_RESPONDER, 1, 1, TRUE, FALSE},
+#endif /* ME */
+ {CONFIGURATION, 0, 1, TRUE, FALSE},
+ {VENDOR_ID, 0, 10, TRUE, FALSE},
+};
+
+/**
+ * payload order for IKE_AUTH initiator
+ */
+static payload_order_t ike_auth_i_payload_order[] = {
+/* payload type notify type */
+ {ID_INITIATOR, 0},
+ {CERTIFICATE, 0},
+ {NOTIFY, INITIAL_CONTACT},
+ {NOTIFY, HTTP_CERT_LOOKUP_SUPPORTED},
+ {CERTIFICATE_REQUEST, 0},
+ {ID_RESPONDER, 0},
+ {AUTHENTICATION, 0},
+ {EXTENSIBLE_AUTHENTICATION, 0},
+ {CONFIGURATION, 0},
+ {NOTIFY, IPCOMP_SUPPORTED},
+ {NOTIFY, USE_TRANSPORT_MODE},
+ {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
+ {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
+ {SECURITY_ASSOCIATION, 0},
+ {TRAFFIC_SELECTOR_INITIATOR, 0},
+ {TRAFFIC_SELECTOR_RESPONDER, 0},
+ {NOTIFY, MOBIKE_SUPPORTED},
+ {NOTIFY, ADDITIONAL_IP4_ADDRESS},
+ {NOTIFY, ADDITIONAL_IP6_ADDRESS},
+ {NOTIFY, NO_ADDITIONAL_ADDRESSES},
+ {NOTIFY, 0},
+ {VENDOR_ID, 0},
};
/**
* Message rule for IKE_AUTH from responder.
*/
static payload_rule_t ike_auth_r_payload_rules[] = {
- {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,TRUE},
- {EXTENSIBLE_AUTHENTICATION,0,1,TRUE,TRUE},
- {CERTIFICATE,0,1,TRUE,FALSE},
- {ID_RESPONDER,0,1,TRUE,FALSE},
- {AUTHENTICATION,0,1,TRUE,FALSE},
- {SECURITY_ASSOCIATION,0,1,TRUE,FALSE},
- {TRAFFIC_SELECTOR_INITIATOR,0,1,TRUE,FALSE},
- {TRAFFIC_SELECTOR_RESPONDER,0,1,TRUE,FALSE},
- {CONFIGURATION,0,1,TRUE,FALSE},
- {VENDOR_ID,0,10,TRUE,FALSE},
+/* payload type min max encr suff */
+ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
+ {EXTENSIBLE_AUTHENTICATION, 0, 1, TRUE, TRUE},
+ {CERTIFICATE, 0, 4, TRUE, FALSE},
+ {ID_RESPONDER, 0, 1, TRUE, FALSE},
+ {AUTHENTICATION, 0, 1, TRUE, FALSE},
+ {SECURITY_ASSOCIATION, 0, 1, TRUE, FALSE},
+ {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
+ {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
+ {CONFIGURATION, 0, 1, TRUE, FALSE},
+ {VENDOR_ID, 0, 10, TRUE, FALSE},
};
+/**
+ * payload order for IKE_AUTH responder
+ */
+static payload_order_t ike_auth_r_payload_order[] = {
+/* payload type notify type */
+ {ID_RESPONDER, 0},
+ {CERTIFICATE, 0},
+ {AUTHENTICATION, 0},
+ {EXTENSIBLE_AUTHENTICATION, 0},
+ {CONFIGURATION, 0},
+ {NOTIFY, IPCOMP_SUPPORTED},
+ {NOTIFY, USE_TRANSPORT_MODE},
+ {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
+ {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
+ {SECURITY_ASSOCIATION, 0},
+ {TRAFFIC_SELECTOR_INITIATOR, 0},
+ {TRAFFIC_SELECTOR_RESPONDER, 0},
+ {NOTIFY, AUTH_LIFETIME},
+ {NOTIFY, MOBIKE_SUPPORTED},
+ {NOTIFY, ADDITIONAL_IP4_ADDRESS},
+ {NOTIFY, ADDITIONAL_IP6_ADDRESS},
+ {NOTIFY, NO_ADDITIONAL_ADDRESSES},
+ {NOTIFY, 0},
+ {VENDOR_ID, 0},
+};
/**
* Message rule for INFORMATIONAL from initiator.
*/
static payload_rule_t informational_i_payload_rules[] = {
- {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,FALSE},
- {CONFIGURATION,0,1,TRUE,FALSE},
- {DELETE,0,1,TRUE,FALSE},
- {VENDOR_ID,0,10,TRUE,FALSE},
-
+/* payload type min max encr suff */
+ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
+ {CONFIGURATION, 0, 1, TRUE, FALSE},
+ {DELETE, 0, 1, TRUE, FALSE},
+ {VENDOR_ID, 0, 10, TRUE, FALSE},
+};
+
+/**
+ * payload order for INFORMATIONAL initiator
+ */
+static payload_order_t informational_i_payload_order[] = {
+/* payload type notify type */
+ {NOTIFY, UPDATE_SA_ADDRESSES},
+ {NOTIFY, NAT_DETECTION_SOURCE_IP},
+ {NOTIFY, NAT_DETECTION_DESTINATION_IP},
+ {NOTIFY, COOKIE2},
+ {NOTIFY, 0},
+ {DELETE, 0},
+ {CONFIGURATION, 0},
};
/**
* Message rule for INFORMATIONAL from responder.
*/
static payload_rule_t informational_r_payload_rules[] = {
- {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,FALSE},
- {CONFIGURATION,0,1,TRUE,FALSE},
- {DELETE,0,1,TRUE,FALSE},
- {VENDOR_ID,0,10,TRUE,FALSE},
+/* payload type min max encr suff */
+ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
+ {CONFIGURATION, 0, 1, TRUE, FALSE},
+ {DELETE, 0, 1, TRUE, FALSE},
+ {VENDOR_ID, 0, 10, TRUE, FALSE},
+};
+
+/**
+ * payload order for INFORMATIONAL responder
+ */
+static payload_order_t informational_r_payload_order[] = {
+/* payload type notify type */
+ {NOTIFY, UPDATE_SA_ADDRESSES},
+ {NOTIFY, NAT_DETECTION_SOURCE_IP},
+ {NOTIFY, NAT_DETECTION_DESTINATION_IP},
+ {NOTIFY, COOKIE2},
+ {NOTIFY, 0},
+ {DELETE, 0},
+ {CONFIGURATION, 0},
};
/**
* Message rule for CREATE_CHILD_SA from initiator.
*/
static payload_rule_t create_child_sa_i_payload_rules[] = {
- {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,FALSE},
- {SECURITY_ASSOCIATION,1,1,TRUE,FALSE},
- {NONCE,1,1,TRUE,FALSE},
- {KEY_EXCHANGE,0,1,TRUE,FALSE},
- {TRAFFIC_SELECTOR_INITIATOR,0,1,TRUE,FALSE},
- {TRAFFIC_SELECTOR_RESPONDER,0,1,TRUE,FALSE},
- {CONFIGURATION,0,1,TRUE,FALSE},
- {VENDOR_ID,0,10,TRUE,FALSE},
+/* payload type min max encr suff */
+ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, FALSE},
+ {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
+ {NONCE, 1, 1, TRUE, FALSE},
+ {KEY_EXCHANGE, 0, 1, TRUE, FALSE},
+ {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
+ {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
+ {CONFIGURATION, 0, 1, TRUE, FALSE},
+ {VENDOR_ID, 0, 10, TRUE, FALSE},
+};
+
+/**
+ * payload order for CREATE_CHILD_SA from initiator.
+ */
+static payload_order_t create_child_sa_i_payload_order[] = {
+/* payload type notify type */
+ {NOTIFY, REKEY_SA},
+ {NOTIFY, IPCOMP_SUPPORTED},
+ {NOTIFY, USE_TRANSPORT_MODE},
+ {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
+ {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
+ {SECURITY_ASSOCIATION, 0},
+ {NONCE, 0},
+ {KEY_EXCHANGE, 0},
+ {TRAFFIC_SELECTOR_INITIATOR, 0},
+ {TRAFFIC_SELECTOR_RESPONDER, 0},
+ {NOTIFY, 0},
};
/**
* Message rule for CREATE_CHILD_SA from responder.
*/
static payload_rule_t create_child_sa_r_payload_rules[] = {
- {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,TRUE},
- {SECURITY_ASSOCIATION,1,1,TRUE,FALSE},
- {NONCE,1,1,TRUE,FALSE},
- {KEY_EXCHANGE,0,1,TRUE,FALSE},
- {TRAFFIC_SELECTOR_INITIATOR,0,1,TRUE,FALSE},
- {TRAFFIC_SELECTOR_RESPONDER,0,1,TRUE,FALSE},
- {CONFIGURATION,0,1,TRUE,FALSE},
- {VENDOR_ID,0,10,TRUE,FALSE},
+/* payload type min max encr suff */
+ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
+ {SECURITY_ASSOCIATION, 1, 1, TRUE, FALSE},
+ {NONCE, 1, 1, TRUE, FALSE},
+ {KEY_EXCHANGE, 0, 1, TRUE, FALSE},
+ {TRAFFIC_SELECTOR_INITIATOR, 0, 1, TRUE, FALSE},
+ {TRAFFIC_SELECTOR_RESPONDER, 0, 1, TRUE, FALSE},
+ {CONFIGURATION, 0, 1, TRUE, FALSE},
+ {VENDOR_ID, 0, 10, TRUE, FALSE},
};
-#ifdef P2P
/**
- * Message rule for P2P_CONNECT from initiator.
+ * payload order for CREATE_CHILD_SA from responder.
*/
-static payload_rule_t p2p_connect_i_payload_rules[] = {
- {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,TRUE},
- {ID_PEER,1,1,TRUE,FALSE},
- {VENDOR_ID,0,10,TRUE,FALSE}
+static payload_order_t create_child_sa_r_payload_order[] = {
+/* payload type notify type */
+ {NOTIFY, IPCOMP_SUPPORTED},
+ {NOTIFY, USE_TRANSPORT_MODE},
+ {NOTIFY, ESP_TFC_PADDING_NOT_SUPPORTED},
+ {NOTIFY, NON_FIRST_FRAGMENTS_ALSO},
+ {SECURITY_ASSOCIATION, 0},
+ {NONCE, 0},
+ {KEY_EXCHANGE, 0},
+ {TRAFFIC_SELECTOR_INITIATOR, 0},
+ {TRAFFIC_SELECTOR_RESPONDER, 0},
+ {NOTIFY, ADDITIONAL_TS_POSSIBLE},
+ {NOTIFY, 0},
};
+#ifdef ME
/**
- * Message rule for P2P_CONNECT from responder.
+ * Message rule for ME_CONNECT from initiator.
*/
-static payload_rule_t p2p_connect_r_payload_rules[] = {
- {NOTIFY,0,MAX_NOTIFY_PAYLOADS,TRUE,TRUE},
- {VENDOR_ID,0,10,TRUE,FALSE}
+static payload_rule_t me_connect_i_payload_rules[] = {
+/* payload type min max encr suff */
+ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
+ {ID_PEER, 1, 1, TRUE, FALSE},
+ {VENDOR_ID, 0, 10, TRUE, FALSE}
};
-#endif /* P2P */
+
+/**
+ * payload order for ME_CONNECT from initiator.
+ */
+static payload_order_t me_connect_i_payload_order[] = {
+/* payload type notify type */
+ {NOTIFY, 0},
+ {ID_PEER, 0},
+ {VENDOR_ID, 0},
+};
+
+/**
+ * Message rule for ME_CONNECT from responder.
+ */
+static payload_rule_t me_connect_r_payload_rules[] = {
+/* payload type min max encr suff */
+ {NOTIFY, 0, MAX_NOTIFY_PAYLOADS, TRUE, TRUE},
+ {VENDOR_ID, 0, 10, TRUE, FALSE}
+};
+
+/**
+ * payload order for ME_CONNECT from responder.
+ */
+static payload_order_t me_connect_r_payload_order[] = {
+/* payload type notify type */
+ {NOTIFY, 0},
+ {VENDOR_ID, 0},
+};
+#endif /* ME */
/**
* Message rules, defines allowed payloads.
*/
static message_rule_t message_rules[] = {
- {IKE_SA_INIT,TRUE,FALSE,(sizeof(ike_sa_init_i_payload_rules)/sizeof(payload_rule_t)),ike_sa_init_i_payload_rules},
- {IKE_SA_INIT,FALSE,FALSE,(sizeof(ike_sa_init_r_payload_rules)/sizeof(payload_rule_t)),ike_sa_init_r_payload_rules},
- {IKE_AUTH,TRUE,TRUE,(sizeof(ike_auth_i_payload_rules)/sizeof(payload_rule_t)),ike_auth_i_payload_rules},
- {IKE_AUTH,FALSE,TRUE,(sizeof(ike_auth_r_payload_rules)/sizeof(payload_rule_t)),ike_auth_r_payload_rules},
- {INFORMATIONAL,TRUE,TRUE,(sizeof(informational_i_payload_rules)/sizeof(payload_rule_t)),informational_i_payload_rules},
- {INFORMATIONAL,FALSE,TRUE,(sizeof(informational_r_payload_rules)/sizeof(payload_rule_t)),informational_r_payload_rules},
- {CREATE_CHILD_SA,TRUE,TRUE,(sizeof(create_child_sa_i_payload_rules)/sizeof(payload_rule_t)),create_child_sa_i_payload_rules},
- {CREATE_CHILD_SA,FALSE,TRUE,(sizeof(create_child_sa_r_payload_rules)/sizeof(payload_rule_t)),create_child_sa_r_payload_rules},
-#ifdef P2P
- {P2P_CONNECT,TRUE,TRUE,(sizeof(p2p_connect_i_payload_rules)/sizeof(payload_rule_t)),p2p_connect_i_payload_rules},
- {P2P_CONNECT,FALSE,TRUE,(sizeof(p2p_connect_r_payload_rules)/sizeof(payload_rule_t)),p2p_connect_r_payload_rules},
-#endif /* P2P */
+ {IKE_SA_INIT, TRUE, FALSE,
+ (sizeof(ike_sa_init_i_payload_rules)/sizeof(payload_rule_t)),
+ ike_sa_init_i_payload_rules,
+ (sizeof(ike_sa_init_i_payload_order)/sizeof(payload_order_t)),
+ ike_sa_init_i_payload_order,
+ },
+ {IKE_SA_INIT, FALSE, FALSE,
+ (sizeof(ike_sa_init_r_payload_rules)/sizeof(payload_rule_t)),
+ ike_sa_init_r_payload_rules,
+ (sizeof(ike_sa_init_r_payload_order)/sizeof(payload_order_t)),
+ ike_sa_init_r_payload_order,
+ },
+ {IKE_AUTH, TRUE, TRUE,
+ (sizeof(ike_auth_i_payload_rules)/sizeof(payload_rule_t)),
+ ike_auth_i_payload_rules,
+ (sizeof(ike_auth_i_payload_order)/sizeof(payload_order_t)),
+ ike_auth_i_payload_order,
+ },
+ {IKE_AUTH, FALSE, TRUE,
+ (sizeof(ike_auth_r_payload_rules)/sizeof(payload_rule_t)),
+ ike_auth_r_payload_rules,
+ (sizeof(ike_auth_r_payload_order)/sizeof(payload_order_t)),
+ ike_auth_r_payload_order,
+ },
+ {INFORMATIONAL, TRUE, TRUE,
+ (sizeof(informational_i_payload_rules)/sizeof(payload_rule_t)),
+ informational_i_payload_rules,
+ (sizeof(informational_i_payload_order)/sizeof(payload_order_t)),
+ informational_i_payload_order,
+ },
+ {INFORMATIONAL, FALSE, TRUE,
+ (sizeof(informational_r_payload_rules)/sizeof(payload_rule_t)),
+ informational_r_payload_rules,
+ (sizeof(informational_r_payload_order)/sizeof(payload_order_t)),
+ informational_r_payload_order,
+ },
+ {CREATE_CHILD_SA, TRUE, TRUE,
+ (sizeof(create_child_sa_i_payload_rules)/sizeof(payload_rule_t)),
+ create_child_sa_i_payload_rules,
+ (sizeof(create_child_sa_i_payload_order)/sizeof(payload_order_t)),
+ create_child_sa_i_payload_order,
+ },
+ {CREATE_CHILD_SA, FALSE, TRUE,
+ (sizeof(create_child_sa_r_payload_rules)/sizeof(payload_rule_t)),
+ create_child_sa_r_payload_rules,
+ (sizeof(create_child_sa_r_payload_order)/sizeof(payload_order_t)),
+ create_child_sa_r_payload_order,
+ },
+#ifdef ME
+ {ME_CONNECT, TRUE, TRUE,
+ (sizeof(me_connect_i_payload_rules)/sizeof(payload_rule_t)),
+ me_connect_i_payload_rules,
+ (sizeof(me_connect_i_payload_order)/sizeof(payload_order_t)),
+ me_connect_i_payload_order,
+ },
+ {ME_CONNECT, FALSE, TRUE,
+ (sizeof(me_connect_r_payload_rules)/sizeof(payload_rule_t)),
+ me_connect_r_payload_rules,
+ (sizeof(me_connect_r_payload_order)/sizeof(payload_order_t)),
+ me_connect_r_payload_order,
+ },
+#endif /* ME */
};
@@ -517,38 +767,19 @@ static bool is_encoded(private_message_t *this)
*/
static void add_payload(private_message_t *this, payload_t *payload)
{
- payload_t *last_payload, *first_payload;
-
- if ((this->is_request && payload->get_type(payload) == ID_INITIATOR) ||
- (!this->is_request && payload->get_type(payload) == ID_RESPONDER))
+ payload_t *last_payload;
+
+ if (this->payloads->get_count(this->payloads) > 0)
{
- /* HOTD: insert ID payload in the beginning to respect RFC */
- if (this->payloads->get_first(this->payloads,
- (void **)&first_payload) == SUCCESS)
- {
- payload->set_next_type(payload, first_payload->get_type(first_payload));
- }
- else
- {
- payload->set_next_type(payload, NO_PAYLOAD);
- }
- this->first_payload = payload->get_type(payload);
- this->payloads->insert_first(this->payloads, payload);
+ this->payloads->get_last(this->payloads, (void **)&last_payload);
+ last_payload->set_next_type(last_payload, payload->get_type(payload));
}
else
{
- if (this->payloads->get_count(this->payloads) > 0)
- {
- this->payloads->get_last(this->payloads,(void **) &last_payload);
- last_payload->set_next_type(last_payload, payload->get_type(payload));
- }
- else
- {
- this->first_payload = payload->get_type(payload);
- }
- payload->set_next_type(payload, NO_PAYLOAD);
- this->payloads->insert_last(this->payloads, payload);
+ this->first_payload = payload->get_type(payload);
}
+ payload->set_next_type(payload, NO_PAYLOAD);
+ this->payloads->insert_last(this->payloads, payload);
DBG2(DBG_ENC ,"added payload of type %N to message",
payload_type_names, payload->get_type(payload));
@@ -694,9 +925,65 @@ static char* get_string(private_message_t *this, char *buf, int len)
}
/**
+ * reorder payloads depending on reordering rules
+ */
+static void order_payloads(private_message_t *this)
+{
+ linked_list_t *list;
+ payload_t *payload;
+ int i;
+
+ /* move to temp list */
+ list = linked_list_create();
+ while (this->payloads->remove_last(this->payloads,
+ (void**)&payload) == SUCCESS)
+ {
+ list->insert_first(list, payload);
+ }
+ /* for each rule, ... */
+ for (i = 0; i < this->message_rule->payload_order_count; i++)
+ {
+ enumerator_t *enumerator;
+ notify_payload_t *notify;
+ payload_order_t order = this->message_rule->payload_order[i];
+
+ /* ... find all payload ... */
+ enumerator = list->create_enumerator(list);
+ while (enumerator->enumerate(enumerator, &payload))
+ {
+ /* ... with that type ... */
+ if (payload->get_type(payload) == order.type)
+ {
+ notify = (notify_payload_t*)payload;
+
+ /**... and check notify for type. */
+ if (order.type != NOTIFY || order.notify == 0 ||
+ order.notify == notify->get_notify_type(notify))
+ {
+ list->remove_at(list, enumerator);
+ add_payload(this, payload);
+ }
+ }
+ }
+ enumerator->destroy(enumerator);
+ }
+ /* append all payloads without a rule to the end */
+ while (list->remove_last(list, (void**)&payload) == SUCCESS)
+ {
+ DBG1(DBG_ENC, "payload %N has no ordering rule in %N %s",
+ payload_type_names, payload->get_type(payload),
+ exchange_type_names, this->message_rule->exchange_type,
+ this->message_rule->is_request ? "request" : "response");
+ add_payload(this, payload);
+ }
+ list->destroy(list);
+}
+
+/**
* Implementation of private_message_t.encrypt_payloads.
*/
-static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, signer_t* signer)
+static status_t encrypt_payloads(private_message_t *this,
+ crypter_t *crypter, signer_t* signer)
{
encryption_payload_t *encryption_payload = NULL;
status_t status;
@@ -778,7 +1065,8 @@ static status_t encrypt_payloads (private_message_t *this,crypter_t *crypter, si
/**
* Implementation of message_t.generate.
*/
-static status_t generate(private_message_t *this, crypter_t *crypter, signer_t* signer, packet_t **packet)
+static status_t generate(private_message_t *this, crypter_t *crypter,
+ signer_t* signer, packet_t **packet)
{
generator_t *generator;
ike_header_t *ike_header;
@@ -795,8 +1083,6 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
return SUCCESS;
}
- DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
-
if (this->exchange_type == EXCHANGE_TYPE_UNDEFINED)
{
DBG1(DBG_ENC, "exchange type is not defined");
@@ -819,6 +1105,10 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
return NOT_SUPPORTED;
}
+ order_payloads(this);
+
+ DBG1(DBG_ENC, "generating %s", get_string(this, str, sizeof(str)));
+
/* going to encrypt all content which have to be encrypted */
status = encrypt_payloads(this, crypter, signer);
if (status != SUCCESS)
@@ -842,7 +1132,7 @@ static status_t generate(private_message_t *this, crypter_t *crypter, signer_t*
payload = (payload_t*)ike_header;
- /* generate every payload expect last one, this is doen later*/
+ /* generate every payload expect last one, this is done later*/
iterator = this->payloads->create_iterator(this->payloads, TRUE);
while(iterator->iterate(iterator, (void**)&next_payload))
{
@@ -1346,3 +1636,4 @@ message_t *message_create()
{
return message_create_from_packet(NULL);
}
+
diff --git a/src/charon/encoding/message.h b/src/charon/encoding/message.h
index 35b659f33..8cc604ea7 100644
--- a/src/charon/encoding/message.h
+++ b/src/charon/encoding/message.h
@@ -1,10 +1,3 @@
-/**
- * @file message.h
- *
- * @brief Interface of message_t.
- *
- */
-
/*
* Copyright (C) 2006-2007 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
@@ -21,6 +14,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: message.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup message message
+ * @{ @ingroup encoding
*/
#ifndef MESSAGE_H_
@@ -38,148 +38,126 @@ typedef struct message_t message_t;
#include <crypto/signers/signer.h>
/**
- * @brief This class is used to represent an IKEv2-Message.
+ * This class is used to represent an IKEv2-Message.
*
* The message handles parsing and generation of payloads
* via parser_t/generator_t. Encryption is done transparently
* via the encryption_payload_t. A set of rules for messages
* and payloads does check parsed messages.
- *
- * @b Constructors:
- * - message_create()
- * - message_create_from_packet()
- * - message_create_notify_reply()
- *
- * @ingroup encoding
*/
struct message_t {
/**
- * @brief Sets the IKE major version of the message.
+ * Sets the IKE major version of the message.
*
- * @param this message_t object
* @param major_version major version to set
*/
void (*set_major_version) (message_t *this,u_int8_t major_version);
/**
- * @brief Gets the IKE major version of the message.
+ * Gets the IKE major version of the message.
*
- * @param this message_t object
* @return major version of the message
*/
u_int8_t (*get_major_version) (message_t *this);
/**
- * @brief Sets the IKE minor version of the message.
+ * Sets the IKE minor version of the message.
*
- * @param this message_t object
* @param minor_version minor version to set
*/
void (*set_minor_version) (message_t *this,u_int8_t minor_version);
/**
- * @brief Gets the IKE minor version of the message.
+ * Gets the IKE minor version of the message.
*
- * @param this message_t object
* @return minor version of the message
*/
u_int8_t (*get_minor_version) (message_t *this);
/**
- * @brief Sets the Message ID of the message.
+ * Sets the Message ID of the message.
*
- * @param this message_t object
- * @param message_id message_id to set
+ * @param message_id message_id to set
*/
void (*set_message_id) (message_t *this,u_int32_t message_id);
/**
- * @brief Gets the Message ID of the message.
+ * Gets the Message ID of the message.
*
- * @param this message_t object
* @return message_id type of the message
*/
u_int32_t (*get_message_id) (message_t *this);
/**
- * @brief Gets the initiator SPI of the message.
+ * Gets the initiator SPI of the message.
*
- * @param this message_t object
* @return initiator spi of the message
*/
u_int64_t (*get_initiator_spi) (message_t *this);
/**
- * @brief Gets the responder SPI of the message.
+ * Gets the responder SPI of the message.
*
- * @param this message_t object
* @return responder spi of the message
*/
u_int64_t (*get_responder_spi) (message_t *this);
/**
- * @brief Sets the IKE_SA ID of the message.
+ * Sets the IKE_SA ID of the message.
*
* ike_sa_id gets cloned.
*
- * @param this message_t object
* @param ike_sa_id ike_sa_id to set
*/
void (*set_ike_sa_id) (message_t *this, ike_sa_id_t * ike_sa_id);
/**
- * @brief Gets the IKE_SA ID of the message.
+ * Gets the IKE_SA ID of the message.
*
* The ike_sa_id points to the message internal id, do not modify.
*
- * @param this message_t object
* @return ike_sa_id of message
*/
ike_sa_id_t *(*get_ike_sa_id) (message_t *this);
/**
- * @brief Sets the exchange type of the message.
+ * Sets the exchange type of the message.
*
- * @param this message_t object
* @param exchange_type exchange_type to set
*/
void (*set_exchange_type) (message_t *this,exchange_type_t exchange_type);
/**
- * @brief Gets the exchange type of the message.
+ * Gets the exchange type of the message.
*
- * @param this message_t object
* @return exchange type of the message
*/
exchange_type_t (*get_exchange_type) (message_t *this);
/**
- * @brief Gets the payload type of the first payload.
+ * Gets the payload type of the first payload.
*
- * @param this message_t object
* @return payload type of the first payload
*/
payload_type_t (*get_first_payload_type) (message_t *this);
/**
- * @brief Sets the request flag.
+ * Sets the request flag.
*
- * @param this message_t object
- * @param original_initiator TRUE if message is a request, FALSE if it is a reply
+ * @param request TRUE if message is a request, FALSE if it is a reply
*/
- void (*set_request) (message_t *this,bool request);
+ void (*set_request) (message_t *this, bool request);
/**
- * @brief Gets request flag.
+ * Gets request flag.
*
- * @param this message_t object
* @return TRUE if message is a request, FALSE if it is a reply
*/
bool (*get_request) (message_t *this);
/**
- * @brief Append a payload to the message.
+ * Append a payload to the message.
*
* If the payload must be encrypted is not specified here. Encryption
* of payloads is evaluated via internal rules for the messages and
@@ -187,19 +165,17 @@ struct message_t {
* all payloads to encrypt are added to the encryption payload, which is
* always the last one.
*
- * @param this message_t object
* @param payload payload to append
*/
void (*add_payload) (message_t *this, payload_t *payload);
/**
- * @brief Build a notify payload and add it to the message.
+ * Build a notify payload and add it to the message.
*
* This is a helper method to create notify messages or add
* notify payload to messages. The flush parameter specifies if existing
* payloads should get removed before appending the notify.
*
- * @param this message_t object
* @param flush TRUE to remove existing payloads
* @param type type of the notify
* @param data a chunk of data to add to the notify, gets cloned
@@ -208,13 +184,12 @@ struct message_t {
chunk_t data);
/**
- * @brief Parses header of message.
+ * Parses header of message.
*
* Begins parisng of a message created via message_create_from_packet().
* The parsing context is stored, so a subsequent call to parse_body()
* will continue the parsing process.
*
- * @param this message_t object
* @return
* - SUCCESS if header could be parsed
* - PARSE_ERROR if corrupted/invalid data found
@@ -223,7 +198,7 @@ struct message_t {
status_t (*parse_header) (message_t *this);
/**
- * @brief Parses body of message.
+ * Parses body of message.
*
* The body gets not only parsed, but rather it gets verified.
* All payloads are verified if they are allowed to exist in the message
@@ -234,7 +209,6 @@ struct message_t {
* Crypter/signer can be omitted (by passing NULL) when no encryption
* payload is expected.
*
- * @param this message_t object
* @param crypter crypter to decrypt encryption payloads
* @param signer signer to verifiy a message with an encryption payload
* @return
@@ -249,7 +223,7 @@ struct message_t {
status_t (*parse_body) (message_t *this, crypter_t *crypter, signer_t *signer);
/**
- * @brief Generates the UDP packet of specific message.
+ * Generates the UDP packet of specific message.
*
* Payloads which must be encrypted are generated first and added to
* an encryption payload. This encryption payload will get encrypted via
@@ -260,7 +234,6 @@ struct message_t {
* payload is expected.
* Generation is only done once, multiple calls will just return a packet copy.
*
- * @param this message_t object
* @param crypter crypter to use when a payload must be encrypted
* @param signer signer to build a mac
* @param packet copy of generated packet
@@ -273,103 +246,91 @@ struct message_t {
status_t (*generate) (message_t *this, crypter_t *crypter, signer_t *signer, packet_t **packet);
/**
- * @brief Gets the source host informations.
+ * Gets the source host informations.
*
* @warning Returned host_t object is not getting cloned,
* do not destroy nor modify.
*
- * @param this message_t object
* @return host_t object representing source host
*/
host_t * (*get_source) (message_t *this);
/**
- * @brief Sets the source host informations.
+ * Sets the source host informations.
*
* @warning host_t object is not getting cloned and gets destroyed by
* message_t.destroy or next call of message_t.set_source.
*
- * @param this message_t object
* @param host host_t object representing source host
*/
void (*set_source) (message_t *this, host_t *host);
/**
- * @brief Gets the destination host informations.
+ * Gets the destination host informations.
*
* @warning Returned host_t object is not getting cloned,
* do not destroy nor modify.
*
- * @param this message_t object
* @return host_t object representing destination host
*/
host_t * (*get_destination) (message_t *this);
/**
- * @brief Sets the destination host informations.
+ * Sets the destination host informations.
*
* @warning host_t object is not getting cloned and gets destroyed by
* message_t.destroy or next call of message_t.set_destination.
*
- * @param this message_t object
* @param host host_t object representing destination host
*/
void (*set_destination) (message_t *this, host_t *host);
/**
- * @brief Returns an iterator on all stored payloads.
+ * Returns an iterator on all stored payloads.
*
* @warning Don't insert payloads over this iterator.
* Use add_payload() instead.
*
- * @param this message_t object
* @return iterator_t object which has to get destroyd by the caller
*/
iterator_t * (*get_payload_iterator) (message_t *this);
/**
- * @brief Find a payload of a specific type.
+ * Find a payload of a specific type.
*
* Returns the first occurance.
*
- * @param this message_t object
* @param type type of the payload to find
* @return payload, or NULL if no such payload found
*/
payload_t* (*get_payload) (message_t *this, payload_type_t type);
/**
- * @brief Returns a clone of the internal stored packet_t object.
+ * Returns a clone of the internal stored packet_t object.
*
- * @param this message_t object
* @return packet_t object as clone of internal one
*/
packet_t * (*get_packet) (message_t *this);
/**
- * @brief Returns a clone of the internal stored packet_t data.
+ * Returns a clone of the internal stored packet_t data.
*
- * @param this message_t object
* @return clone of the internal stored packet_t data.
*/
chunk_t (*get_packet_data) (message_t *this);
/**
- * @brief Destroys a message and all including objects.
- *
- * @param this message_t object
+ * Destroys a message and all including objects.
*/
void (*destroy) (message_t *this);
};
/**
- * @brief Creates an message_t object from a incoming UDP Packet.
+ * Creates an message_t object from a incoming UDP Packet.
*
* @warning the given packet_t object is not copied and gets
* destroyed in message_t's destroy call.
*
- * @warning Packet is not parsed in here!
- *
* - exchange_type is set to NOT_SET
* - original_initiator is set to TRUE
* - is_request is set to TRUE
@@ -377,23 +338,19 @@ struct message_t {
*
* @param packet packet_t object which is assigned to message
* @return message_t object
- *
- * @ingroup encoding
*/
message_t * message_create_from_packet(packet_t *packet);
/**
- * @brief Creates an empty message_t object.
+ * Creates an empty message_t object.
*
* - exchange_type is set to NOT_SET
* - original_initiator is set to TRUE
* - is_request is set to TRUE
*
* @return message_t object
- *
- * @ingroup encoding
*/
message_t * message_create(void);
-#endif /*MESSAGE_H_*/
+#endif /*MESSAGE_H_ @} */
diff --git a/src/charon/encoding/parser.c b/src/charon/encoding/parser.c
index d7caf7099..1b03aacb2 100644
--- a/src/charon/encoding/parser.c
+++ b/src/charon/encoding/parser.c
@@ -1,10 +1,3 @@
-/**
- * @file parser.c
- *
- * @brief Implementation of parser_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: parser.c 4010 2008-05-23 18:23:17Z martin $
*/
#include <stdlib.h>
@@ -67,7 +62,7 @@ struct private_parser_t {
parser_t public;
/**
- * @brief Parse a 4-Bit unsigned integer from the current parsing position.
+ * Parse a 4-Bit unsigned integer from the current parsing position.
*
* @param this parser_t object
* @param rule_number number of current rule
@@ -79,7 +74,7 @@ struct private_parser_t {
status_t (*parse_uint4) (private_parser_t *this, int rule_number, u_int8_t *output_pos);
/**
- * @brief Parse a 8-Bit unsigned integer from the current parsing position.
+ * Parse a 8-Bit unsigned integer from the current parsing position.
*
* @param this parser_t object
* @param rule_number number of current rule
@@ -91,7 +86,7 @@ struct private_parser_t {
status_t (*parse_uint8) (private_parser_t *this, int rule_number, u_int8_t *output_pos);
/**
- * @brief Parse a 15-Bit unsigned integer from the current parsing position.
+ * Parse a 15-Bit unsigned integer from the current parsing position.
*
* This is a special case used for ATTRIBUTE_TYPE.
* Big-/Little-endian conversion is done here.
@@ -106,7 +101,7 @@ struct private_parser_t {
status_t (*parse_uint15) (private_parser_t *this, int rule_number, u_int16_t *output_pos);
/**
- * @brief Parse a 16-Bit unsigned integer from the current parsing position.
+ * Parse a 16-Bit unsigned integer from the current parsing position.
*
* Big-/Little-endian conversion is done here.
*
@@ -120,7 +115,7 @@ struct private_parser_t {
status_t (*parse_uint16) (private_parser_t *this, int rule_number, u_int16_t *output_pos);
/**
- * @brief Parse a 32-Bit unsigned integer from the current parsing position.
+ * Parse a 32-Bit unsigned integer from the current parsing position.
*
* Big-/Little-endian conversion is done here.
*
@@ -134,7 +129,7 @@ struct private_parser_t {
status_t (*parse_uint32) (private_parser_t *this, int rule_number, u_int32_t *output_pos);
/**
- * @brief Parse a 64-Bit unsigned integer from the current parsing position.
+ * Parse a 64-Bit unsigned integer from the current parsing position.
*
* @todo add support for big-endian machines.
*
@@ -148,7 +143,7 @@ struct private_parser_t {
status_t (*parse_uint64) (private_parser_t *this, int rule_number, u_int64_t *output_pos);
/**
- * @brief Parse a given amount of bytes and writes them to a specific location
+ * Parse a given amount of bytes and writes them to a specific location
*
* @param this parser_t object
* @param rule_number number of current rule
@@ -161,7 +156,7 @@ struct private_parser_t {
status_t (*parse_bytes) (private_parser_t *this, int rule_number, u_int8_t *output_pos,size_t bytes);
/**
- * @brief Parse a single Bit from the current parsing position
+ * Parse a single Bit from the current parsing position
*
* @param this parser_t object
* @param rule_number number of current rule
@@ -173,7 +168,7 @@ struct private_parser_t {
status_t (*parse_bit) (private_parser_t *this, int rule_number, bool *output_pos);
/**
- * @brief Parse substructures in a list
+ * Parse substructures in a list
*
* This function calls the parser recursively to parse contained substructures
* in a linked_list_t. The list must already be created. Payload defines
@@ -192,7 +187,7 @@ struct private_parser_t {
status_t (*parse_list) (private_parser_t *this, int rule_number, linked_list_t **output_pos, payload_type_t payload_ype, size_t length);
/**
- * @brief Parse data from current parsing position in a chunk.
+ * Parse data from current parsing position in a chunk.
*
* This function clones length number of bytes to output_pos, without
* modifiyng them. Space will be allocated and must be freed by caller.
@@ -690,6 +685,11 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
return PARSE_ERROR;
}
payload_length = *(u_int16_t*)(output + rule->offset);
+ if (payload_length < UNKNOWN_PAYLOAD_HEADER_LENGTH)
+ {
+ pld->destroy(pld);
+ return PARSE_ERROR;
+ }
break;
}
case HEADER_LENGTH:
@@ -722,8 +722,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case PROPOSALS:
{
- size_t proposals_length = payload_length - SA_PAYLOAD_HEADER_LENGTH;
- if (this->parse_list(this, rule_number, output + rule->offset, PROPOSAL_SUBSTRUCTURE, proposals_length) != SUCCESS)
+ if (payload_length < SA_PAYLOAD_HEADER_LENGTH ||
+ this->parse_list(this, rule_number, output + rule->offset, PROPOSAL_SUBSTRUCTURE,
+ payload_length - SA_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -732,8 +733,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case TRANSFORMS:
{
- size_t transforms_length = payload_length - spi_size - PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH;
- if (this->parse_list(this, rule_number, output + rule->offset, TRANSFORM_SUBSTRUCTURE, transforms_length) != SUCCESS)
+ if (payload_length < spi_size + PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH ||
+ this->parse_list(this, rule_number, output + rule->offset, TRANSFORM_SUBSTRUCTURE,
+ payload_length - spi_size - PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -742,8 +744,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case TRANSFORM_ATTRIBUTES:
{
- size_t transform_a_length = payload_length - TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH;
- if (this->parse_list(this, rule_number, output + rule->offset, TRANSFORM_ATTRIBUTE, transform_a_length) != SUCCESS)
+ if (payload_length < TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH ||
+ this->parse_list(this, rule_number, output + rule->offset, TRANSFORM_ATTRIBUTE,
+ payload_length - TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -752,8 +755,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case CONFIGURATION_ATTRIBUTES:
{
- size_t configuration_attributes_length = payload_length - CP_PAYLOAD_HEADER_LENGTH;
- if (this->parse_list(this, rule_number, output + rule->offset, CONFIGURATION_ATTRIBUTE, configuration_attributes_length) != SUCCESS)
+ if (payload_length < CP_PAYLOAD_HEADER_LENGTH ||
+ this->parse_list(this, rule_number, output + rule->offset, CONFIGURATION_ATTRIBUTE,
+ payload_length - CP_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -814,8 +818,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case NONCE_DATA:
{
- size_t nonce_length = payload_length - NONCE_PAYLOAD_HEADER_LENGTH;
- if (this->parse_chunk(this, rule_number, output + rule->offset, nonce_length) != SUCCESS)
+ if (payload_length < NONCE_PAYLOAD_HEADER_LENGTH ||
+ this->parse_chunk(this, rule_number, output + rule->offset,
+ payload_length - NONCE_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -824,8 +829,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case ID_DATA:
{
- size_t data_length = payload_length - ID_PAYLOAD_HEADER_LENGTH;
- if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS)
+ if (payload_length < ID_PAYLOAD_HEADER_LENGTH ||
+ this->parse_chunk(this, rule_number, output + rule->offset,
+ payload_length - ID_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -834,8 +840,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case AUTH_DATA:
{
- size_t data_length = payload_length - AUTH_PAYLOAD_HEADER_LENGTH;
- if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS)
+ if (payload_length < AUTH_PAYLOAD_HEADER_LENGTH ||
+ this->parse_chunk(this, rule_number, output + rule->offset,
+ payload_length - AUTH_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -844,8 +851,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case CERT_DATA:
{
- size_t data_length = payload_length - CERT_PAYLOAD_HEADER_LENGTH;
- if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS)
+ if (payload_length < CERT_PAYLOAD_HEADER_LENGTH ||
+ this->parse_chunk(this, rule_number, output + rule->offset,
+ payload_length - CERT_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -854,8 +862,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case CERTREQ_DATA:
{
- size_t data_length = payload_length - CERTREQ_PAYLOAD_HEADER_LENGTH;
- if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS)
+ if (payload_length < CERTREQ_PAYLOAD_HEADER_LENGTH ||
+ this->parse_chunk(this, rule_number, output + rule->offset,
+ payload_length - CERTREQ_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -864,8 +873,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case EAP_DATA:
{
- size_t data_length = payload_length - EAP_PAYLOAD_HEADER_LENGTH;
- if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS)
+ if (payload_length < EAP_PAYLOAD_HEADER_LENGTH ||
+ this->parse_chunk(this, rule_number, output + rule->offset,
+ payload_length - EAP_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -874,8 +884,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case SPIS:
{
- size_t data_length = payload_length - DELETE_PAYLOAD_HEADER_LENGTH;
- if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS)
+ if (payload_length < DELETE_PAYLOAD_HEADER_LENGTH ||
+ this->parse_chunk(this, rule_number, output + rule->offset,
+ payload_length - DELETE_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -884,8 +895,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case VID_DATA:
{
- size_t data_length = payload_length - VENDOR_ID_PAYLOAD_HEADER_LENGTH;
- if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS)
+ if (payload_length < VENDOR_ID_PAYLOAD_HEADER_LENGTH ||
+ this->parse_chunk(this, rule_number, output + rule->offset,
+ payload_length - VENDOR_ID_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -904,8 +916,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case KEY_EXCHANGE_DATA:
{
- size_t keydata_length = payload_length - KE_PAYLOAD_HEADER_LENGTH;
- if (this->parse_chunk(this, rule_number, output + rule->offset, keydata_length) != SUCCESS)
+ if (payload_length < KE_PAYLOAD_HEADER_LENGTH ||
+ this->parse_chunk(this, rule_number, output + rule->offset,
+ payload_length - KE_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -914,8 +927,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case NOTIFICATION_DATA:
{
- size_t notify_length = payload_length - NOTIFY_PAYLOAD_HEADER_LENGTH - spi_size;
- if (this->parse_chunk(this, rule_number, output + rule->offset, notify_length) != SUCCESS)
+ if (payload_length < NOTIFY_PAYLOAD_HEADER_LENGTH + spi_size ||
+ this->parse_chunk(this, rule_number, output + rule->offset,
+ payload_length - NOTIFY_PAYLOAD_HEADER_LENGTH - spi_size) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -924,8 +938,9 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case ENCRYPTED_DATA:
{
- size_t data_length = payload_length - ENCRYPTION_PAYLOAD_HEADER_LENGTH;
- if (this->parse_chunk(this, rule_number, output + rule->offset, data_length) != SUCCESS)
+ if (payload_length < ENCRYPTION_PAYLOAD_HEADER_LENGTH ||
+ this->parse_chunk(this, rule_number, output + rule->offset,
+ payload_length - ENCRYPTION_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
@@ -954,18 +969,20 @@ static status_t parse_payload(private_parser_t *this, payload_type_t payload_typ
}
case TRAFFIC_SELECTORS:
{
- size_t traffic_selectors_length = payload_length - TS_PAYLOAD_HEADER_LENGTH;
- if (this->parse_list(this, rule_number, output + rule->offset, TRAFFIC_SELECTOR_SUBSTRUCTURE, traffic_selectors_length) != SUCCESS)
+ if (payload_length < TS_PAYLOAD_HEADER_LENGTH ||
+ this->parse_list(this, rule_number, output + rule->offset, TRAFFIC_SELECTOR_SUBSTRUCTURE,
+ payload_length - TS_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
}
break;
}
- case UNKNOWN_PAYLOAD:
+ case UNKNOWN_DATA:
{
- size_t unknown_payload_data_length = payload_length - UNKNOWN_PAYLOAD_HEADER_LENGTH;
- if (this->parse_chunk(this, rule_number, output + rule->offset, unknown_payload_data_length) != SUCCESS)
+ if (payload_length < UNKNOWN_PAYLOAD_HEADER_LENGTH ||
+ this->parse_chunk(this, rule_number, output + rule->offset,
+ payload_length - UNKNOWN_PAYLOAD_HEADER_LENGTH) != SUCCESS)
{
pld->destroy(pld);
return PARSE_ERROR;
diff --git a/src/charon/encoding/parser.h b/src/charon/encoding/parser.h
index e9978524c..58778b57a 100644
--- a/src/charon/encoding/parser.h
+++ b/src/charon/encoding/parser.h
@@ -1,10 +1,3 @@
-/**
- * @file parser.h
- *
- * @brief Interface of parser_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: parser.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup parser parser
+ * @{ @ingroup encoding
*/
#ifndef PARSER_H_
@@ -31,65 +31,51 @@ typedef struct parser_t parser_t;
#include <encoding/payloads/payload.h>
/**
- * @brief A parser_t class to parse IKEv2 payloads.
+ * A parser_t class to parse IKEv2 payloads.
*
* A parser is used for parsing one chunk of data. Multiple
* payloads can be parsed out of the chunk using parse_payload.
* The parser remains the state until destroyed.
- *
- * @b Constructors:
- * - parser_create()
- *
- * @ingroup encoding
*/
struct parser_t {
/**
- * @brief Parses the next payload.
+ * Parses the next payload.
*
* @warning Caller is responsible for freeing allocated payload.
*
* Rules for parsing are described in the payload definition.
*
- * @param this parser_t bject
- * @param payload_type payload type to parse
- * @param[out] payload pointer where parsed payload was allocated
+ * @param payload_type payload type to parse
+ * @param payload pointer where parsed payload was allocated
* @return
- * - SUCCESSFUL if succeeded,
- * - PARSE_ERROR if corrupted/invalid data found
+ * - SUCCESSFUL if succeeded,
+ * - PARSE_ERROR if corrupted/invalid data found
*/
status_t (*parse_payload) (parser_t *this, payload_type_t payload_type, payload_t **payload);
/**
* Gets the remaining byte count which is not currently parsed.
- *
- * @param parser parser_t object
*/
int (*get_remaining_byte_count) (parser_t *this);
/**
- * @brief Resets the current parser context.
- *
- * @param parser parser_t object
+ * Resets the current parser context.
*/
void (*reset_context) (parser_t *this);
/**
- * @brief Destroys a parser_t object.
- *
- * @param parser parser_t object
+ * Destroys a parser_t object.
*/
void (*destroy) (parser_t *this);
};
/**
- * @brief Constructor to create a parser_t object.
- *
- * @param data chunk of data to parse with this parser_t object
- * @return parser_t object
+ * Constructor to create a parser_t object.
*
- * @ingroup encoding
+ * @param data chunk of data to parse with this parser_t object
+ * @return parser_t object
*/
parser_t *parser_create(chunk_t data);
-#endif /*PARSER_H_*/
+#endif /*PARSER_H_ @} */
diff --git a/src/charon/encoding/payloads/auth_payload.c b/src/charon/encoding/payloads/auth_payload.c
index 256d6c8a4..f9ca23236 100644
--- a/src/charon/encoding/payloads/auth_payload.c
+++ b/src/charon/encoding/payloads/auth_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file auth_payload.h
- *
- * @brief Implementation of auth_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: auth_payload.c 4051 2008-06-10 09:08:27Z tobias $
*/
#include "auth_payload.h"
@@ -116,7 +111,8 @@ encoding_rule_t auth_payload_encodings[] = {
static status_t verify(private_auth_payload_t *this)
{
if (this->auth_method == 0 ||
- (this->auth_method >= 4 && this->auth_method <= 200))
+ (this->auth_method >= 4 && this->auth_method <= 8) ||
+ (this->auth_method >= 12 && this->auth_method <= 200))
{
/* reserved IDs */
return FAILED;
diff --git a/src/charon/encoding/payloads/auth_payload.h b/src/charon/encoding/payloads/auth_payload.h
index 2db82ec0b..bdbba9e35 100644
--- a/src/charon/encoding/payloads/auth_payload.h
+++ b/src/charon/encoding/payloads/auth_payload.h
@@ -1,10 +1,3 @@
-/**
- * @file auth_payload.h
- *
- * @brief Interface of auth_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: auth_payload.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup auth_payload auth_payload
+ * @{ @ingroup payloads
*/
#ifndef AUTH_PAYLOAD_H_
@@ -32,20 +32,13 @@ typedef struct auth_payload_t auth_payload_t;
/**
* Length of a auth payload without the auth data in bytes.
- *
- * @ingroup payloads
*/
#define AUTH_PAYLOAD_HEADER_LENGTH 8
/**
- * @brief Class representing an IKEv2 AUTH payload.
+ * Class representing an IKEv2 AUTH payload.
*
* The AUTH payload format is described in RFC section 3.8.
- *
- * @b Constructors:
- * - auth_payload_create()
- *
- * @ingroup payloads
*/
struct auth_payload_t {
@@ -55,67 +48,57 @@ struct auth_payload_t {
payload_t payload_interface;
/**
- * @brief Set the AUTH method.
+ * Set the AUTH method.
*
- * @param this calling auth_payload_t object
* @param method auth_method_t to use
*/
void (*set_auth_method) (auth_payload_t *this, auth_method_t method);
/**
- * @brief Get the AUTH method.
+ * Get the AUTH method.
*
- * @param this calling auth_payload_t object
* @return auth_method_t used
*/
auth_method_t (*get_auth_method) (auth_payload_t *this);
/**
- * @brief Set the AUTH data.
+ * Set the AUTH data.
*
- * Data are getting cloned.
+ * Data gets cloned.
*
- * @param this calling auth_payload_t object
* @param data AUTH data as chunk_t
*/
void (*set_data) (auth_payload_t *this, chunk_t data);
/**
- * @brief Get the AUTH data.
+ * Get the AUTH data.
*
* Returned data are a copy of the internal one.
*
- * @param this calling auth_payload_t object
* @return AUTH data as chunk_t
*/
chunk_t (*get_data_clone) (auth_payload_t *this);
/**
- * @brief Get the AUTH data.
+ * Get the AUTH data.
*
* Returned data are NOT copied
*
- * @param this calling auth_payload_t object
* @return AUTH data as chunk_t
*/
chunk_t (*get_data) (auth_payload_t *this);
/**
- * @brief Destroys an auth_payload_t object.
- *
- * @param this auth_payload_t object to destroy
+ * Destroys an auth_payload_t object.
*/
void (*destroy) (auth_payload_t *this);
};
/**
- * @brief Creates an empty auth_payload_t object.
+ * Creates an empty auth_payload_t object.
*
* @return auth_payload_t object
- *
- * @ingroup payloads
*/
auth_payload_t *auth_payload_create(void);
-
-#endif /* AUTH_PAYLOAD_H_ */
+#endif /* AUTH_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/cert_payload.c b/src/charon/encoding/payloads/cert_payload.c
index c456f4936..99f504c5e 100644
--- a/src/charon/encoding/payloads/cert_payload.c
+++ b/src/charon/encoding/payloads/cert_payload.c
@@ -1,12 +1,6 @@
-/**
- * @file cert_payload.c
- *
- * @brief Implementation of cert_payload_t.
- *
- */
-
/*
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -19,29 +13,32 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: cert_payload.c 3852 2008-04-18 21:27:08Z andreas $
*/
#include <stddef.h>
+#include <ctype.h>
-#include "cert_payload.h"
+#include <daemon.h>
+#include "cert_payload.h"
-ENUM(cert_encoding_names, CERT_NONE, CERT_OCSP_CONTENT,
- "CERT_NONE",
- "CERT_PKCS7_WRAPPED_X509",
- "CERT_PGP",
- "CERT_DNS_SIGNED_KEY",
- "CERT_X509_SIGNATURE",
- "CERT_X509_KEY_EXCHANGE",
- "CERT_KERBEROS_TOKENS",
- "CERT_CRL",
- "CERT_ARL",
- "CERT_SPKI",
- "CERT_X509_ATTRIBUTE",
- "CERT_RAW_RSA_KEY",
- "CERT_X509_HASH_AND_URL",
- "CERT_X509_HASH_AND_URL_BUNDLE",
- "CERT_OCSP_CONTENT",
+ENUM(cert_encoding_names, ENC_PKCS7_WRAPPED_X509, ENC_OCSP_CONTENT,
+ "ENC_PKCS7_WRAPPED_X509",
+ "ENC_PGP",
+ "ENC_DNS_SIGNED_KEY",
+ "ENC_X509_SIGNATURE",
+ "ENC_X509_KEY_EXCHANGE",
+ "ENC_KERBEROS_TOKENS",
+ "ENC_CRL",
+ "ENC_ARL",
+ "ENC_SPKI",
+ "ENC_X509_ATTRIBUTE",
+ "ENC_RAW_RSA_KEY",
+ "ENC_X509_HASH_AND_URL",
+ "ENC_X509_HASH_AND_URL_BUNDLE",
+ "ENC_OCSP_CONTENT",
);
typedef struct private_cert_payload_t private_cert_payload_t;
@@ -74,12 +71,17 @@ struct private_cert_payload_t {
/**
* Encoding of the CERT Data.
*/
- u_int8_t cert_encoding;
+ u_int8_t encoding;
/**
* The contained cert data value.
*/
- chunk_t cert_data;
+ chunk_t data;
+
+ /**
+ * TRUE if the "Hash and URL" data is invalid
+ */
+ bool invalid_hash_and_url;
};
/**
@@ -105,9 +107,9 @@ encoding_rule_t cert_payload_encodings[] = {
/* Length of the whole payload*/
{ PAYLOAD_LENGTH, offsetof(private_cert_payload_t, payload_length)},
/* 1 Byte CERT type*/
- { U_INT_8, offsetof(private_cert_payload_t, cert_encoding) },
+ { U_INT_8, offsetof(private_cert_payload_t, encoding) },
/* some cert data bytes, length is defined in PAYLOAD_LENGTH */
- { CERT_DATA, offsetof(private_cert_payload_t, cert_data) }
+ { CERT_DATA, offsetof(private_cert_payload_t, data) }
};
/*
@@ -128,11 +130,41 @@ encoding_rule_t cert_payload_encodings[] = {
*/
static status_t verify(private_cert_payload_t *this)
{
- if ((this->cert_encoding == 0) ||
- ((this->cert_encoding >= CERT_ROOF) && (this->cert_encoding <= 200)))
+ if (this->encoding == ENC_X509_HASH_AND_URL ||
+ this->encoding == ENC_X509_HASH_AND_URL_BUNDLE)
{
- /* reserved IDs */
- return FAILED;
+ /* coarse verification of "Hash and URL" encoded certificates */
+ if (this->data.len <= 20)
+ {
+ DBG1(DBG_ENC, "invalid payload length for hash-and-url (%d), ignore",
+ this->data.len);
+ this->invalid_hash_and_url = TRUE;
+ return SUCCESS;
+ }
+
+ int i = 20; /* skipping the hash */
+ for (; i < this->data.len; ++i)
+ {
+ if (this->data.ptr[i] == '\0')
+ {
+ /* null terminated, fine */
+ return SUCCESS;
+ }
+ else if (!isprint(this->data.ptr[i]))
+ {
+ DBG1(DBG_ENC, "non printable characters in url of hash-and-url"
+ " encoded certificate payload, ignore");
+ this->invalid_hash_and_url = TRUE;
+ return SUCCESS;
+ }
+ }
+
+ /* URL is not null terminated, correct that */
+ chunk_t data = chunk_alloc(this->data.len + 1);
+ memcpy(data.ptr, this->data.ptr, this->data.len);
+ data.ptr[this->data.len] = '\0';
+ chunk_free(&this->data);
+ this->data = data;
}
return SUCCESS;
}
@@ -140,7 +172,8 @@ static status_t verify(private_cert_payload_t *this)
/**
* Implementation of cert_payload_t.get_encoding_rules.
*/
-static void get_encoding_rules(private_cert_payload_t *this, encoding_rule_t **rules, size_t *rule_count)
+static void get_encoding_rules(private_cert_payload_t *this,
+ encoding_rule_t **rules, size_t *rule_count)
{
*rules = cert_payload_encodings;
*rule_count = sizeof(cert_payload_encodings) / sizeof(encoding_rule_t);
@@ -159,7 +192,7 @@ static payload_type_t get_payload_type(private_cert_payload_t *this)
*/
static payload_type_t get_next_type(private_cert_payload_t *this)
{
- return (this->next_payload);
+ return this->next_payload;
}
/**
@@ -179,56 +212,56 @@ static size_t get_length(private_cert_payload_t *this)
}
/**
- * Implementation of cert_payload_t.set_cert_encoding.
- */
-static void set_cert_encoding (private_cert_payload_t *this, cert_encoding_t encoding)
-{
- this->cert_encoding = encoding;
-}
-
-/**
* Implementation of cert_payload_t.get_cert_encoding.
*/
-static cert_encoding_t get_cert_encoding (private_cert_payload_t *this)
+static cert_encoding_t get_cert_encoding(private_cert_payload_t *this)
{
- return (this->cert_encoding);
+ return this->encoding;
}
/**
- * Implementation of cert_payload_t.set_data.
+ * Implementation of cert_payload_t.get_cert.
*/
-static void set_data (private_cert_payload_t *this, chunk_t data)
+static certificate_t *get_cert(private_cert_payload_t *this)
{
- if (this->cert_data.ptr != NULL)
+ if (this->encoding != ENC_X509_SIGNATURE)
{
- chunk_free(&(this->cert_data));
+ return NULL;
}
- this->cert_data.ptr = clalloc(data.ptr,data.len);
- this->cert_data.len = data.len;
- this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->cert_data.len;
+ return lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
+ BUILD_BLOB_ASN1_DER, chunk_clone(this->data),
+ BUILD_END);
}
/**
- * Implementation of cert_payload_t.get_data.
+ * Implementation of cert_payload_t.get_hash.
*/
-static chunk_t get_data (private_cert_payload_t *this)
+static chunk_t get_hash(private_cert_payload_t *this)
{
- return (this->cert_data);
+ chunk_t hash = chunk_empty;
+ if ((this->encoding != ENC_X509_HASH_AND_URL &&
+ this->encoding != ENC_X509_HASH_AND_URL_BUNDLE) ||
+ this->invalid_hash_and_url)
+ {
+ return hash;
+ }
+ hash.ptr = this->data.ptr;
+ hash.len = 20;
+ return hash;
}
/**
- * Implementation of cert_payload_t.get_data_clone.
+ * Implementation of cert_payload_t.get_url.
*/
-static chunk_t get_data_clone (private_cert_payload_t *this)
+static char *get_url(private_cert_payload_t *this)
{
- chunk_t cloned_data;
- if (this->cert_data.ptr == NULL)
+ if ((this->encoding != ENC_X509_HASH_AND_URL &&
+ this->encoding != ENC_X509_HASH_AND_URL_BUNDLE) ||
+ this->invalid_hash_and_url)
{
- return (this->cert_data);
+ return NULL;
}
- cloned_data.ptr = clalloc(this->cert_data.ptr,this->cert_data.len);
- cloned_data.len = this->cert_data.len;
- return cloned_data;
+ return (char*)this->data.ptr + 20;
}
/**
@@ -236,11 +269,7 @@ static chunk_t get_data_clone (private_cert_payload_t *this)
*/
static void destroy(private_cert_payload_t *this)
{
- if (this->cert_data.ptr != NULL)
- {
- chunk_free(&(this->cert_data));
- }
-
+ chunk_free(&this->data);
free(this);
}
@@ -251,7 +280,6 @@ cert_payload_t *cert_payload_create()
{
private_cert_payload_t *this = malloc_thing(private_cert_payload_t);
- /* interface functions */
this->public.payload_interface.verify = (status_t (*) (payload_t*))verify;
this->public.payload_interface.get_encoding_rules = (void (*) (payload_t*,encoding_rule_t**, size_t*))get_encoding_rules;
this->public.payload_interface.get_length = (size_t (*) (payload_t*))get_length;
@@ -260,31 +288,60 @@ cert_payload_t *cert_payload_create()
this->public.payload_interface.get_type = (payload_type_t (*) (payload_t*))get_payload_type;
this->public.payload_interface.destroy = (void (*) (payload_t*))destroy;
- /* public functions */
this->public.destroy = (void (*) (cert_payload_t*))destroy;
- this->public.set_cert_encoding = (void (*) (cert_payload_t*,cert_encoding_t))set_cert_encoding;
+ this->public.get_cert = (certificate_t* (*) (cert_payload_t*))get_cert;
this->public.get_cert_encoding = (cert_encoding_t (*) (cert_payload_t*))get_cert_encoding;
- this->public.set_data = (void (*) (cert_payload_t*,chunk_t))set_data;
- this->public.get_data_clone = (chunk_t (*) (cert_payload_t*))get_data_clone;
- this->public.get_data = (chunk_t (*) (cert_payload_t*))get_data;
+ this->public.get_hash = (chunk_t (*) (cert_payload_t*))get_hash;
+ this->public.get_url = (char* (*) (cert_payload_t*))get_url;
- /* private variables */
this->critical = FALSE;
this->next_payload = NO_PAYLOAD;
this->payload_length = CERT_PAYLOAD_HEADER_LENGTH;
- this->cert_data = chunk_empty;
+ this->data = chunk_empty;
+ this->encoding = 0;
+ this->invalid_hash_and_url = FALSE;
- return (&(this->public));
+ return &this->public;
}
/*
* Described in header
*/
-cert_payload_t *cert_payload_create_from_x509(x509_t *cert)
+cert_payload_t *cert_payload_create_from_cert(certificate_t *cert)
{
- cert_payload_t *this = cert_payload_create();
+ private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create();
+
+ switch (cert->get_type(cert))
+ {
+ case CERT_X509:
+ this->encoding = ENC_X509_SIGNATURE;
+ break;
+ default:
+ DBG1(DBG_ENC, "embedding %N certificate in payload failed",
+ certificate_type_names, cert->get_type(cert));
+ free(this);
+ return NULL;
+ }
+ this->data = cert->get_encoding(cert);
+ this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len;
+ return &this->public;
+}
- this->set_cert_encoding(this, CERT_X509_SIGNATURE);
- this->set_data(this, cert->get_certificate(cert));
- return this;
+/*
+ * Described in header
+ */
+cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url)
+{
+ private_cert_payload_t *this = (private_cert_payload_t*)cert_payload_create();
+ chunk_t url_chunk;
+
+ this->encoding = ENC_X509_HASH_AND_URL;
+
+ url_chunk.ptr = url;
+ url_chunk.len = strlen(url) + 1;
+
+ this->data = chunk_cat("cc", hash, url_chunk);
+ this->payload_length = CERT_PAYLOAD_HEADER_LENGTH + this->data.len;
+ return &this->public;
}
+
diff --git a/src/charon/encoding/payloads/cert_payload.h b/src/charon/encoding/payloads/cert_payload.h
index bcb961398..aa16104a8 100644
--- a/src/charon/encoding/payloads/cert_payload.h
+++ b/src/charon/encoding/payloads/cert_payload.h
@@ -1,12 +1,6 @@
-/**
- * @file cert_payload.h
- *
- * @brief Interface of cert_payload_t.
- *
- */
-
/*
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2008 Tobias Brunner
+ * Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -19,69 +13,58 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: cert_payload.h 3838 2008-04-18 11:24:45Z tobias $
+ */
+
+/**
+ * @defgroup cert_payload cert_payload
+ * @{ @ingroup payloads
*/
#ifndef CERT_PAYLOAD_H_
#define CERT_PAYLOAD_H_
-typedef enum cert_encoding_t cert_encoding_t;
typedef struct cert_payload_t cert_payload_t;
+typedef enum cert_encoding_t cert_encoding_t;
#include <library.h>
-#include <crypto/x509.h>
+#include <credentials/certificates/certificate.h>
#include <encoding/payloads/payload.h>
/**
* Length of a cert payload without the cert data in bytes.
- *
- * @ingroup payloads
*/
#define CERT_PAYLOAD_HEADER_LENGTH 5
/**
- * @brief Certificate encoding, as described in IKEv2 RFC section 3.6
- *
- * @ingroup payloads
+ * Certifcate encodings, as in RFC4306
*/
enum cert_encoding_t {
- CERT_NONE = 0,
- CERT_PKCS7_WRAPPED_X509 = 1,
- CERT_PGP = 2,
- CERT_DNS_SIGNED_KEY = 3,
- CERT_X509_SIGNATURE = 4,
- CERT_KERBEROS_TOKEN = 6,
- CERT_CRL = 7,
- CERT_ARL = 8,
- CERT_SPKI = 9,
- CERT_X509_ATTRIBUTE = 10,
- CERT_RAW_RSA_KEY = 11,
- CERT_X509_HASH_AND_URL = 12,
- CERT_X509_HASH_AND_URL_BUNDLE = 13,
- CERT_OCSP_CONTENT = 14, /* from RFC 4806 */
- CERT_ROOF = 15
+ ENC_PKCS7_WRAPPED_X509 = 1,
+ ENC_PGP = 2,
+ ENC_DNS_SIGNED_KEY = 3,
+ ENC_X509_SIGNATURE = 4,
+ ENC_KERBEROS_TOKEN = 6,
+ ENC_CRL = 7,
+ ENC_ARL = 8,
+ ENC_SPKI = 9,
+ ENC_X509_ATTRIBUTE = 10,
+ ENC_RAW_RSA_KEY = 11,
+ ENC_X509_HASH_AND_URL = 12,
+ ENC_X509_HASH_AND_URL_BUNDLE = 13,
+ ENC_OCSP_CONTENT = 14, /* from RFC 4806 */
};
/**
- * string mappings for cert_encoding_t.
- *
- * @ingroup payloads
+ * Enum names for cert_encoding_t
*/
extern enum_name_t *cert_encoding_names;
/**
- * @brief Class representing an IKEv2 CERT payload.
+ * Class representing an IKEv2 CERT payload.
*
* The CERT payload format is described in RFC section 3.6.
- * This is just a dummy implementation to fullfill the standards
- * requirements. A full implementation would offer setters/getters
- * for the different encoding types.
- *
- * @b Constructors:
- * - cert_payload_create()
- *
- * @todo Implement setters/getters for the different certificate encodings.
- *
- * @ingroup payloads
*/
struct cert_payload_t {
@@ -89,78 +72,69 @@ struct cert_payload_t {
* The payload_t interface.
*/
payload_t payload_interface;
-
- /**
- * @brief Set the CERT encoding.
- *
- * @param this calling cert_payload_t object
- * @param encoding CERT encoding
- */
- void (*set_cert_encoding) (cert_payload_t *this, cert_encoding_t encoding);
/**
- * @brief Get the CERT encoding.
+ * Get the playoads encoded certifcate.
*
- * @param this calling cert_payload_t object
- * @return Encoding of the CERT
+ * @return certifcate copy
*/
- cert_encoding_t (*get_cert_encoding) (cert_payload_t *this);
+ certificate_t *(*get_cert)(cert_payload_t *this);
/**
- * @brief Set the CERT data.
+ * Get the encoding of the certificate.
*
- * Data are getting cloned.
- *
- * @param this calling cert_payload_t object
- * @param data CERT data as chunk_t
+ * @return encoding
*/
- void (*set_data) (cert_payload_t *this, chunk_t data);
+ cert_encoding_t (*get_cert_encoding)(cert_payload_t *this);
/**
- * @brief Get the CERT data.
+ * Get the hash if this is a hash and URL encoded certificate.
*
- * Returned data are a copy of the internal one.
- *
- * @param this calling cert_payload_t object
- * @return CERT data as chunk_t
+ * This function returns internal data, do not free.
+ *
+ * @return hash
*/
- chunk_t (*get_data_clone) (cert_payload_t *this);
+ chunk_t (*get_hash)(cert_payload_t *this);
/**
- * @brief Get the CERT data.
+ * Get the URL if this is a hash and URL encoded certificate.
*
- * Returned data are NOT copied.
- *
- * @param this calling cert_payload_t object
- * @return CERT data as chunk_t
+ * This function returns internal data, do not free.
+ *
+ * @return url
*/
- chunk_t (*get_data) (cert_payload_t *this);
+ char *(*get_url)(cert_payload_t *this);
+
/**
- * @brief Destroys an cert_payload_t object.
- *
- * @param this cert_payload_t object to destroy
+ * Destroys the cert_payload object.
*/
void (*destroy) (cert_payload_t *this);
};
/**
- * @brief Creates an empty cert_payload_t object.
+ * Creates an empty certificate payload.
*
+ * @param cert certificate to embed
* @return cert_payload_t object
- *
- * @ingroup payloads
*/
cert_payload_t *cert_payload_create(void);
/**
- * @brief Creates a cert_payload_t object with an X.509 certificate.
+ * Creates a certificate payload with an embedded certificate.
*
- * @param cert X.509 certificate
+ * @param cert certificate to embed
* @return cert_payload_t object
+ */
+cert_payload_t *cert_payload_create_from_cert(certificate_t *cert);
+
+/**
+ * Creates a certificate payload with hash and URL encoding of a certificate.
*
- * @ingroup payloads
+ * @param hash hash of the DER encoded certificate (get's cloned)
+ * @param url the URL to locate the certificate (get's cloned)
+ * @return cert_payload_t object
*/
-cert_payload_t *cert_payload_create_from_x509(x509_t *cert);
+cert_payload_t *cert_payload_create_from_hash_and_url(chunk_t hash, char *url);
-#endif /* CERT_PAYLOAD_H_ */
+#endif /* CERT_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/certreq_payload.c b/src/charon/encoding/payloads/certreq_payload.c
index 46663811a..1b499e9e8 100644
--- a/src/charon/encoding/payloads/certreq_payload.c
+++ b/src/charon/encoding/payloads/certreq_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file certreq_payload.c
- *
- * @brief Implementation of certreq_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,14 +12,15 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: certreq_payload.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stddef.h>
-#include <string.h>
#include <daemon.h>
#include <crypto/hashers/hasher.h>
-#include <crypto/ca.h>
+#include <encoding/payloads/cert_payload.h>
#include "certreq_payload.h"
@@ -61,12 +55,12 @@ struct private_certreq_payload_t {
/**
* Encoding of the CERT Data.
*/
- u_int8_t cert_encoding;
+ u_int8_t encoding;
/**
* The contained certreq data value.
*/
- chunk_t certreq_data;
+ chunk_t data;
};
/**
@@ -90,11 +84,11 @@ encoding_rule_t certreq_payload_encodings[] = {
{ RESERVED_BIT, 0 },
{ RESERVED_BIT, 0 },
/* Length of the whole payload*/
- { PAYLOAD_LENGTH, offsetof(private_certreq_payload_t, payload_length)},
+ { PAYLOAD_LENGTH, offsetof(private_certreq_payload_t, payload_length) },
/* 1 Byte CERTREQ type*/
- { U_INT_8, offsetof(private_certreq_payload_t, cert_encoding)},
+ { U_INT_8, offsetof(private_certreq_payload_t, encoding) },
/* some certreq data bytes, length is defined in PAYLOAD_LENGTH */
- { CERTREQ_DATA, offsetof(private_certreq_payload_t, certreq_data)}
+ { CERTREQ_DATA, offsetof(private_certreq_payload_t, data) }
};
/*
@@ -115,11 +109,15 @@ encoding_rule_t certreq_payload_encodings[] = {
*/
static status_t verify(private_certreq_payload_t *this)
{
- if ((this->cert_encoding == 0) ||
- ((this->cert_encoding >= CERT_ROOF) && (this->cert_encoding <= 200)))
+ if (this->encoding == ENC_X509_SIGNATURE)
{
- /* reserved IDs */
- return FAILED;
+ if (this->data.len < HASH_SIZE_SHA1 ||
+ this->data.len % HASH_SIZE_SHA1)
+ {
+ DBG1(DBG_ENC, "invalid X509 hash length (%d) in certreq",
+ this->data.len);
+ return FAILED;
+ }
}
return SUCCESS;
}
@@ -164,58 +162,78 @@ static size_t get_length(private_certreq_payload_t *this)
{
return this->payload_length;
}
-
+
/**
- * Implementation of certreq_payload_t.set_cert_encoding.
+ * Implementation of certreq_payload_t.add_keyid.
*/
-static void set_cert_encoding (private_certreq_payload_t *this, cert_encoding_t encoding)
+static void add_keyid(private_certreq_payload_t *this, chunk_t keyid)
{
- this->cert_encoding = encoding;
+ this->data = chunk_cat("mc", this->data, keyid);
+ this->payload_length += keyid.len;
}
+typedef struct keyid_enumerator_t keyid_enumerator_t;
+
/**
- * Implementation of certreq_payload_t.get_cert_encoding.
+ * enumerator to enumerate keyids
*/
-static cert_encoding_t get_cert_encoding (private_certreq_payload_t *this)
-{
- return (this->cert_encoding);
-}
+struct keyid_enumerator_t {
+ enumerator_t public;
+ chunk_t full;
+ u_char *pos;
+};
/**
- * Implementation of certreq_payload_t.set_data.
+ * enumerate function for keyid_enumerator
*/
-static void set_data (private_certreq_payload_t *this, chunk_t data)
+static bool keyid_enumerate(keyid_enumerator_t *this, chunk_t *chunk)
{
- if (this->certreq_data.ptr != NULL)
+ if (this->pos == NULL)
+ {
+ this->pos = this->full.ptr;
+ }
+ else
{
- chunk_free(&(this->certreq_data));
+ this->pos += HASH_SIZE_SHA1;
+ if (this->pos > (this->full.ptr + this->full.len - HASH_SIZE_SHA1))
+ {
+ this->pos = NULL;
+ }
}
- this->certreq_data.ptr = clalloc(data.ptr,data.len);
- this->certreq_data.len = data.len;
- this->payload_length = CERTREQ_PAYLOAD_HEADER_LENGTH + this->certreq_data.len;
+ if (this->pos)
+ {
+ chunk->ptr = this->pos;
+ chunk->len = HASH_SIZE_SHA1;
+ return TRUE;
+ }
+ return FALSE;
}
/**
- * Implementation of certreq_payload_t.get_data.
+ * Implementation of certreq_payload_t.create_keyid_enumerator.
*/
-static chunk_t get_data (private_certreq_payload_t *this)
+static enumerator_t* create_keyid_enumerator(private_certreq_payload_t *this)
{
- return (this->certreq_data);
+ keyid_enumerator_t *enumerator = malloc_thing(keyid_enumerator_t);
+ enumerator->public.enumerate = (void*)keyid_enumerate;
+ enumerator->public.destroy = (void*)free;
+ enumerator->full = this->data;
+ enumerator->pos = NULL;
+ return &enumerator->public;
}
/**
- * Implementation of certreq_payload_t.get_data_clone.
+ * Implementation of certreq_payload_t.get_cert_type.
*/
-static chunk_t get_data_clone (private_certreq_payload_t *this)
+static certificate_type_t get_cert_type(private_certreq_payload_t *this)
{
- chunk_t cloned_data;
- if (this->certreq_data.ptr == NULL)
+ switch (this->encoding)
{
- return (this->certreq_data);
+ case ENC_X509_SIGNATURE:
+ return CERT_X509;
+ default:
+ return CERT_ANY;
}
- cloned_data.ptr = clalloc(this->certreq_data.ptr,this->certreq_data.len);
- cloned_data.len = this->certreq_data.len;
- return cloned_data;
}
/**
@@ -223,11 +241,7 @@ static chunk_t get_data_clone (private_certreq_payload_t *this)
*/
static void destroy(private_certreq_payload_t *this)
{
- if (this->certreq_data.ptr != NULL)
- {
- chunk_free(&(this->certreq_data));
- }
-
+ chunk_free(&this->data);
free(this);
}
@@ -249,87 +263,38 @@ certreq_payload_t *certreq_payload_create()
/* public functions */
this->public.destroy = (void (*) (certreq_payload_t*)) destroy;
- this->public.set_cert_encoding = (void (*) (certreq_payload_t*,cert_encoding_t))set_cert_encoding;
- this->public.get_cert_encoding = (cert_encoding_t (*) (certreq_payload_t*))get_cert_encoding;
- this->public.set_data = (void (*) (certreq_payload_t*,chunk_t))set_data;
- this->public.get_data_clone = (chunk_t (*) (certreq_payload_t*))get_data_clone;
- this->public.get_data = (chunk_t (*) (certreq_payload_t*))get_data;
+ this->public.create_keyid_enumerator = (enumerator_t*(*)(certreq_payload_t*))create_keyid_enumerator;
+ this->public.get_cert_type = (certificate_type_t(*)(certreq_payload_t*))get_cert_type;
+ this->public.add_keyid = (void(*)(certreq_payload_t*, chunk_t keyid))add_keyid;
/* private variables */
this->critical = FALSE;
this->next_payload = NO_PAYLOAD;
- this->payload_length =CERTREQ_PAYLOAD_HEADER_LENGTH;
- this->certreq_data = chunk_empty;
+ this->payload_length = CERTREQ_PAYLOAD_HEADER_LENGTH;
+ this->data = chunk_empty;
+ this->encoding = 0;
- return (&(this->public));
+ return &this->public;
}
/*
* Described in header
*/
-certreq_payload_t *certreq_payload_create_from_cacert(identification_t *id)
+certreq_payload_t *certreq_payload_create_type(certificate_type_t type)
{
- x509_t *cacert;
- rsa_public_key_t *pubkey;
- chunk_t keyid;
- certreq_payload_t *this;
+ private_certreq_payload_t *this = (private_certreq_payload_t*)certreq_payload_create();
- cacert = charon->credentials->get_auth_certificate(charon->credentials, AUTH_CA, id);
- if (cacert == NULL)
+ switch (type)
{
- /* no such CA cert */
- return NULL;
+ case CERT_X509:
+ this->encoding = ENC_X509_SIGNATURE;
+ break;
+ default:
+ DBG1(DBG_ENC, "certificate type %N not supported in requests",
+ certificate_type_names, type);
+ free(this);
+ return NULL;
}
-
- this = certreq_payload_create();
- pubkey = cacert->get_public_key(cacert);
- keyid = pubkey->get_keyid(pubkey);
-
- DBG2(DBG_IKE, "requesting certificate issued by '%D'", id);
- DBG2(DBG_IKE, " with keyid %#B", &keyid);
-
- this->set_cert_encoding(this, CERT_X509_SIGNATURE);
- this->set_data(this, keyid);
- return this;
+ return &this->public;
}
-/*
- * Described in header
- */
-certreq_payload_t *certreq_payload_create_from_cacerts(void)
-{
- certreq_payload_t *this;
- chunk_t keyids;
- u_char *pos;
- ca_info_t *cainfo;
-
- iterator_t *iterator = charon->credentials->create_cainfo_iterator(charon->credentials);
- int count = iterator->get_count(iterator);
-
- if (count == 0)
- {
- iterator->destroy(iterator);
- return NULL;
- }
-
- this = certreq_payload_create();
- keyids = chunk_alloc(count * HASH_SIZE_SHA1);
- pos = keyids.ptr;
-
- while (iterator->iterate(iterator, (void**)&cainfo))
- {
- x509_t *cacert = cainfo->get_certificate(cainfo);
- chunk_t keyid = cacert->get_keyid(cacert);
-
- DBG2(DBG_IKE, "requesting certificate issued by '%D'", cacert->get_subject(cacert));
- DBG2(DBG_IKE, " with keyid %#B", &keyid);
- memcpy(pos, keyid.ptr, keyid.len);
- pos += HASH_SIZE_SHA1;
- }
- iterator->destroy(iterator);
-
- this->set_cert_encoding(this, CERT_X509_SIGNATURE);
- this->set_data(this, keyids);
- free(keyids.ptr);
- return this;
-}
diff --git a/src/charon/encoding/payloads/certreq_payload.h b/src/charon/encoding/payloads/certreq_payload.h
index 2985fdae1..b835d7ad6 100644
--- a/src/charon/encoding/payloads/certreq_payload.h
+++ b/src/charon/encoding/payloads/certreq_payload.h
@@ -1,10 +1,3 @@
-/**
- * @file certreq_payload.h
- *
- * @brief Interface of certreq_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: certreq_payload.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup certreq_payload certreq_payload
+ * @{ @ingroup payloads
*/
#ifndef CERTREQ_PAYLOAD_H_
@@ -32,26 +32,13 @@ typedef struct certreq_payload_t certreq_payload_t;
/**
* Length of a CERTREQ payload without the CERTREQ data in bytes.
- *
- * @ingroup payloads
*/
#define CERTREQ_PAYLOAD_HEADER_LENGTH 5
-
/**
- * @brief Class representing an IKEv2 CERTREQ payload.
+ * Class representing an IKEv2 CERTREQ payload.
*
* The CERTREQ payload format is described in RFC section 3.7.
- * This is just a dummy implementation to fullfill the standards
- * requirements. A full implementation would offer setters/getters
- * for the different encoding types.
- *
- * @b Constructors:
- * - certreq_payload_create()
- *
- * @todo Implement payload functionality.
- *
- * @ingroup payloads
*/
struct certreq_payload_t {
/**
@@ -60,85 +47,46 @@ struct certreq_payload_t {
payload_t payload_interface;
/**
- * @brief Set the CERT encoding.
- *
- * @param this calling certreq_payload_t object
- * @param encoding CERT encoding
- */
- void (*set_cert_encoding) (certreq_payload_t *this, cert_encoding_t encoding);
-
- /**
- * @brief Get the CERT encoding.
- *
- * @param this calling certreq_payload_t object
- * @return Encoding of the CERT
- */
- cert_encoding_t (*get_cert_encoding) (certreq_payload_t *this);
-
- /**
- * @brief Set the CERTREQ data.
- *
- * Data are getting cloned.
+ * Create an enumerator over contained keyids.
*
- * @param this calling certreq_payload_t object
- * @param data CERTREQ data as chunk_t
+ * @return enumerator over chunk_t's.
*/
- void (*set_data) (certreq_payload_t *this, chunk_t data);
+ enumerator_t* (*create_keyid_enumerator)(certreq_payload_t *this);
/**
- * @brief Get the CERTREQ data.
- *
- * Returned data are a copy of the internal one.
+ * Get the type of contained certificate keyids.
*
- * @param this calling certreq_payload_t object
- * @return CERTREQ data as chunk_t
+ * @return certificate keyid type
*/
- chunk_t (*get_data_clone) (certreq_payload_t *this);
+ certificate_type_t (*get_cert_type)(certreq_payload_t *this);
/**
- * @brief Get the CERTREQ data.
- *
- * Returned data are NOT copied.
+ * Add a certificates keyid to the payload.
*
- * @param this calling certreq_payload_t object
- * @return CERTREQ data as chunk_t
+ * @param keyid keyid of the trusted certifcate
+ * @return
*/
- chunk_t (*get_data) (certreq_payload_t *this);
+ void (*add_keyid)(certreq_payload_t *this, chunk_t keyid);
/**
- * @brief Destroys an certreq_payload_t object.
- *
- * @param this certreq_payload_t object to destroy
+ * Destroys an certreq_payload_t object.
*/
void (*destroy) (certreq_payload_t *this);
};
/**
- * @brief Creates an empty certreq_payload_t object.
+ * Creates an empty certreq_payload_t object.
*
- * @return certreq_payload_t object
- *
- * @ingroup payloads
+ * @return certreq payload
*/
certreq_payload_t *certreq_payload_create(void);
/**
- * @brief Creates a certreq_payload_t object from a ca certificate
- *
- * @param id subject distinguished name of CA certificate
- * @return certreq_payload_t object
- *
- * @ingroup payloads
- */
-certreq_payload_t *certreq_payload_create_from_cacert(identification_t *id);
-
-/**
- * @brief Creates a certreq_payload_t object from all ca certificates
- *
- * @return certreq_payload_t object
+ * Creates an empty certreq_payload_t for a kind of certificates.
*
- * @ingroup payloads
+ * @param type type of the added keyids
+ * @return certreq payload
*/
-certreq_payload_t *certreq_payload_create_from_cacerts(void);
+certreq_payload_t *certreq_payload_create_type(certificate_type_t type);
-#endif /* CERTREQ_PAYLOAD_H_ */
+#endif /* CERTREQ_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/configuration_attribute.c b/src/charon/encoding/payloads/configuration_attribute.c
index afd08c6be..6b1cbffb4 100644
--- a/src/charon/encoding/payloads/configuration_attribute.c
+++ b/src/charon/encoding/payloads/configuration_attribute.c
@@ -1,10 +1,3 @@
-/**
- * @file configuration_attribute.c
- *
- * @brief Implementation of configuration_attribute_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: configuration_attribute.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stddef.h>
diff --git a/src/charon/encoding/payloads/configuration_attribute.h b/src/charon/encoding/payloads/configuration_attribute.h
index 5c4f65b14..ade837107 100644
--- a/src/charon/encoding/payloads/configuration_attribute.h
+++ b/src/charon/encoding/payloads/configuration_attribute.h
@@ -1,10 +1,3 @@
-/**
- * @file configuration_attribute.h
- *
- * @brief Interface of configuration_attribute_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: configuration_attribute.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup configuration_attribute configuration_attribute
+ * @{ @ingroup payloads
*/
#ifndef CONFIGURATION_ATTRIBUTE_H_
@@ -33,15 +33,11 @@ typedef struct configuration_attribute_t configuration_attribute_t;
/**
* Configuration attribute header length in bytes.
- *
- * @ingroup payloads
*/
#define CONFIGURATION_ATTRIBUTE_HEADER_LENGTH 4
/**
* Type of the attribute, as in IKEv2 RFC 3.15.1.
- *
- * @ingroup payloads
*/
enum configuration_attribute_type_t {
INTERNAL_IP4_ADDRESS = 1,
@@ -62,20 +58,13 @@ enum configuration_attribute_type_t {
/**
* enum names for configuration_attribute_type_t.
- *
- * @ingroup payloads
*/
extern enum_name_t *configuration_attribute_type_names;
/**
- * @brief Class representing an IKEv2-CONFIGURATION Attribute.
+ * Class representing an IKEv2-CONFIGURATION Attribute.
*
* The CONFIGURATION ATTRIBUTE format is described in RFC section 3.15.1.
- *
- * @b Constructors:
- * - configuration_attribute_create()
- *
- * @ingroup payloads
*/
struct configuration_attribute_t {
/**
@@ -84,64 +73,55 @@ struct configuration_attribute_t {
payload_t payload_interface;
/**
- * @brief Returns the currently set value of the attribute.
+ * Returns the currently set value of the attribute.
*
* @warning Returned data are not copied.
*
- * @param this calling configuration_attribute_t object
* @return chunk_t pointing to the value
*/
chunk_t (*get_value) (configuration_attribute_t *this);
/**
- * @brief Sets the value of the attribute.
+ * Sets the value of the attribute.
*
- * @warning Value is getting copied.
+ * Value is getting copied.
*
- * @param this calling configuration_attribute_t object
* @param value chunk_t pointing to the value to set
*/
void (*set_value) (configuration_attribute_t *this, chunk_t value);
/**
- * @brief Sets the type of the attribute.
+ * Sets the type of the attribute.
*
- * @param this calling configuration_attribute_t object
* @param type type to set (most significant bit is set to zero)
*/
void (*set_type) (configuration_attribute_t *this, u_int16_t type);
/**
- * @brief get the type of the attribute.
+ * get the type of the attribute.
*
- * @param this calling configuration_attribute_t object
* @return type of the value
*/
u_int16_t (*get_type) (configuration_attribute_t *this);
/**
- * @brief get the length of an attribute.
+ * get the length of an attribute.
*
- * @param this calling configuration_attribute_t object
* @return type of the value
*/
u_int16_t (*get_length) (configuration_attribute_t *this);
/**
- * @brief Destroys an configuration_attribute_t object.
- *
- * @param this configuration_attribute_t object to destroy
+ * Destroys an configuration_attribute_t object.
*/
void (*destroy) (configuration_attribute_t *this);
};
/**
- * @brief Creates an empty configuration_attribute_t object.
+ * Creates an empty configuration_attribute_t object.
*
* @return created configuration_attribute_t object
- *
- * @ingroup payloads
*/
configuration_attribute_t *configuration_attribute_create(void);
-#endif /* CONFIGURATION_ATTRIBUTE_H_*/
+#endif /* CONFIGURATION_ATTRIBUTE_H_ @} */
diff --git a/src/charon/encoding/payloads/cp_payload.c b/src/charon/encoding/payloads/cp_payload.c
index 380ed9681..d39dc2a47 100644
--- a/src/charon/encoding/payloads/cp_payload.c
+++ b/src/charon/encoding/payloads/cp_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file cp_payload.c
- *
- * @brief Implementation of cp_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: cp_payload.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stddef.h>
diff --git a/src/charon/encoding/payloads/cp_payload.h b/src/charon/encoding/payloads/cp_payload.h
index 27ff41005..0ca75e71d 100644
--- a/src/charon/encoding/payloads/cp_payload.h
+++ b/src/charon/encoding/payloads/cp_payload.h
@@ -1,10 +1,3 @@
-/**
- * @file cp_payload.h
- *
- * @brief Interface of cp_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: cp_payload.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup cp_payload cp_payload
+ * @{ @ingroup payloads
*/
#ifndef CP_PAYLOAD_H_
@@ -34,15 +34,11 @@ typedef struct cp_payload_t cp_payload_t;
/**
* CP_PAYLOAD length in bytes without any proposal substructure.
- *
- * @ingroup payloads
*/
#define CP_PAYLOAD_HEADER_LENGTH 8
/**
* Config Type of an Configuration Payload.
- *
- * @ingroup payloads
*/
enum config_type_t {
CFG_REQUEST = 1,
@@ -53,20 +49,13 @@ enum config_type_t {
/**
* enum name for config_type_t.
- *
- * @ingroup payloads
*/
extern enum_name_t *config_type_names;
/**
- * @brief Class representing an IKEv2-CP Payload.
+ * Class representing an IKEv2-CP Payload.
*
* The CP Payload format is described in RFC section 3.15.
- *
- * @b Constructors:
- * - cp_payload_create()
- *
- * @ingroup payloads
*/
struct cp_payload_t {
/**
@@ -75,58 +64,50 @@ struct cp_payload_t {
payload_t payload_interface;
/**
- * @brief Creates an iterator of stored configuration_attribute_t objects.
+ * Creates an iterator of stored configuration_attribute_t objects.
*
* When deleting an attribute using this iterator, the length of this
* configuration_attribute_t has to be refreshed by calling get_length()!
*
- * @param this calling cp_payload_t object
* @return created iterator_t object
*/
iterator_t *(*create_attribute_iterator) (cp_payload_t *this);
/**
- * @brief Adds a configuration_attribute_t object to this object.
+ * Adds a configuration_attribute_t object to this object.
*
* The added configuration_attribute_t object is getting destroyed in
* destroy function of cp_payload_t.
*
- * @param this calling cp_payload_t object
* @param attribute configuration_attribute_t object to add
*/
void (*add_configuration_attribute) (cp_payload_t *this, configuration_attribute_t *attribute);
/**
- * @brief Set the config type.
+ * Set the config type.
*
- * @param this calling cp_payload_t object
* @param config_type config_type_t to set
*/
void (*set_config_type) (cp_payload_t *this,config_type_t config_type);
/**
- * @brief Get the config type.
+ * Get the config type.
*
- * @param this calling cp_payload_t object
* @return config_type_t
*/
config_type_t (*get_config_type) (cp_payload_t *this);
/**
- * @brief Destroys an cp_payload_t object.
- *
- * @param this cp_payload_t object to destroy
+ * Destroys an cp_payload_t object.
*/
void (*destroy) (cp_payload_t *this);
};
/**
- * @brief Creates an empty cp_payload_t object
+ * Creates an empty cp_payload_t object
*
* @return cp_payload_t object
- *
- * @ingroup payloads
*/
cp_payload_t *cp_payload_create(void);
-#endif /*CP_PAYLOAD_H_*/
+#endif /*CP_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/delete_payload.c b/src/charon/encoding/payloads/delete_payload.c
index 1d42a3af2..01ee7f027 100644
--- a/src/charon/encoding/payloads/delete_payload.c
+++ b/src/charon/encoding/payloads/delete_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file delete_payload.c
- *
- * @brief Implementation of delete_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: delete_payload.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stddef.h>
diff --git a/src/charon/encoding/payloads/delete_payload.h b/src/charon/encoding/payloads/delete_payload.h
index 508f7fba2..2c1a596b9 100644
--- a/src/charon/encoding/payloads/delete_payload.h
+++ b/src/charon/encoding/payloads/delete_payload.h
@@ -1,10 +1,3 @@
-/**
- * @file delete_payload.h
- *
- * @brief Interface of delete_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: delete_payload.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup delete_payload delete_payload
+ * @{ @ingroup payloads
*/
#ifndef DELETE_PAYLOAD_H_
@@ -32,22 +32,13 @@ typedef struct delete_payload_t delete_payload_t;
/**
* Length of a delete payload without the SPI in bytes.
- *
- * @ingroup payloads
*/
#define DELETE_PAYLOAD_HEADER_LENGTH 8
/**
- * @brief Class representing an IKEv2 DELETE payload.
+ * Class representing an IKEv2 DELETE payload.
*
* The DELETE payload format is described in RFC section 3.11.
- *
- * @b Constructors:
- * - delete_payload_create()
- *
- * @todo Implement better setter/getters
- *
- * @ingroup payloads
*/
struct delete_payload_t {
/**
@@ -56,47 +47,40 @@ struct delete_payload_t {
payload_t payload_interface;
/**
- * @brief Get the protocol ID.
+ * Get the protocol ID.
*
- * @param this calling delete_payload_t object
* @return protocol ID
*/
protocol_id_t (*get_protocol_id) (delete_payload_t *this);
/**
- * @brief Add an SPI to the list of deleted SAs.
+ * Add an SPI to the list of deleted SAs.
*
- * @param this calling delete_payload_t object
* @param spi spi to add
*/
void (*add_spi) (delete_payload_t *this, u_int32_t spi);
/**
- * @brief Get an iterator over the SPIs.
+ * Get an iterator over the SPIs.
*
* The iterate() function returns a pointer to a u_int32_t SPI.
*
- * @param this calling delete_payload_t object
* @return iterator over SPIs
*/
iterator_t *(*create_spi_iterator) (delete_payload_t *this);
/**
- * @brief Destroys an delete_payload_t object.
- *
- * @param this delete_payload_t object to destroy
+ * Destroys an delete_payload_t object.
*/
void (*destroy) (delete_payload_t *this);
};
/**
- * @brief Creates an empty delete_payload_t object.
+ * Creates an empty delete_payload_t object.
*
* @param protocol_id protocol, such as AH|ESP
* @return delete_payload_t object
- *
- * @ingroup payloads
*/
delete_payload_t *delete_payload_create(protocol_id_t protocol_id);
-#endif /* DELETE_PAYLOAD_H_ */
+#endif /* DELETE_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/eap_payload.c b/src/charon/encoding/payloads/eap_payload.c
index da2498c5e..d9a6fe6dd 100644
--- a/src/charon/encoding/payloads/eap_payload.c
+++ b/src/charon/encoding/payloads/eap_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file eap_payload.c
- *
- * @brief Implementation of eap_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: eap_payload.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stddef.h>
diff --git a/src/charon/encoding/payloads/eap_payload.h b/src/charon/encoding/payloads/eap_payload.h
index e4f8663c2..23558053d 100644
--- a/src/charon/encoding/payloads/eap_payload.h
+++ b/src/charon/encoding/payloads/eap_payload.h
@@ -1,10 +1,3 @@
-/**
- * @file eap_payload.h
- *
- * @brief Interface of eap_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: eap_payload.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup eap_payload eap_payload
+ * @{ @ingroup payloads
*/
#ifndef EAP_PAYLOAD_H_
@@ -32,20 +32,13 @@ typedef struct eap_payload_t eap_payload_t;
/**
* Length of a EAP payload without the EAP Message in bytes.
- *
- * @ingroup payloads
*/
#define EAP_PAYLOAD_HEADER_LENGTH 4
/**
- * @brief Class representing an IKEv2 EAP payload.
+ * Class representing an IKEv2 EAP payload.
*
* The EAP payload format is described in RFC section 3.16.
- *
- * @b Constructors:
- * - eap_payload_create()
- *
- * @ingroup payloads
*/
struct eap_payload_t {
@@ -55,79 +48,68 @@ struct eap_payload_t {
payload_t payload_interface;
/**
- * @brief Set the contained EAP data.
+ * Set the contained EAP data.
*
* This contains the FULL EAP message starting with "code".
* Chunk gets cloned.
*
- * @param this calling eap_payload_t object
* @param message EAP data
*/
void (*set_data) (eap_payload_t *this, chunk_t data);
/**
- * @brief Get the contained EAP data.
+ * Get the contained EAP data.
*
* This contains the FULL EAP message starting with "code".
*
- * @param this calling eap_payload_t object
* @return EAP data (pointer to internal data)
*/
chunk_t (*get_data) (eap_payload_t *this);
/**
- * @brief Get the EAP code.
+ * Get the EAP code.
*
- * @param this calling eap_payload_t object
* @return EAP message as chunk_t
*/
eap_code_t (*get_code) (eap_payload_t *this);
/**
- * @brief Get the EAP identifier.
+ * Get the EAP identifier.
*
- * @param this calling eap_payload_t object
* @return unique identifier
*/
u_int8_t (*get_identifier) (eap_payload_t *this);
/**
- * @brief Get the EAP method type.
+ * Get the EAP method type.
*
- * @param this calling eap_payload_t object
* @param vendor pointer receiving vendor identifier
* @return EAP method type, vendor specific if vendor != 0
*/
eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor);
/**
- * @brief Destroys an eap_payload_t object.
- *
- * @param this eap_payload_t object to destroy
+ * Destroys an eap_payload_t object.
*/
void (*destroy) (eap_payload_t *this);
};
/**
- * @brief Creates an empty eap_payload_t object.
+ * Creates an empty eap_payload_t object.
*
* @return eap_payload_t object
- *
- * @ingroup payloads
*/
eap_payload_t *eap_payload_create(void);
/**
- * @brief Creates an eap_payload_t object with data.
+ * Creates an eap_payload_t object with data.
*
* @return eap_payload_t object
- *
- * @ingroup payloads
*/
eap_payload_t *eap_payload_create_data(chunk_t data);
/**
- * @brief Creates an eap_payload_t object with a code.
+ * Creates an eap_payload_t object with a code.
*
* Could should be either EAP_SUCCESS/EAP_FAILURE, use
* constructor above otherwise.
@@ -135,19 +117,15 @@ eap_payload_t *eap_payload_create_data(chunk_t data);
* @param code EAP status code
* @param identifier EAP identifier to use in payload
* @return eap_payload_t object
- *
- * @ingroup payloads
*/
eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier);
/**
- * @brief Creates an eap_payload_t EAP_RESPONSE containing an EAP_NAK.
+ * Creates an eap_payload_t EAP_RESPONSE containing an EAP_NAK.
*
* @param identifier EAP identifier to use in payload
* @return eap_payload_t object
- *
- * @ingroup payloads
*/
eap_payload_t *eap_payload_create_nak(u_int8_t identifier);
-#endif /* EAP_PAYLOAD_H_ */
+#endif /* EAP_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/encodings.c b/src/charon/encoding/payloads/encodings.c
index 55a7cf132..66c1fd999 100644
--- a/src/charon/encoding/payloads/encodings.c
+++ b/src/charon/encoding/payloads/encodings.c
@@ -1,10 +1,3 @@
-/**
- * @file encodings.c
- *
- * @brief String mappings of encoding_type_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: encodings.c 3589 2008-03-13 14:14:44Z martin $
*/
diff --git a/src/charon/encoding/payloads/encodings.h b/src/charon/encoding/payloads/encodings.h
index 5e07fbfab..73c5f9c36 100644
--- a/src/charon/encoding/payloads/encodings.h
+++ b/src/charon/encoding/payloads/encodings.h
@@ -1,10 +1,3 @@
-/**
- * @file encodings.h
- *
- * @brief Definition of encoding_type_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: encodings.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup encodings encodings
+ * @{ @ingroup payloads
*/
#ifndef ENCODINGS_H_
@@ -30,7 +30,7 @@ typedef struct encoding_rule_t encoding_rule_t;
#include <library.h>
/**
- * @brief All different kinds of encoding types.
+ * All different kinds of encoding types.
*
* Each field of an IKEv2-Message (in header or payload)
* which has to be parsed or generated differently has its own
@@ -40,8 +40,6 @@ typedef struct encoding_rule_t encoding_rule_t;
* from PRIVATE USE space. Also the substructures
* of specific payload types get their own payload_id
* from PRIVATE_USE space. See IKEv2-Draft for more informations.
- *
- * @ingroup payloads
*/
enum encoding_type_t {
@@ -114,7 +112,7 @@ enum encoding_type_t {
U_INT_64,
/**
- * @brief represents a RESERVED_BIT used in FLAG-Bytes.
+ * represents a RESERVED_BIT used in FLAG-Bytes.
*
* When generating, the next bit is set to zero and the current write
* position is moved one bit forward.
@@ -128,7 +126,7 @@ enum encoding_type_t {
RESERVED_BIT,
/**
- * @brief represents a RESERVED_BYTE.
+ * represents a RESERVED_BYTE.
*
* When generating, the next byte is set to zero and the current write
* position is moved one byte forward.
@@ -499,21 +497,16 @@ enum encoding_type_t {
/**
* enum name for encoding_type_t
- *
- * @ingroup payloads
*/
extern enum_name_t *encoding_type_names;
/**
+ * Rule how to en-/decode a payload field.
+ *
* An encoding rule is a mapping of a specific encoding type to
* a location in the data struct where the current field is stored to
* or read from.
- *
- * For examples see files in this directory.
- *
* This rules are used by parser and generator.
- *
- * @ingroup payloads
*/
struct encoding_rule_t {
@@ -534,4 +527,4 @@ struct encoding_rule_t {
u_int32_t offset;
};
-#endif /*ENCODINGS_H_*/
+#endif /*ENCODINGS_H_ @} */
diff --git a/src/charon/encoding/payloads/encryption_payload.c b/src/charon/encoding/payloads/encryption_payload.c
index 23b6e8d9f..7237c69c5 100644
--- a/src/charon/encoding/payloads/encryption_payload.c
+++ b/src/charon/encoding/payloads/encryption_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file encryption_payload.c
- *
- * @brief Implementation of encryption_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: encryption_payload.c 3862 2008-04-22 07:14:24Z martin $
*/
#include <stddef.h>
@@ -32,7 +27,6 @@
#include <encoding/generator.h>
#include <encoding/parser.h>
#include <utils/iterator.h>
-#include <utils/randomizer.h>
#include <crypto/signers/signer.h>
@@ -327,8 +321,7 @@ static void generate(private_encryption_payload_t *this)
static status_t encrypt(private_encryption_payload_t *this)
{
chunk_t iv, padding, to_crypt, result;
- randomizer_t *randomizer;
- status_t status;
+ rng_t *rng;
size_t block_size;
if (this->signer == NULL || this->crypter == NULL)
@@ -338,8 +331,12 @@ static status_t encrypt(private_encryption_payload_t *this)
}
/* for random data in iv and padding */
- randomizer = randomizer_create();
-
+ rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK);
+ if (!rng)
+ {
+ DBG1(DBG_ENC, "could not encrypt, no RNG found");
+ return FAILED;
+ }
/* build payload chunk */
generate(this);
@@ -349,12 +346,7 @@ static status_t encrypt(private_encryption_payload_t *this)
/* build padding */
block_size = this->crypter->get_block_size(this->crypter);
padding.len = block_size - ((this->decrypted.len + 1) % block_size);
- status = randomizer->allocate_pseudo_random_bytes(randomizer, padding.len, &padding);
- if (status != SUCCESS)
- {
- randomizer->destroy(randomizer);
- return status;
- }
+ rng->allocate_bytes(rng, padding.len, &padding);
/* concatenate payload data, padding, padding len */
to_crypt.len = this->decrypted.len + padding.len + 1;
@@ -366,28 +358,17 @@ static status_t encrypt(private_encryption_payload_t *this)
/* build iv */
iv.len = block_size;
- status = randomizer->allocate_pseudo_random_bytes(randomizer, iv.len, &iv);
- randomizer->destroy(randomizer);
- if (status != SUCCESS)
- {
- chunk_free(&to_crypt);
- chunk_free(&padding);
- return status;
- }
+ rng->allocate_bytes(rng, iv.len, &iv);
+ rng->destroy(rng);
DBG3(DBG_ENC, "data before encryption with padding %B", &to_crypt);
/* encrypt to_crypt chunk */
free(this->encrypted.ptr);
- status = this->crypter->encrypt(this->crypter, to_crypt, iv, &result);
+ this->crypter->encrypt(this->crypter, to_crypt, iv, &result);
free(padding.ptr);
free(to_crypt.ptr);
- if (status != SUCCESS)
- {
- DBG2(DBG_ENC, "encryption failed");
- free(iv.ptr);
- return status;
- }
+
DBG3(DBG_ENC, "data after encryption %B", &result);
/* build encrypted result with iv and signature */
@@ -459,7 +440,6 @@ static status_t decrypt(private_encryption_payload_t *this)
{
chunk_t iv, concatenated;
u_int8_t padding_length;
- status_t status;
DBG2(DBG_ENC, "decrypting encryption payload");
DBG3(DBG_ENC, "data before decryption with IV and (invalid) signature %B",
@@ -478,12 +458,11 @@ static status_t decrypt(private_encryption_payload_t *this)
/* point concatenated to data + padding + padding_length*/
concatenated.ptr = this->encrypted.ptr + iv.len;
- concatenated.len = this->encrypted.len - iv.len - this->signer->get_block_size(this->signer);
+ concatenated.len = this->encrypted.len - iv.len -
+ this->signer->get_block_size(this->signer);
- /* check the size of input:
- * concatenated must be at least on block_size of crypter
- */
- if (concatenated.len < iv.len)
+ /* concatenated must be a multiple of block_size of crypter */
+ if (concatenated.len < iv.len || concatenated.len % iv.len)
{
DBG1(DBG_ENC, "could not decrypt, invalid input");
return FAILED;
@@ -494,18 +473,14 @@ static status_t decrypt(private_encryption_payload_t *this)
DBG3(DBG_ENC, "data before decryption %B", &concatenated);
- status = this->crypter->decrypt(this->crypter, concatenated, iv, &(this->decrypted));
- if (status != SUCCESS)
- {
- DBG1(DBG_ENC, "could not decrypt, decryption failed");
- return FAILED;
- }
+ this->crypter->decrypt(this->crypter, concatenated, iv, &this->decrypted);
+
DBG3(DBG_ENC, "data after decryption with padding %B", &this->decrypted);
-
/* get padding length, sits just bevore signature */
padding_length = *(this->decrypted.ptr + this->decrypted.len - 1);
- /* add one byte to the padding length, since the padding_length field is not included */
+ /* add one byte to the padding length, since the padding_length field is
+ * not included */
padding_length++;
this->decrypted.len -= padding_length;
diff --git a/src/charon/encoding/payloads/encryption_payload.h b/src/charon/encoding/payloads/encryption_payload.h
index 7cf53619f..e20ff6acc 100644
--- a/src/charon/encoding/payloads/encryption_payload.h
+++ b/src/charon/encoding/payloads/encryption_payload.h
@@ -1,9 +1,3 @@
-/**
- * @file encryption_payload.h
- *
- * @brief Interface of encryption_payload_t.
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -18,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: encryption_payload.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup encryption_payload encryption_payload
+ * @{ @ingroup payloads
*/
#ifndef ENCRYPTION_PAYLOAD_H_
@@ -33,14 +34,12 @@ typedef struct encryption_payload_t encryption_payload_t;
/**
* Encrpytion payload length in bytes without IV and following data.
- *
- * @ingroup payloads
*/
#define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4
/**
- * @brief The encryption payload as described in RFC section 3.14.
+ * The encryption payload as described in RFC section 3.14.
*
* Before any crypt/decrypt/sign/verify operation can occur,
* the transforms must be set. After that, a parsed encryption payload
@@ -51,11 +50,6 @@ typedef struct encryption_payload_t encryption_payload_t;
* must be builded after generation of all payloads and the encryption
* of the encryption payload.
* Signature verificatin is done before decryption.
- *
- * @b Constructors:
- * - encryption_payload_create()
- *
- * @ingroup payloads
*/
struct encryption_payload_t {
/**
@@ -64,29 +58,26 @@ struct encryption_payload_t {
payload_t payload_interface;
/**
- * @brief Creates an iterator for all contained payloads.
+ * Creates an iterator for all contained payloads.
*
- * @warning iterator_t object has to get destroyed by the caller.
+ * iterator_t object has to get destroyed by the caller.
*
- * @param this calling encryption_payload_t object
- * @param[in] forward iterator direction (TRUE: front to end)
+ * @param forward iterator direction (TRUE: front to end)
* return created iterator_t object
*/
iterator_t *(*create_payload_iterator) (encryption_payload_t *this, bool forward);
/**
- * @brief Adds a payload to this encryption payload.
+ * Adds a payload to this encryption payload.
*
- * @param this calling encryption_payload_t object
* @param payload payload_t object to add
*/
void (*add_payload) (encryption_payload_t *this, payload_t *payload);
/**
- * @brief Reove the last payload in the contained payload list.
+ * Reove the last payload in the contained payload list.
*
- * @param this calling encryption_payload_t object
- * @param[out] payload removed payload
+ * @param payload removed payload
* @return
* - SUCCESS, or
* - NOT_FOUND if list empty
@@ -94,15 +85,14 @@ struct encryption_payload_t {
status_t (*remove_first_payload) (encryption_payload_t *this, payload_t **payload);
/**
- * @brief Get the number of payloads.
+ * Get the number of payloads.
*
- * @param this calling encryption_payload_t object
* @return number of contained payloads
*/
size_t (*get_payload_count) (encryption_payload_t *this);
/**
- * @brief Set transforms to use.
+ * Set transforms to use.
*
* To decryption, encryption, signature building and verifying,
* the payload needs a crypter and a signer object.
@@ -110,34 +100,29 @@ struct encryption_payload_t {
* @warning Do NOT call this function again after encryption, since
* the signer must be the same while encrypting and signature building!
*
- * @param this calling encryption_payload_t
* @param crypter crypter_t to use for data de-/encryption
* @param signer signer_t to use for data signing/verifying
*/
void (*set_transforms) (encryption_payload_t *this, crypter_t *crypter, signer_t *signer);
/**
- * @brief Generate and encrypt contained payloads.
+ * Generate and encrypt contained payloads.
*
* This function generates the content for added payloads
* and encrypts them. Signature is not built, since we need
* additional data (the full message).
*
- * @param this calling encryption_payload_t
- * @return
- * - SUCCESS, or
- * - INVALID_STATE if transforms not set
+ * @return SUCCESS, or INVALID_STATE if transforms not set
*/
status_t (*encrypt) (encryption_payload_t *this);
/**
- * @brief Decrypt and parse contained payloads.
+ * Decrypt and parse contained payloads.
*
* This function decrypts the contained data. After,
* the payloads are parsed internally and are accessible
* via the iterator.
*
- * @param this calling encryption_payload_t
* @return
* - SUCCESS, or
* - INVALID_STATE if transforms not set, or
@@ -146,13 +131,12 @@ struct encryption_payload_t {
status_t (*decrypt) (encryption_payload_t *this);
/**
- * @brief Build the signature.
+ * Build the signature.
*
* The signature is built over the FULL message, so the header
* and every payload (inclusive this one) must already be generated.
* The generated message is supplied via the data paramater.
*
- * @param this calling encryption_payload_t
* @param data chunk contains the already generated message
* @return
* - SUCCESS, or
@@ -161,13 +145,12 @@ struct encryption_payload_t {
status_t (*build_signature) (encryption_payload_t *this, chunk_t data);
/**
- * @brief Verify the signature.
+ * Verify the signature.
*
* Since the signature is built over the full message, we need
* this data to do the verification. The message data
* is supplied via the data argument.
*
- * @param this calling encryption_payload_t
* @param data chunk contains the message
* @return
* - SUCCESS, or
@@ -177,21 +160,16 @@ struct encryption_payload_t {
status_t (*verify_signature) (encryption_payload_t *this, chunk_t data);
/**
- * @brief Destroys an encryption_payload_t object.
- *
- * @param this encryption_payload_t object to destroy
+ * Destroys an encryption_payload_t object.
*/
void (*destroy) (encryption_payload_t *this);
};
/**
- * @brief Creates an empty encryption_payload_t object.
+ * Creates an empty encryption_payload_t object.
*
* @return encryption_payload_t object
- *
- * @ingroup payloads
*/
encryption_payload_t *encryption_payload_create(void);
-
-#endif /*ENCRYPTION_PAYLOAD_H_*/
+#endif /*ENCRYPTION_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/endpoint_notify.c b/src/charon/encoding/payloads/endpoint_notify.c
index 98bfb2ea0..c9ef47afb 100644
--- a/src/charon/encoding/payloads/endpoint_notify.c
+++ b/src/charon/encoding/payloads/endpoint_notify.c
@@ -1,10 +1,3 @@
-/**
- * @file endpoint_notify.c
- *
- * @brief Implementation of endpoint_notify_t.
- *
- */
-
/*
* Copyright (C) 2007 Tobias Brunner
* Hochschule fuer Technik Rapperswil
@@ -18,6 +11,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: endpoint_notify.c 3735 2008-04-02 18:21:03Z tobias $
*/
#include "endpoint_notify.h"
@@ -46,12 +41,12 @@ struct private_endpoint_notify_t {
/**
* Family
*/
- p2p_endpoint_family_t family;
+ me_endpoint_family_t family;
/**
* Endpoint type
*/
- p2p_endpoint_type_t type;
+ me_endpoint_type_t type;
/**
* Endpoint
@@ -76,10 +71,10 @@ struct private_endpoint_notify_t {
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
-ENUM(p2p_endpoint_type_names, HOST, RELAYED,
+ENUM(me_endpoint_type_names, HOST, RELAYED,
"HOST",
- "SERVER_REFLEXIVE",
"PEER_REFLEXIVE",
+ "SERVER_REFLEXIVE",
"RELAYED"
);
@@ -120,7 +115,7 @@ static status_t parse_uint32(u_int8_t **cur, u_int8_t *top, u_int32_t *val)
}
/**
- * Parses the notification data of a P2P_ENDPOINT notify
+ * Parses the notification data of a ME_ENDPOINT notify
*/
static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t data)
{
@@ -130,29 +125,29 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t
u_int8_t *cur = data.ptr;
u_int8_t *top = data.ptr + data.len;
- DBG3(DBG_IKE, "p2p_endpoint_data %B", &data);
+ DBG3(DBG_IKE, "me_endpoint_data %B", &data);
if (parse_uint32(&cur, top, &this->priority) != SUCCESS)
{
- DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid priority");
+ DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid priority");
return FAILED;
}
if (parse_uint8(&cur, top, &family) != SUCCESS || family >= MAX_FAMILY)
{
- DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid family");
+ DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid family");
return FAILED;
}
- this->family = (p2p_endpoint_family_t)family;
+ this->family = (me_endpoint_family_t)family;
if (parse_uint8(&cur, top, &type) != SUCCESS || type >= MAX_TYPE)
{
- DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid type");
+ DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid type");
return FAILED;
}
- this->type = (p2p_endpoint_type_t)type;
+ this->type = (me_endpoint_type_t)type;
addr_family = AF_INET;
addr.len = 4;
@@ -166,13 +161,13 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t
case IPv4:
if (parse_uint16(&cur, top, &port) != SUCCESS)
{
- DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid port");
+ DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid port");
return FAILED;
}
if (cur + addr.len > top)
{
- DBG1(DBG_IKE, "failed to parse P2P_ENDPOINT: invalid IP address");
+ DBG1(DBG_IKE, "failed to parse ME_ENDPOINT: invalid IP address");
return FAILED;
}
@@ -190,7 +185,7 @@ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t
/**
- * Generates the notification data of a P2P_ENDPOINT notify
+ * Generates the notification data of a ME_ENDPOINT notify
*/
static chunk_t build_notification_data(private_endpoint_notify_t *this)
{
@@ -222,7 +217,7 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this)
/* data = prio | family | type | port | addr */
data = chunk_cat("ccccc", prio_chunk, family_chunk, type_chunk,
port_chunk, addr_chunk);
- DBG3(DBG_IKE, "p2p_endpoint_data %B", &data);
+ DBG3(DBG_IKE, "me_endpoint_data %B", &data);
return data;
}
@@ -236,7 +231,7 @@ static notify_payload_t *build_notify(private_endpoint_notify_t *this)
notify_payload_t *notify;
notify = notify_payload_create();
- notify->set_notify_type(notify, P2P_ENDPOINT);
+ notify->set_notify_type(notify, ME_ENDPOINT);
data = build_notification_data(this);
notify->set_notification_data(notify, data);
chunk_free(&data);
@@ -263,7 +258,7 @@ static void set_priority(private_endpoint_notify_t *this, u_int32_t priority)
/**
* Implementation of endpoint_notify_t.get_type.
*/
-static p2p_endpoint_type_t get_type(private_endpoint_notify_t *this)
+static me_endpoint_type_t get_type(private_endpoint_notify_t *this)
{
return this->type;
}
@@ -271,7 +266,7 @@ static p2p_endpoint_type_t get_type(private_endpoint_notify_t *this)
/**
* Implementation of endpoint_notify_t.get_family.
*/
-static p2p_endpoint_family_t get_family(private_endpoint_notify_t *this)
+static me_endpoint_family_t get_family(private_endpoint_notify_t *this)
{
return this->family;
}
@@ -321,6 +316,7 @@ static endpoint_notify_t *_clone(private_endpoint_notify_t *this)
static status_t destroy(private_endpoint_notify_t *this)
{
DESTROY_IF(this->endpoint);
+ DESTROY_IF(this->base);
free(this);
return SUCCESS;
}
@@ -335,8 +331,8 @@ endpoint_notify_t *endpoint_notify_create()
/* public functions */
this->public.get_priority = (u_int32_t (*) (endpoint_notify_t *)) get_priority;
this->public.set_priority = (void (*) (endpoint_notify_t *, u_int32_t)) set_priority;
- this->public.get_type = (p2p_endpoint_type_t (*) (endpoint_notify_t *)) get_type;
- this->public.get_family = (p2p_endpoint_family_t (*) (endpoint_notify_t *)) get_family;
+ this->public.get_type = (me_endpoint_type_t (*) (endpoint_notify_t *)) get_type;
+ this->public.get_family = (me_endpoint_family_t (*) (endpoint_notify_t *)) get_family;
this->public.get_host = (host_t *(*) (endpoint_notify_t *)) get_host;
this->public.get_base = (host_t *(*) (endpoint_notify_t *)) get_base;
this->public.build_notify = (notify_payload_t *(*) (endpoint_notify_t *)) build_notify;
@@ -356,7 +352,7 @@ endpoint_notify_t *endpoint_notify_create()
/**
* Described in header
*/
-endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, host_t *host, host_t *base)
+endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type, host_t *host, host_t *base)
{
private_endpoint_notify_t *this = (private_endpoint_notify_t*)endpoint_notify_create();
@@ -365,20 +361,21 @@ endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, ho
switch(type)
{
case HOST:
- this->priority = pow(2, 16) * P2P_PRIO_HOST;
- break;
- case SERVER_REFLEXIVE:
- this->priority = pow(2, 16) * P2P_PRIO_SERVER;
+ this->priority = pow(2, 16) * ME_PRIO_HOST;
break;
case PEER_REFLEXIVE:
- this->priority = pow(2, 16) * P2P_PRIO_PEER;
+ this->priority = pow(2, 16) * ME_PRIO_PEER;
+ break;
+ case SERVER_REFLEXIVE:
+ this->priority = pow(2, 16) * ME_PRIO_SERVER;
break;
case RELAYED:
default:
- this->priority = pow(2, 16) * P2P_PRIO_RELAY;
+ this->priority = pow(2, 16) * ME_PRIO_RELAY;
break;
}
+ /* FIXME: if there is more than one ip address we should vary this priority */
this->priority += 65535;
if (!host)
@@ -395,7 +392,7 @@ endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, ho
this->family = IPv6;
break;
default:
- /* unsupported family type, we do not set the hsot
+ /* unsupported family type, we do not set the host
* (family is set to NO_FAMILY) */
return &this->public;
}
@@ -415,7 +412,7 @@ endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, ho
*/
endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify)
{
- if (notify->get_notify_type(notify) != P2P_ENDPOINT)
+ if (notify->get_notify_type(notify) != ME_ENDPOINT)
{
return NULL;
}
diff --git a/src/charon/encoding/payloads/endpoint_notify.h b/src/charon/encoding/payloads/endpoint_notify.h
index 4a3a68f95..9a4a4d7a1 100644
--- a/src/charon/encoding/payloads/endpoint_notify.h
+++ b/src/charon/encoding/payloads/endpoint_notify.h
@@ -1,10 +1,3 @@
-/**
- * @file endpoint_notify.h
- *
- * @brief Interface of endpoint_notify_t.
- *
- */
-
/*
* Copyright (C) 2007 Tobias Brunner
* Hochschule fuer Technik Rapperswil
@@ -18,29 +11,33 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: endpoint_notify.h 3701 2008-03-31 10:56:49Z tobias $
*/
+/**
+ * @defgroup endpoint_notify endpoint_notify
+ * @{ @ingroup payloads
+ */
#ifndef ENDPOINT_NOTIFY_H_
#define ENDPOINT_NOTIFY_H_
-#define P2P_PRIO_HOST 255
-#define P2P_PRIO_SERVER 100
-#define P2P_PRIO_PEER 120
-#define P2P_PRIO_RELAY 0
+#define ME_PRIO_HOST 255
+#define ME_PRIO_PEER 128
+#define ME_PRIO_SERVER 64
+#define ME_PRIO_RELAY 0
-typedef enum p2p_endpoint_family_t p2p_endpoint_family_t;
-typedef enum p2p_endpoint_type_t p2p_endpoint_type_t;
+typedef enum me_endpoint_family_t me_endpoint_family_t;
+typedef enum me_endpoint_type_t me_endpoint_type_t;
typedef struct endpoint_notify_t endpoint_notify_t;
#include <encoding/payloads/notify_payload.h>
/**
- * @brief P2P endpoint families.
- *
- * @ingroup payloads
+ * ME endpoint families.
*/
-enum p2p_endpoint_family_t {
+enum me_endpoint_family_t {
NO_FAMILY = 0,
@@ -53,19 +50,17 @@ enum p2p_endpoint_family_t {
};
/**
- * @brief P2P endpoint types.
- *
- * @ingroup payloads
+ * ME endpoint types.
*/
-enum p2p_endpoint_type_t {
+enum me_endpoint_type_t {
NO_TYPE = 0,
HOST = 1,
- SERVER_REFLEXIVE = 2,
+ PEER_REFLEXIVE = 2,
- PEER_REFLEXIVE = 3,
+ SERVER_REFLEXIVE = 3,
RELAYED = 4,
@@ -74,129 +69,107 @@ enum p2p_endpoint_type_t {
};
/**
- * enum name for p2p_endpoint_type_t.
- *
- * @ingroup payloads
+ * enum name for me_endpoint_type_t.
*/
-extern enum_name_t *p2p_endpoint_type_names;
+extern enum_name_t *me_endpoint_type_names;
/**
- * @brief Class representing a P2P_ENDPOINT notify. In fact it's not
+ * Class representing a ME_ENDPOINT Notify payload. In fact it's not
* the notify per se, but the notification data of that notify that is
* handled with this class.
- *
- * @b Constructors:
- * - endpoint_notify_create()
- * - endpoint_notify_create_from_host()
- *
- * @ingroup payloads
*/
struct endpoint_notify_t {
/**
- * @brief Returns the priority of this endpoint.
+ * Returns the priority of this endpoint.
*
- * @param this object
* @return priority
*/
u_int32_t (*get_priority) (endpoint_notify_t *this);
/**
- * @brief Sets the priority of this endpoint.
+ * Sets the priority of this endpoint.
*
- * @param this object
* @param priority priority
*/
void (*set_priority) (endpoint_notify_t *this, u_int32_t priority);
/**
- * @brief Returns the endpoint type of this endpoint.
+ * Returns the endpoint type of this endpoint.
*
- * @param this object
* @return endpoint type
*/
- p2p_endpoint_type_t (*get_type) (endpoint_notify_t *this);
+ me_endpoint_type_t (*get_type) (endpoint_notify_t *this);
/**
- * @brief Returns the endpoint family of this endpoint.
+ * Returns the endpoint family of this endpoint.
*
- * @param this object
* @return endpoint family
*/
- p2p_endpoint_family_t (*get_family) (endpoint_notify_t *this);
+ me_endpoint_family_t (*get_family) (endpoint_notify_t *this);
/**
- * @brief Returns the host of this endpoint.
+ * Returns the host of this endpoint.
*
- * @param this object
* @return host
*/
host_t *(*get_host) (endpoint_notify_t *this);
/**
- * @brief Returns the base of this endpoint.
+ * Returns the base of this endpoint.
*
* If this is not a SERVER_REFLEXIVE endpoint, the returned host is the same
* as the one returned by get_host.
*
- * @param this object
* @return host
*/
host_t *(*get_base) (endpoint_notify_t *this);
/**
- * @brief Generates a notification payload from this endpoint.
+ * Generates a notification payload from this endpoint.
*
- * @param this object
* @return built notify_payload_t
*/
notify_payload_t *(*build_notify) (endpoint_notify_t *this);
/**
- * @brief Clones an endpoint_notify_t object.
+ * Clones an endpoint_notify_t object.
*
- * @param this endpoint_notify_t object to clone
- * @return cloned object
+ * @return cloned object
*/
endpoint_notify_t *(*clone) (endpoint_notify_t *this);
/**
- * @brief Destroys an endpoint_notify_t object.
- *
- * @param this endpoint_notify_t object to destroy
+ * Destroys an endpoint_notify_t object.
*/
void (*destroy) (endpoint_notify_t *this);
};
/**
- * @brief Creates an empty endpoint_notify_t object.
+ * Creates an empty endpoint_notify_t object.
*
* @return created endpoint_notify_t object
- *
- * @ingroup payloads
*/
endpoint_notify_t *endpoint_notify_create(void);
/**
- * @brief Creates an endpoint_notify_t object from a host.
+ * Creates an endpoint_notify_t object from a host.
*
* @param type the endpoint type
* @param host host to base the notify on (gets cloned)
* @param base base of the endpoint, applies only to reflexive endpoints (gets cloned)
* @return created endpoint_notify_t object
- *
- * @ingroup payloads
*/
-endpoint_notify_t *endpoint_notify_create_from_host(p2p_endpoint_type_t type, host_t *host, host_t *base);
+endpoint_notify_t *endpoint_notify_create_from_host(me_endpoint_type_t type,
+ host_t *host, host_t *base);
/**
- * @brief Creates an endpoint_notify_t object from a notify payload.
+ * Creates an endpoint_notify_t object from a notify payload.
*
* @param notify the notify payload
* @return - created endpoint_notify_t object
* - NULL if invalid payload
- * @ingroup payloads
*/
endpoint_notify_t *endpoint_notify_create_from_payload(notify_payload_t *notify);
-#endif /*ENDPOINT_NOTIFY_H_*/
+#endif /*ENDPOINT_NOTIFY_H_ @} */
diff --git a/src/charon/encoding/payloads/id_payload.c b/src/charon/encoding/payloads/id_payload.c
index aef8f6b7e..347ad7563 100644
--- a/src/charon/encoding/payloads/id_payload.c
+++ b/src/charon/encoding/payloads/id_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file id_payload.h
- *
- * @brief Interface of id_payload_t.
- *
- */
-
/*
* Copyright (C) 2007 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
@@ -21,6 +14,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: id_payload.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stddef.h>
diff --git a/src/charon/encoding/payloads/id_payload.h b/src/charon/encoding/payloads/id_payload.h
index 8e9322b4a..49e6c214b 100644
--- a/src/charon/encoding/payloads/id_payload.h
+++ b/src/charon/encoding/payloads/id_payload.h
@@ -1,10 +1,3 @@
-/**
- * @file id_payload.h
- *
- * @brief Interface of id_payload_t.
- *
- */
-
/*
* Copyright (C) 2007 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
@@ -20,8 +13,14 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: id_payload.h 3589 2008-03-13 14:14:44Z martin $
*/
+/**
+ * @defgroup id_payload id_payload
+ * @{ @ingroup payloads
+ */
#ifndef ID_PAYLOAD_H_
#define ID_PAYLOAD_H_
@@ -34,8 +33,6 @@ typedef struct id_payload_t id_payload_t;
/**
* Length of a id payload without the data in bytes.
- *
- * @ingroup payloads
*/
#define ID_PAYLOAD_HEADER_LENGTH 8
@@ -43,12 +40,6 @@ typedef struct id_payload_t id_payload_t;
* Object representing an IKEv2 ID payload.
*
* The ID payload format is described in RFC section 3.5.
- *
- * @b Constructors:
- * - id_payload_create_from_identification()
- * - id_payload_create()
- *
- * @ingroup payloads
*/
struct id_payload_t {
/**
@@ -57,90 +48,77 @@ struct id_payload_t {
payload_t payload_interface;
/**
- * @brief Set the ID type.
+ * Set the ID type.
*
- * @param this calling id_payload_t object
* @param type Type of ID
*/
void (*set_id_type) (id_payload_t *this, id_type_t type);
/**
- * @brief Get the ID type.
+ * Get the ID type.
*
- * @param this calling id_payload_t object
* @return type of the ID
*/
id_type_t (*get_id_type) (id_payload_t *this);
/**
- * @brief Set the ID data.
+ * Set the ID data.
*
* Data are getting cloned.
*
- * @param this calling id_payload_t object
* @param data ID data as chunk_t
*/
void (*set_data) (id_payload_t *this, chunk_t data);
/**
- * @brief Get the ID data.
+ * Get the ID data.
*
* Returned data are a copy of the internal one
*
- * @param this calling id_payload_t object
* @return ID data as chunk_t
*/
chunk_t (*get_data_clone) (id_payload_t *this);
/**
- * @brief Get the ID data.
+ * Get the ID data.
*
* Returned data are NOT copied.
*
- * @param this calling id_payload_t object
* @return ID data as chunk_t
*/
chunk_t (*get_data) (id_payload_t *this);
/**
- * @brief Creates an identification object of this id payload.
+ * Creates an identification object of this id payload.
*
* Returned object has to get destroyed by the caller.
*
- * @param this calling id_payload_t object
* @return identification_t object
*/
identification_t *(*get_identification) (id_payload_t *this);
/**
- * @brief Destroys an id_payload_t object.
- *
- * @param this id_payload_t object to destroy
+ * Destroys an id_payload_t object.
*/
void (*destroy) (id_payload_t *this);
};
/**
- * @brief Creates an empty id_payload_t object.
+ * Creates an empty id_payload_t object.
*
* @param payload_type one of ID_INITIATOR, ID_RESPONDER
* @return id_payload_t object
- *
- * @ingroup payloads
*/
id_payload_t *id_payload_create(payload_type_t payload_type);
/**
- * @brief Creates an id_payload_t from an existing identification_t object.
+ * Creates an id_payload_t from an existing identification_t object.
*
* @param payload_type one of ID_INITIATOR, ID_RESPONDER
* @param identification identification_t object
* @return id_payload_t object
- *
- * @ingroup payloads
*/
-id_payload_t *id_payload_create_from_identification(payload_type_t payload_type, identification_t *identification);
-
-
+id_payload_t *id_payload_create_from_identification(payload_type_t payload_type,
+ identification_t *identification);
-#endif /* ID_PAYLOAD_H_ */
+#endif /* ID_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/ike_header.c b/src/charon/encoding/payloads/ike_header.c
index 3a171b095..1db64f0e3 100644
--- a/src/charon/encoding/payloads/ike_header.c
+++ b/src/charon/encoding/payloads/ike_header.c
@@ -1,10 +1,3 @@
-/**
- * @file ike_header.c
- *
- * @brief Implementation of ike_header_t.
- *
- */
-
/*
* Copyright (C) 2007 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
@@ -20,6 +13,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: ike_header.c 3666 2008-03-26 18:40:19Z tobias $
*/
/* offsetof macro */
@@ -110,13 +105,13 @@ ENUM_NEXT(exchange_type_names, IKE_SA_INIT, INFORMATIONAL, EXCHANGE_TYPE_UNDEFIN
"IKE_AUTH",
"CREATE_CHILD_SA",
"INFORMATIONAL");
-#ifdef P2P
-ENUM_NEXT(exchange_type_names, P2P_CONNECT, P2P_CONNECT, INFORMATIONAL,
- "P2P_CONNECT");
-ENUM_END(exchange_type_names, P2P_CONNECT);
+#ifdef ME
+ENUM_NEXT(exchange_type_names, ME_CONNECT, ME_CONNECT, INFORMATIONAL,
+ "ME_CONNECT");
+ENUM_END(exchange_type_names, ME_CONNECT);
#else
ENUM_END(exchange_type_names, INFORMATIONAL);
-#endif /* P2P */
+#endif /* ME */
/**
* Encoding rules to parse or generate a IKEv2-Header.
@@ -181,9 +176,9 @@ static status_t verify(private_ike_header_t *this)
{
if ((this->exchange_type < IKE_SA_INIT) ||
((this->exchange_type > INFORMATIONAL)
-#ifdef P2P
- && (this->exchange_type != P2P_CONNECT)
-#endif /* P2P */
+#ifdef ME
+ && (this->exchange_type != ME_CONNECT)
+#endif /* ME */
))
{
/* unsupported exchange type */
@@ -191,11 +186,11 @@ static status_t verify(private_ike_header_t *this)
}
if (this->initiator_spi == 0
-#ifdef P2P
+#ifdef ME
/* we allow zero spi for INFORMATIONAL exchanges,
- * to allow P2P connectivity checks */
+ * to allow connectivity checks */
&& this->exchange_type != INFORMATIONAL
-#endif /* P2P */
+#endif /* ME */
)
{
/* initiator spi not set */
diff --git a/src/charon/encoding/payloads/ike_header.h b/src/charon/encoding/payloads/ike_header.h
index e80964482..5568f081b 100644
--- a/src/charon/encoding/payloads/ike_header.h
+++ b/src/charon/encoding/payloads/ike_header.h
@@ -1,10 +1,3 @@
-/**
- * @file ike_header.h
- *
- * @brief Interface of ike_header_t.
- *
- */
-
/*
* Copyright (C) 2007 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
@@ -20,6 +13,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: ike_header.h 3666 2008-03-26 18:40:19Z tobias $
+ */
+
+/**
+ * @defgroup ike_header ike_header
+ * @{ @ingroup payloads
*/
#ifndef IKE_HEADER_H_
@@ -33,38 +33,28 @@ typedef struct ike_header_t ike_header_t;
/**
* Major Version of IKEv2.
- *
- * @ingroup payloads
*/
#define IKE_MAJOR_VERSION 2
/**
* Minor Version of IKEv2.
- *
- * @ingroup payloads
*/
#define IKE_MINOR_VERSION 0
/**
* Flag in IKEv2-Header. Always 0.
- *
- * @ingroup payloads
*/
#define HIGHER_VERSION_SUPPORTED_FLAG 0
/**
* Length of IKE Header in Bytes.
- *
- * @ingroup payloads
*/
#define IKE_HEADER_LENGTH 28
/**
- * @brief Different types of IKE-Exchanges.
+ * Different types of IKE-Exchanges.
*
- * See Draft for different types.
- *
- * @ingroup payloads
+ * See RFC for different types.
*/
enum exchange_type_t{
@@ -92,33 +82,26 @@ enum exchange_type_t{
* INFORMATIONAL.
*/
INFORMATIONAL = 37,
-#ifdef P2P
+#ifdef ME
/**
- * P2P_CONNECT
+ * ME_CONNECT
*/
- P2P_CONNECT = 240
-#endif /* P2P */
+ ME_CONNECT = 240
+#endif /* ME */
};
/**
* enum name for exchange_type_t
- *
- * @ingroup payloads
*/
extern enum_name_t *exchange_type_names;
/**
- * @brief An object of this type represents an IKEv2 header and is used to
+ * An object of this type represents an IKEv2 header and is used to
* generate and parse IKEv2 headers.
*
* The header format of an IKEv2-Message is compatible to the
* ISAKMP-Header format to allow implementations supporting
* both versions of the IKE-protocol.
- *
- * @b Constructors:
- * - ike_header_create()
- *
- * @ingroup payloads
*/
struct ike_header_t {
/**
@@ -127,141 +110,121 @@ struct ike_header_t {
payload_t payload_interface;
/**
- * @brief Get the initiator spi.
+ * Get the initiator spi.
*
- * @param this ike_header_t object
* @return initiator_spi
*/
u_int64_t (*get_initiator_spi) (ike_header_t *this);
/**
- * @brief Set the initiator spi.
+ * Set the initiator spi.
*
- * @param this ike_header_t object
* @param initiator_spi initiator_spi
*/
void (*set_initiator_spi) (ike_header_t *this, u_int64_t initiator_spi);
/**
- * @brief Get the responder spi.
+ * Get the responder spi.
*
- * @param this ike_header_t object
* @return responder_spi
*/
u_int64_t (*get_responder_spi) (ike_header_t *this);
/**
- * @brief Set the responder spi.
+ * Set the responder spi.
*
- * @param this ike_header_t object
* @param responder_spi responder_spi
*/
void (*set_responder_spi) (ike_header_t *this, u_int64_t responder_spi);
/**
- * @brief Get the major version.
+ * Get the major version.
*
- * @param this ike_header_t object
* @return major version
*/
u_int8_t (*get_maj_version) (ike_header_t *this);
/**
- * @brief Get the minor version.
+ * Get the minor version.
*
- * @param this ike_header_t object
* @return minor version
*/
u_int8_t (*get_min_version) (ike_header_t *this);
/**
- * @brief Get the response flag.
+ * Get the response flag.
*
- * @param this ike_header_t object
* @return response flag
*/
bool (*get_response_flag) (ike_header_t *this);
/**
- * @brief Set the response flag-
+ * Set the response flag-
*
- * @param this ike_header_t object
* @param response response flag
*
*/
void (*set_response_flag) (ike_header_t *this, bool response);
/**
- * @brief Get "higher version supported"-flag.
+ * Get "higher version supported"-flag.
*
- * @param this ike_header_t object
* @return version flag
*/
bool (*get_version_flag) (ike_header_t *this);
/**
- * @brief Get the initiator flag.
+ * Get the initiator flag.
*
- * @param this ike_header_t object
* @return initiator flag
*/
bool (*get_initiator_flag) (ike_header_t *this);
/**
- * @brief Set the initiator flag.
+ * Set the initiator flag.
*
- * @param this ike_header_t object
* @param initiator initiator flag
- *
*/
void (*set_initiator_flag) (ike_header_t *this, bool initiator);
/**
- * @brief Get the exchange type.
+ * Get the exchange type.
*
- * @param this ike_header_t object
- * @return exchange type
+ * @return exchange type
*/
u_int8_t (*get_exchange_type) (ike_header_t *this);
/**
- * @brief Set the exchange type.
+ * Set the exchange type.
*
- * @param this ike_header_t object
* @param exchange_type exchange type
*/
void (*set_exchange_type) (ike_header_t *this, u_int8_t exchange_type);
/**
- * @brief Get the message id.
+ * Get the message id.
*
- * @param this ike_header_t object
* @return message id
*/
u_int32_t (*get_message_id) (ike_header_t *this);
/**
- * @brief Set the message id.
+ * Set the message id.
*
- * @param this ike_header_t object
* @param initiator_spi message id
*/
void (*set_message_id) (ike_header_t *this, u_int32_t message_id);
/**
- * @brief Destroys a ike_header_t object.
- *
- * @param this ike_header_t object to destroy
+ * Destroys a ike_header_t object.
*/
void (*destroy) (ike_header_t *this);
};
/**
- * @brief Create an ike_header_t object
+ * Create an ike_header_t object
*
* @return ike_header_t object
- *
- * @ingroup payloads
*/
ike_header_t *ike_header_create(void);
-#endif /*IKE_HEADER_H_*/
+#endif /*IKE_HEADER_H_ @} */
diff --git a/src/charon/encoding/payloads/ke_payload.c b/src/charon/encoding/payloads/ke_payload.c
index 8926b15f9..2f718e49c 100644
--- a/src/charon/encoding/payloads/ke_payload.c
+++ b/src/charon/encoding/payloads/ke_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file ke_payload.c
- *
- * @brief Implementation of ke_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: ke_payload.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stddef.h>
diff --git a/src/charon/encoding/payloads/ke_payload.h b/src/charon/encoding/payloads/ke_payload.h
index 52be8ffe3..222d2ec7c 100644
--- a/src/charon/encoding/payloads/ke_payload.h
+++ b/src/charon/encoding/payloads/ke_payload.h
@@ -1,10 +1,3 @@
-/**
- * @file ke_payload.h
- *
- * @brief Interface of ke_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: ke_payload.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup ke_payload ke_payload
+ * @{ @ingroup payloads
*/
#ifndef KE_PAYLOAD_H_
@@ -34,20 +34,13 @@ typedef struct ke_payload_t ke_payload_t;
/**
* KE payload length in bytes without any key exchange data.
- *
- * @ingroup payloads
*/
#define KE_PAYLOAD_HEADER_LENGTH 8
/**
- * @brief Class representing an IKEv2-KE Payload.
+ * Class representing an IKEv2-KE Payload.
*
* The KE Payload format is described in RFC section 3.4.
- *
- * @b Constructors:
- * - ke_payload_create()
- *
- * @ingroup payloads
*/
struct ke_payload_t {
/**
@@ -56,66 +49,58 @@ struct ke_payload_t {
payload_t payload_interface;
/**
- * @brief Returns the currently set key exchange data of this KE payload.
+ * Returns the currently set key exchange data of this KE payload.
*
* @warning Returned data are not copied.
*
- * @param this calling ke_payload_t object
* @return chunk_t pointing to the value
*/
chunk_t (*get_key_exchange_data) (ke_payload_t *this);
/**
- * @brief Sets the key exchange data of this KE payload.
+ * Sets the key exchange data of this KE payload.
*
- * @warning Value is getting copied.
+ * Value is getting copied.
*
- * @param this calling ke_payload_t object
- * @param key_exchange_data chunk_t pointing to the value to set
+ * @param key_exchange_data chunk_t pointing to the value to set
*/
void (*set_key_exchange_data) (ke_payload_t *this, chunk_t key_exchange_data);
/**
- * @brief Gets the Diffie-Hellman Group Number of this KE payload.
+ * Gets the Diffie-Hellman Group Number of this KE payload.
*
- * @param this calling ke_payload_t object
- * @return DH Group Number of this payload
+ * @return DH Group Number of this payload
*/
diffie_hellman_group_t (*get_dh_group_number) (ke_payload_t *this);
/**
- * @brief Sets the Diffie-Hellman Group Number of this KE payload.
+ * Sets the Diffie-Hellman Group Number of this KE payload.
*
- * @param this calling ke_payload_t object
* @param dh_group_number DH Group to set
*/
- void (*set_dh_group_number) (ke_payload_t *this, diffie_hellman_group_t dh_group_number);
+ void (*set_dh_group_number) (ke_payload_t *this,
+ diffie_hellman_group_t dh_group_number);
/**
- * @brief Destroys an ke_payload_t object.
- *
- * @param this ke_payload_t object to destroy
+ * Destroys an ke_payload_t object.
*/
void (*destroy) (ke_payload_t *this);
};
/**
- * @brief Creates an empty ke_payload_t object
+ * Creates an empty ke_payload_t object
*
* @return ke_payload_t object
- *
- * @ingroup payloads
*/
ke_payload_t *ke_payload_create(void);
/**
- * @brief Creates a ke_payload_t from a diffie_hellman_t
+ * Creates a ke_payload_t from a diffie_hellman_t
*
* @param diffie_hellman diffie hellman object containing group and key
* @return ke_payload_t object
- *
- * @ingroup payloads
*/
-ke_payload_t *ke_payload_create_from_diffie_hellman(diffie_hellman_t *diffie_hellman);
+ke_payload_t *ke_payload_create_from_diffie_hellman(
+ diffie_hellman_t *diffie_hellman);
-#endif /* KE_PAYLOAD_H_ */
+#endif /* KE_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/nonce_payload.c b/src/charon/encoding/payloads/nonce_payload.c
index 8e1fc505e..da68ce4ab 100644
--- a/src/charon/encoding/payloads/nonce_payload.c
+++ b/src/charon/encoding/payloads/nonce_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file nonce_payload.h
- *
- * @brief Implementation of nonce_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: nonce_payload.c 3589 2008-03-13 14:14:44Z martin $
*/
/* offsetof macro */
diff --git a/src/charon/encoding/payloads/nonce_payload.h b/src/charon/encoding/payloads/nonce_payload.h
index 96d83b028..f1679834e 100644
--- a/src/charon/encoding/payloads/nonce_payload.h
+++ b/src/charon/encoding/payloads/nonce_payload.h
@@ -1,10 +1,3 @@
-/**
- * @file nonce_payload.h
- *
- * @brief Interface of nonce_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: nonce_payload.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup nonce_payload nonce_payload
+ * @{ @ingroup payloads
*/
#ifndef NONCE_PAYLOAD_H_
@@ -31,17 +31,11 @@ typedef struct nonce_payload_t nonce_payload_t;
/**
* Nonce size in bytes for nonces sending to other peer.
- *
- * @warning Nonce size MUST be between 16 and 256 bytes.
- *
- * @ingroup payloads
*/
#define NONCE_SIZE 16
/**
* Length of a nonce payload without a nonce in bytes.
- *
- * @ingroup payloads
*/
#define NONCE_PAYLOAD_HEADER_LENGTH 4
@@ -49,11 +43,6 @@ typedef struct nonce_payload_t nonce_payload_t;
* Object representing an IKEv2 Nonce payload.
*
* The Nonce payload format is described in RFC section 3.3.
- *
- * @b Constructors:
- * - nonce_payload_create()
- *
- * @ingroup payloads
*/
struct nonce_payload_t {
/**
@@ -62,38 +51,30 @@ struct nonce_payload_t {
payload_t payload_interface;
/**
- * @brief Set the nonce value.
+ * Set the nonce value.
*
- * @param this calling nonce_payload_t object
* @param nonce chunk containing the nonce, will be cloned
*/
void (*set_nonce) (nonce_payload_t *this, chunk_t nonce);
/**
- * @brief Get the nonce value.
+ * Get the nonce value.
*
- * @param this calling nonce_payload_t object
* @return a chunk containing the cloned nonce
*/
chunk_t (*get_nonce) (nonce_payload_t *this);
/**
- * @brief Destroys an nonce_payload_t object.
- *
- * @param this nonce_payload_t object to destroy
+ * Destroys an nonce_payload_t object.
*/
void (*destroy) (nonce_payload_t *this);
};
/**
- * @brief Creates an empty nonce_payload_t object
+ * Creates an empty nonce_payload_t object
*
* @return nonce_payload_t object
- *
- * @ingroup payloads
*/
-
nonce_payload_t *nonce_payload_create(void);
-
-#endif /*NONCE_PAYLOAD_H_*/
+#endif /*NONCE_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/notify_payload.c b/src/charon/encoding/payloads/notify_payload.c
index d32257af6..defb0b98a 100644
--- a/src/charon/encoding/payloads/notify_payload.c
+++ b/src/charon/encoding/payloads/notify_payload.c
@@ -1,12 +1,5 @@
-/**
- * @file notify_payload.c
- *
- * @brief Implementation of notify_payload_t.
- *
- */
-
/*
- * Copyright (C) 2006-2007 Tobias Brunner
+ * Copyright (C) 2006-2008 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -21,6 +14,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: notify_payload.c 3920 2008-05-08 16:19:11Z tobias $
*/
#include <stddef.h>
@@ -57,9 +52,9 @@ ENUM_NEXT(notify_type_names, SINGLE_PAIR_REQUIRED, UNEXPECTED_NAT_DETECTED, AUTH
"INVALID_SELECTORS",
"UNACCEPTABLE_ADDRESSES",
"UNEXPECTED_NAT_DETECTED");
-ENUM_NEXT(notify_type_names, P2P_CONNECT_FAILED, P2P_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED,
- "P2P_CONNECT_FAILED");
-ENUM_NEXT(notify_type_names, INITIAL_CONTACT, AUTH_LIFETIME, P2P_CONNECT_FAILED,
+ENUM_NEXT(notify_type_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED,
+ "ME_CONNECT_FAILED");
+ENUM_NEXT(notify_type_names, INITIAL_CONTACT, AUTH_LIFETIME, ME_CONNECT_FAILED,
"INITIAL_CONTACT",
"SET_WINDOW_SIZE",
"ADDITIONAL_TS_POSSIBLE",
@@ -84,14 +79,15 @@ ENUM_NEXT(notify_type_names, EAP_ONLY_AUTHENTICATION, EAP_ONLY_AUTHENTICATION, A
"EAP_ONLY_AUTHENTICATION");
ENUM_NEXT(notify_type_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION,
"USE_BEET_MODE");
-ENUM_NEXT(notify_type_names, P2P_MEDIATION, P2P_RESPONSE, USE_BEET_MODE,
- "P2P_MEDIATION",
- "P2P_ENDPOINT",
- "P2P_CALLBACK",
- "P2P_SESSIONID",
- "P2P_SESSIONKEY",
- "P2P_RESPONSE");
-ENUM_END(notify_type_names, P2P_RESPONSE);
+ENUM_NEXT(notify_type_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE,
+ "ME_MEDIATION",
+ "ME_ENDPOINT",
+ "ME_CALLBACK",
+ "ME_CONNECTID",
+ "ME_CONNECTKEY",
+ "ME_CONNECTAUTH",
+ "ME_RESPONSE");
+ENUM_END(notify_type_names, ME_RESPONSE);
ENUM_BEGIN(notify_type_short_names, UNSUPPORTED_CRITICAL_PAYLOAD, UNSUPPORTED_CRITICAL_PAYLOAD,
@@ -120,9 +116,9 @@ ENUM_NEXT(notify_type_short_names, SINGLE_PAIR_REQUIRED, UNEXPECTED_NAT_DETECTED
"INVAL_SEL",
"UNACCEPT_ADDR",
"UNEXPECT_NAT");
-ENUM_NEXT(notify_type_short_names, P2P_CONNECT_FAILED, P2P_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED,
- "P2P_CONN_FAIL");
-ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, AUTH_LIFETIME, P2P_CONNECT_FAILED,
+ENUM_NEXT(notify_type_short_names, ME_CONNECT_FAILED, ME_CONNECT_FAILED, UNEXPECTED_NAT_DETECTED,
+ "ME_CONN_FAIL");
+ENUM_NEXT(notify_type_short_names, INITIAL_CONTACT, AUTH_LIFETIME, ME_CONNECT_FAILED,
"INIT_CONTACT",
"SET_WINSIZE",
"ADD_TS_POSS",
@@ -147,14 +143,15 @@ ENUM_NEXT(notify_type_short_names, EAP_ONLY_AUTHENTICATION, EAP_ONLY_AUTHENTICAT
"EAP_ONLY");
ENUM_NEXT(notify_type_short_names, USE_BEET_MODE, USE_BEET_MODE, EAP_ONLY_AUTHENTICATION,
"BEET_MODE");
-ENUM_NEXT(notify_type_short_names, P2P_MEDIATION, P2P_RESPONSE, USE_BEET_MODE,
- "P2P_MED",
- "P2P_EP",
- "P2P_CB",
- "P2P_SID",
- "P2P_SKEY",
- "P2P_R");
-ENUM_END(notify_type_short_names, P2P_RESPONSE);
+ENUM_NEXT(notify_type_short_names, ME_MEDIATION, ME_RESPONSE, USE_BEET_MODE,
+ "ME_MED",
+ "ME_EP",
+ "ME_CB",
+ "ME_CID",
+ "ME_CKEY",
+ "ME_CAUTH",
+ "ME_R");
+ENUM_END(notify_type_short_names, ME_RESPONSE);
typedef struct private_notify_payload_t private_notify_payload_t;
@@ -293,6 +290,7 @@ static status_t verify(private_notify_payload_t *this)
}
case NAT_DETECTION_SOURCE_IP:
case NAT_DETECTION_DESTINATION_IP:
+ case ME_CONNECTAUTH:
{
if (this->notification_data.len != HASH_SIZE_SHA1)
{
@@ -334,7 +332,36 @@ static status_t verify(private_notify_payload_t *this)
}
break;
}
- /* FIXME: check size of P2P-NAT-T payloads */
+ case IPCOMP_SUPPORTED:
+ {
+ if (this->notification_data.len != 3)
+ {
+ bad_length = TRUE;
+ }
+ break;
+ }
+ case ME_ENDPOINT:
+ if (this->notification_data.len != 8 &&
+ this->notification_data.len != 12 &&
+ this->notification_data.len != 24)
+ {
+ bad_length = TRUE;
+ }
+ break;
+ case ME_CONNECTID:
+ if (this->notification_data.len < 4 ||
+ this->notification_data.len > 16)
+ {
+ bad_length = TRUE;
+ }
+ break;
+ case ME_CONNECTKEY:
+ if (this->notification_data.len < 16 ||
+ this->notification_data.len > 32)
+ {
+ bad_length = TRUE;
+ }
+ break;
default:
/* TODO: verify */
break;
diff --git a/src/charon/encoding/payloads/notify_payload.h b/src/charon/encoding/payloads/notify_payload.h
index 03f61d473..f4a3bf27c 100644
--- a/src/charon/encoding/payloads/notify_payload.h
+++ b/src/charon/encoding/payloads/notify_payload.h
@@ -1,12 +1,5 @@
-/**
- * @file notify_payload.h
- *
- * @brief Interface of notify_payload_t.
- *
- */
-
/*
- * Copyright (C) 2006-2007 Tobias Brunner
+ * Copyright (C) 2006-2008 Tobias Brunner
* Copyright (C) 2006 Daniel Roethlisberger
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -21,8 +14,14 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: notify_payload.h 3670 2008-03-27 09:54:09Z tobias $
*/
+/**
+ * @defgroup notify_payload notify_payload
+ * @{ @ingroup payloads
+ */
#ifndef NOTIFY_PAYLOAD_H_
#define NOTIFY_PAYLOAD_H_
@@ -37,17 +36,13 @@ typedef struct notify_payload_t notify_payload_t;
/**
* Notify payload length in bytes without any spi and notification data.
- *
- * @ingroup payloads
*/
#define NOTIFY_PAYLOAD_HEADER_LENGTH 8
/**
- * @brief Notify message types.
+ * Notify message types.
*
* See IKEv2 RFC 3.10.1.
- *
- * @ingroup payloads
*/
enum notify_type_t {
/* notify error messages */
@@ -68,8 +63,8 @@ enum notify_type_t {
INVALID_SELECTORS = 39,
UNACCEPTABLE_ADDRESSES = 40,
UNEXPECTED_NAT_DETECTED = 41,
- /* P2P-NAT-T, private use */
- P2P_CONNECT_FAILED = 8192,
+ /* IKE-ME, private use */
+ ME_CONNECT_FAILED = 8192,
/* notify status messages */
INITIAL_CONTACT = 16384,
@@ -98,41 +93,30 @@ enum notify_type_t {
EAP_ONLY_AUTHENTICATION = 40960,
/* BEET mode, not even a draft yet. private use */
USE_BEET_MODE = 40961,
- /* P2P-NAT-T, private use */
- P2P_MEDIATION = 40962,
- P2P_ENDPOINT = 40963,
- P2P_CALLBACK = 40964,
- P2P_SESSIONID = 40965,
- P2P_SESSIONKEY = 40966,
- P2P_RESPONSE = 40967
+ /* IKE-ME, private use */
+ ME_MEDIATION = 40962,
+ ME_ENDPOINT = 40963,
+ ME_CALLBACK = 40964,
+ ME_CONNECTID = 40965,
+ ME_CONNECTKEY = 40966,
+ ME_CONNECTAUTH = 40967,
+ ME_RESPONSE = 40968
};
/**
* enum name for notify_type_t.
- *
- * @ingroup payloads
*/
extern enum_name_t *notify_type_names;
/**
* enum name for notify_type_t (shorter strings).
- *
- * @ingroup payloads
*/
extern enum_name_t *notify_type_short_names;
/**
- * @brief Class representing an IKEv2-Notify Payload.
+ * Class representing an IKEv2-Notify Payload.
*
* The Notify Payload format is described in Draft section 3.10.
- *
- * @b Constructors:
- * - notify_payload_create()
- * - notify_payload_create_from_protocol_and_type()
- *
- * @todo Build specified constructor/getter for notify's
- *
- * @ingroup payloads
*/
struct notify_payload_t {
/**
@@ -141,104 +125,91 @@ struct notify_payload_t {
payload_t payload_interface;
/**
- * @brief Gets the protocol id of this payload.
+ * Gets the protocol id of this payload.
*
- * @param this calling notify_payload_t object
* @return protocol id of this payload
*/
u_int8_t (*get_protocol_id) (notify_payload_t *this);
/**
- * @brief Sets the protocol id of this payload.
+ * Sets the protocol id of this payload.
*
- * @param this calling notify_payload_t object
* @param protocol_id protocol id to set
*/
void (*set_protocol_id) (notify_payload_t *this, u_int8_t protocol_id);
/**
- * @brief Gets the notify message type of this payload.
+ * Gets the notify message type of this payload.
*
- * @param this calling notify_payload_t object
* @return notify message type of this payload
*/
notify_type_t (*get_notify_type) (notify_payload_t *this);
/**
- * @brief Sets notify message type of this payload.
+ * Sets notify message type of this payload.
*
- * @param this calling notify_payload_t object
* @param type notify message type to set
*/
void (*set_notify_type) (notify_payload_t *this, notify_type_t type);
/**
- * @brief Returns the currently set spi of this payload.
+ * Returns the currently set spi of this payload.
*
* This is only valid for notifys with protocol AH|ESP
*
- * @param this calling notify_payload_t object
* @return SPI value
*/
u_int32_t (*get_spi) (notify_payload_t *this);
/**
- * @brief Sets the spi of this payload.
+ * Sets the spi of this payload.
*
* This is only valid for notifys with protocol AH|ESP
*
- * @param this calling notify_payload_t object
* @param spi SPI value
*/
void (*set_spi) (notify_payload_t *this, u_int32_t spi);
/**
- * @brief Returns the currently set notification data of payload.
+ * Returns the currently set notification data of payload.
*
- * @warning Returned data are not copied.
+ * Returned data are not copied.
*
- * @param this calling notify_payload_t object
* @return chunk_t pointing to the value
*/
chunk_t (*get_notification_data) (notify_payload_t *this);
/**
- * @brief Sets the notification data of this payload.
+ * Sets the notification data of this payload.
*
* @warning Value is getting copied.
*
- * @param this calling notify_payload_t object
* @param notification_data chunk_t pointing to the value to set
*/
- void (*set_notification_data) (notify_payload_t *this, chunk_t notification_data);
+ void (*set_notification_data) (notify_payload_t *this,
+ chunk_t notification_data);
/**
- * @brief Destroys an notify_payload_t object.
- *
- * @param this notify_payload_t object to destroy
+ * Destroys an notify_payload_t object.
*/
void (*destroy) (notify_payload_t *this);
};
/**
- * @brief Creates an empty notify_payload_t object
+ * Creates an empty notify_payload_t object
*
* @return created notify_payload_t object
- *
- * @ingroup payloads
*/
notify_payload_t *notify_payload_create(void);
/**
- * @brief Creates an notify_payload_t object of specific type for specific protocol id.
+ * Creates an notify_payload_t object of specific type for specific protocol id.
*
* @param protocol_id protocol id (IKE, AH or ESP)
* @param type notify type (see notify_type_t)
* @return notify_payload_t object
- *
- * @ingroup payloads
*/
-notify_payload_t *notify_payload_create_from_protocol_and_type(protocol_id_t protocol_id, notify_type_t type);
-
+notify_payload_t *notify_payload_create_from_protocol_and_type(
+ protocol_id_t protocol_id, notify_type_t type);
-#endif /*NOTIFY_PAYLOAD_H_*/
+#endif /*NOTIFY_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/payload.c b/src/charon/encoding/payloads/payload.c
index 2c51c60de..17986dd58 100644
--- a/src/charon/encoding/payloads/payload.c
+++ b/src/charon/encoding/payloads/payload.c
@@ -1,11 +1,3 @@
-/**
- * @file payload.c
- *
- * @brief Generic constructor to the payload_t interface.
- *
- *
- */
-
/*
* Copyright (C) 2007 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
@@ -21,6 +13,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: payload.c 3666 2008-03-26 18:40:19Z tobias $
*/
@@ -64,13 +58,13 @@ ENUM_NEXT(payload_type_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICATION, N
"ENCRYPTED",
"CONFIGURATION",
"EXTENSIBLE_AUTHENTICATION");
-#ifdef P2P
+#ifdef ME
ENUM_NEXT(payload_type_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
"ID_PEER");
ENUM_NEXT(payload_type_names, HEADER, UNKNOWN_PAYLOAD, ID_PEER,
#else
ENUM_NEXT(payload_type_names, HEADER, UNKNOWN_PAYLOAD, EXTENSIBLE_AUTHENTICATION,
-#endif /* P2P */
+#endif /* ME */
"HEADER",
"PROPOSAL_SUBSTRUCTURE",
"TRANSFORM_SUBSTRUCTURE",
@@ -100,13 +94,13 @@ ENUM_NEXT(payload_type_short_names, SECURITY_ASSOCIATION, EXTENSIBLE_AUTHENTICAT
"E",
"CP",
"EAP");
-#ifdef P2P
+#ifdef ME
ENUM_NEXT(payload_type_short_names, ID_PEER, ID_PEER, EXTENSIBLE_AUTHENTICATION,
"IDp");
ENUM_NEXT(payload_type_short_names, HEADER, UNKNOWN_PAYLOAD, ID_PEER,
#else
ENUM_NEXT(payload_type_short_names, HEADER, UNKNOWN_PAYLOAD, EXTENSIBLE_AUTHENTICATION,
-#endif /* P2P */
+#endif /* ME */
"HDR",
"PROP",
"TRANS",
@@ -139,10 +133,10 @@ payload_t *payload_create(payload_type_t type)
return (payload_t*)id_payload_create(ID_INITIATOR);
case ID_RESPONDER:
return (payload_t*)id_payload_create(ID_RESPONDER);
-#ifdef P2P
+#ifdef ME
case ID_PEER:
return (payload_t*)id_payload_create(ID_PEER);
-#endif /* P2P */
+#endif /* ME */
case AUTHENTICATION:
return (payload_t*)auth_payload_create();
case CERTIFICATE:
diff --git a/src/charon/encoding/payloads/payload.h b/src/charon/encoding/payloads/payload.h
index ab902d755..abc79259a 100644
--- a/src/charon/encoding/payloads/payload.h
+++ b/src/charon/encoding/payloads/payload.h
@@ -1,10 +1,3 @@
-/**
- * @file payload.h
- *
- * @brief Interface payload_t.
- *
- */
-
/*
* Copyright (C) 2007 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
@@ -20,6 +13,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: payload.h 3666 2008-03-26 18:40:19Z tobias $
+ */
+
+/**
+ * @defgroup payload payload
+ * @{ @ingroup payloads
*/
#ifndef PAYLOAD_H_
@@ -33,12 +33,10 @@ typedef struct payload_t payload_t;
/**
- * @brief Payload-Types of a IKEv2-Message.
+ * Payload-Types of a IKEv2-Message.
*
* Header and substructures are also defined as
* payload types with values from PRIVATE USE space.
- *
- * @ingroup payloads
*/
enum payload_type_t{
@@ -127,13 +125,13 @@ enum payload_type_t{
*/
EXTENSIBLE_AUTHENTICATION = 48,
-#ifdef P2P
+#ifdef ME
/**
- * Identification payload for peers in P2P-NAT-T has a value from
+ * Identification payload for peers has a value from
* the PRIVATE USE space.
*/
ID_PEER = 128,
-#endif /* P2P */
+#endif /* ME */
/**
* Header has a value of PRIVATE USE space.
@@ -204,80 +202,65 @@ extern enum_name_t *payload_type_names;
extern enum_name_t *payload_type_short_names;
/**
- * @brief Generic interface for all payload types (incl.header and substructures).
+ * Generic interface for all payload types (incl.header and substructures).
*
* To handle all kinds of payloads on a generic way, this interface must
* be implemented by every payload. This allows parser_t/generator_t a simple
* handling of all payloads.
- *
- * @b Constructors:
- * - payload_create() with the payload to instantiate.
- *
- * @ingroup payloads
*/
struct payload_t {
/**
- * @brief Get encoding rules for this payload.
+ * Get encoding rules for this payload.
*
- * @param this calling object
- * @param[out] rules location to store pointer of first rule
- * @param[out] rule_count location to store number of rules
+ * @param rules location to store pointer of first rule
+ * @param rule_count location to store number of rules
*/
void (*get_encoding_rules) (payload_t *this, encoding_rule_t **rules, size_t *rule_count);
/**
- * @brief Get type of payload.
+ * Get type of payload.
*
- * @param this calling object
- * @return type of this payload
+ * @return type of this payload
*/
payload_type_t (*get_type) (payload_t *this);
/**
- * @brief Get type of next payload or NO_PAYLOAD (0) if this is the last one.
+ * Get type of next payload or NO_PAYLOAD (0) if this is the last one.
*
- * @param this calling object
- * @return type of next payload
+ * @return type of next payload
*/
payload_type_t (*get_next_type) (payload_t *this);
/**
- * @brief Set type of next payload.
+ * Set type of next payload.
*
- * @param this calling object
- * @param type type of next payload
+ * @param type type of next payload
*/
void (*set_next_type) (payload_t *this,payload_type_t type);
/**
- * @brief Get length of payload.
+ * Get length of payload.
*
- * @param this calling object
- * @return length of this payload
+ * @return length of this payload
*/
size_t (*get_length) (payload_t *this);
/**
- * @brief Verifies payload structure and makes consistence check.
+ * Verifies payload structure and makes consistence check.
*
- * @param this calling object
- * @return
- * - SUCCESS
- * - FAILED if consistence not given
+ * @return SUCCESS, FAILED if consistence not given
*/
status_t (*verify) (payload_t *this);
/**
- * @brief Destroys a payload and all included substructures.
- *
- * @param this payload to destroy
+ * Destroys a payload and all included substructures.
*/
void (*destroy) (payload_t *this);
};
/**
- * @brief Create an empty payload.
+ * Create an empty payload.
*
* Useful for the parser, who wants a generic constructor for all payloads.
* It supports all payload_t methods. If a payload type is not known,
@@ -288,4 +271,4 @@ struct payload_t {
*/
payload_t *payload_create(payload_type_t type);
-#endif /*PAYLOAD_H_*/
+#endif /*PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/proposal_substructure.c b/src/charon/encoding/payloads/proposal_substructure.c
index 182d2b6e8..daa015d3e 100644
--- a/src/charon/encoding/payloads/proposal_substructure.c
+++ b/src/charon/encoding/payloads/proposal_substructure.c
@@ -1,10 +1,3 @@
-/**
- * @file proposal_substructure.h
- *
- * @brief Implementation of proposal_substructure_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: proposal_substructure.c 3658 2008-03-26 10:06:45Z martin $
*/
#include <stddef.h>
@@ -521,60 +516,62 @@ proposal_substructure_t *proposal_substructure_create()
*/
proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *proposal)
{
- private_proposal_substructure_t *this = (private_proposal_substructure_t*)
- proposal_substructure_create();
- iterator_t *iterator;
- algorithm_t *algo;
transform_substructure_t *transform;
+ private_proposal_substructure_t *this;
+ u_int16_t alg, key_size;
+ enumerator_t *enumerator;
+
+ this = (private_proposal_substructure_t*)proposal_substructure_create();
/* encryption algorithm is only availble in ESP */
- iterator = proposal->create_algorithm_iterator(proposal, ENCRYPTION_ALGORITHM);
- while (iterator->iterate(iterator, (void**)&algo))
+ enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM);
+ while (enumerator->enumerate(enumerator, &alg, &key_size))
{
transform = transform_substructure_create_type(ENCRYPTION_ALGORITHM,
- algo->algorithm, algo->key_size);
- this->public.add_transform_substructure(&(this->public), transform);
+ alg, key_size);
+ add_transform_substructure(this, transform);
}
- iterator->destroy(iterator);
+ enumerator->destroy(enumerator);
/* integrity algorithms */
- iterator = proposal->create_algorithm_iterator(proposal, INTEGRITY_ALGORITHM);
- while (iterator->iterate(iterator, (void**)&algo))
+ enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM);
+ while (enumerator->enumerate(enumerator, &alg, &key_size))
{
transform = transform_substructure_create_type(INTEGRITY_ALGORITHM,
- algo->algorithm, algo->key_size);
- this->public.add_transform_substructure(&(this->public), transform);
+ alg, key_size);
+ add_transform_substructure(this, transform);
}
- iterator->destroy(iterator);
+ enumerator->destroy(enumerator);
/* prf algorithms */
- iterator = proposal->create_algorithm_iterator(proposal, PSEUDO_RANDOM_FUNCTION);
- while (iterator->iterate(iterator, (void**)&algo))
+ enumerator = proposal->create_enumerator(proposal, PSEUDO_RANDOM_FUNCTION);
+ while (enumerator->enumerate(enumerator, &alg, &key_size))
{
transform = transform_substructure_create_type(PSEUDO_RANDOM_FUNCTION,
- algo->algorithm, algo->key_size);
- this->public.add_transform_substructure(&(this->public), transform);
+ alg, key_size);
+ add_transform_substructure(this, transform);
}
- iterator->destroy(iterator);
+ enumerator->destroy(enumerator);
/* dh groups */
- iterator = proposal->create_algorithm_iterator(proposal, DIFFIE_HELLMAN_GROUP);
- while (iterator->iterate(iterator, (void**)&algo))
+ enumerator = proposal->create_enumerator(proposal, DIFFIE_HELLMAN_GROUP);
+ while (enumerator->enumerate(enumerator, &alg, NULL))
{
- transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP, algo->algorithm, 0);
- this->public.add_transform_substructure(&(this->public), transform);
+ transform = transform_substructure_create_type(DIFFIE_HELLMAN_GROUP,
+ alg, 0);
+ add_transform_substructure(this, transform);
}
- iterator->destroy(iterator);
+ enumerator->destroy(enumerator);
/* extended sequence numbers */
- iterator = proposal->create_algorithm_iterator(proposal, EXTENDED_SEQUENCE_NUMBERS);
- while (iterator->iterate(iterator, (void**)&algo))
+ enumerator = proposal->create_enumerator(proposal, EXTENDED_SEQUENCE_NUMBERS);
+ while (enumerator->enumerate(enumerator, &alg, NULL))
{
transform = transform_substructure_create_type(EXTENDED_SEQUENCE_NUMBERS,
- algo->algorithm, 0);
- this->public.add_transform_substructure(&(this->public), transform);
+ alg, 0);
+ add_transform_substructure(this, transform);
}
- iterator->destroy(iterator);
+ enumerator->destroy(enumerator);
/* add SPI, if necessary */
switch (proposal->get_protocol(proposal))
diff --git a/src/charon/encoding/payloads/proposal_substructure.h b/src/charon/encoding/payloads/proposal_substructure.h
index 93a8d7b2f..85daadddc 100644
--- a/src/charon/encoding/payloads/proposal_substructure.h
+++ b/src/charon/encoding/payloads/proposal_substructure.h
@@ -1,10 +1,3 @@
-/**
- * @file proposal_substructure.h
- *
- * @brief Interface of proposal_substructure_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: proposal_substructure.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup proposal_substructure proposal_substructure
+ * @{ @ingroup payloads
*/
#ifndef PROPOSAL_SUBSTRUCTURE_H_
@@ -35,20 +35,13 @@ typedef struct proposal_substructure_t proposal_substructure_t;
/**
* Length of the proposal substructure header (without spi).
- *
- * @ingroup payloads
*/
#define PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH 8
/**
- * @brief Class representing an IKEv2-PROPOSAL SUBSTRUCTURE.
+ * Class representing an IKEv2-PROPOSAL SUBSTRUCTURE.
*
* The PROPOSAL SUBSTRUCTURE format is described in RFC section 3.3.1.
- *
- * @b Constructors:
- * - proposal_substructure_create()
- *
- * @ingroup payloads
*/
struct proposal_substructure_t {
/**
@@ -57,150 +50,126 @@ struct proposal_substructure_t {
payload_t payload_interface;
/**
- * @brief Creates an iterator of stored transform_substructure_t objects.
- *
- * @warning The created iterator has to get destroyed by the caller!
- * When deleting any transform over this iterator, call
- * get_size to make sure the length and number values are ok.
+ * Creates an iterator of stored transform_substructure_t objects.
*
- * @param this calling proposal_substructure_t object
* @param forward iterator direction (TRUE: front to end)
* @return created iterator_t object
*/
- iterator_t *(*create_transform_substructure_iterator) (proposal_substructure_t *this, bool forward);
+ iterator_t *(*create_transform_substructure_iterator) (
+ proposal_substructure_t *this, bool forward);
/**
- * @brief Adds a transform_substructure_t object to this object.
- *
- * @warning The added transform_substructure_t object is
- * getting destroyed in destroy function of proposal_substructure_t.
+ * Adds a transform_substructure_t object to this object.
*
- * @param this calling proposal_substructure_t object
- * @param transform transform_substructure_t object to add
+ * @param transform transform_substructure_t object to add
*/
- void (*add_transform_substructure) (proposal_substructure_t *this,transform_substructure_t *transform);
+ void (*add_transform_substructure) (proposal_substructure_t *this,
+ transform_substructure_t *transform);
/**
- * @brief Sets the proposal number of current proposal.
+ * Sets the proposal number of current proposal.
*
- * @param this calling proposal_substructure_t object
- * @param id proposal number to set
+ * @param id proposal number to set
*/
- void (*set_proposal_number) (proposal_substructure_t *this,u_int8_t proposal_number);
+ void (*set_proposal_number) (proposal_substructure_t *this,
+ u_int8_t proposal_number);
/**
- * @brief get proposal number of current proposal.
+ * get proposal number of current proposal.
*
- * @param this calling proposal_substructure_t object
* @return proposal number of current proposal substructure.
*/
u_int8_t (*get_proposal_number) (proposal_substructure_t *this);
/**
- * @brief get the number of transforms in current proposal.
+ * get the number of transforms in current proposal.
*
- * @param this calling proposal_substructure_t object
* @return transform count in current proposal
*/
size_t (*get_transform_count) (proposal_substructure_t *this);
/**
- * @brief get size of the set spi in bytes.
+ * get size of the set spi in bytes.
*
- * @param this calling proposal_substructure_t object
* @return size of the spi in bytes
*/
size_t (*get_spi_size) (proposal_substructure_t *this);
/**
- * @brief Sets the protocol id of current proposal.
+ * Sets the protocol id of current proposal.
*
- * @param this calling proposal_substructure_t object
- * @param id protocol id to set
+ * @param id protocol id to set
*/
- void (*set_protocol_id) (proposal_substructure_t *this,u_int8_t protocol_id);
+ void (*set_protocol_id) (proposal_substructure_t *this,
+ u_int8_t protocol_id);
/**
- * @brief get protocol id of current proposal.
+ * get protocol id of current proposal.
*
- * @param this calling proposal_substructure_t object
* @return protocol id of current proposal substructure.
*/
u_int8_t (*get_protocol_id) (proposal_substructure_t *this);
/**
- * @brief Sets the next_payload field of this substructure
+ * Sets the next_payload field of this substructure
*
* If this is the last proposal, next payload field is set to 0,
* otherwise to 2
*
- * @param this calling proposal_substructure_t object
* @param is_last When TRUE, next payload field is set to 0, otherwise to 2
*/
void (*set_is_last_proposal) (proposal_substructure_t *this, bool is_last);
/**
- * @brief Returns the currently set SPI of this proposal.
- *
- * @warning Returned data are not copied
- *
- * @param this calling proposal_substructure_t object
- * @return chunk_t pointing to the value
+ * Returns the currently set SPI of this proposal.
+ *
+ * @return chunk_t pointing to the value
*/
chunk_t (*get_spi) (proposal_substructure_t *this);
/**
- * @brief Sets the SPI of the current proposal.
+ * Sets the SPI of the current proposal.
*
* @warning SPI is getting copied
*
- * @param this calling proposal_substructure_t object
- * @param spi chunk_t pointing to the value to set
+ * @param spi chunk_t pointing to the value to set
*/
void (*set_spi) (proposal_substructure_t *this, chunk_t spi);
/**
- * @brief Get a proposal_t from the propsal_substructure_t.
+ * Get a proposal_t from the propsal_substructure_t.
*
- * @param this calling proposal_substructure_t object
* @return proposal_t
*/
proposal_t * (*get_proposal) (proposal_substructure_t *this);
/**
- * @brief Clones an proposal_substructure_t object.
+ * Clones an proposal_substructure_t object.
*
- * @param this proposal_substructure_t object to clone
* @return cloned object
*/
proposal_substructure_t* (*clone) (proposal_substructure_t *this);
/**
- * @brief Destroys an proposal_substructure_t object.
- *
- * @param this proposal_substructure_t object to destroy
+ * Destroys an proposal_substructure_t object.
*/
void (*destroy) (proposal_substructure_t *this);
};
/**
- * @brief Creates an empty proposal_substructure_t object
+ * Creates an empty proposal_substructure_t object
*
* @return proposal_substructure_t object
- *
- * @ingroup payloads
*/
proposal_substructure_t *proposal_substructure_create(void);
/**
- * @brief Creates a proposal_substructure_t from a proposal_t.
+ * Creates a proposal_substructure_t from a proposal_t.
*
* @param proposal proposal to build a substruct out of it
* @return proposal_substructure_t object
- *
- * @ingroup payloads
*/
-proposal_substructure_t *proposal_substructure_create_from_proposal(proposal_t *proposal);
-
+proposal_substructure_t *proposal_substructure_create_from_proposal(
+ proposal_t *proposal);
-#endif /*PROPOSAL_SUBSTRUCTURE_H_*/
+#endif /*PROPOSAL_SUBSTRUCTURE_H_ @} */
diff --git a/src/charon/encoding/payloads/sa_payload.c b/src/charon/encoding/payloads/sa_payload.c
index 304f1b64c..ecc3b0f60 100644
--- a/src/charon/encoding/payloads/sa_payload.c
+++ b/src/charon/encoding/payloads/sa_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file sa_payload.c
- *
- * @brief Implementation of sa_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: sa_payload.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stddef.h>
diff --git a/src/charon/encoding/payloads/sa_payload.h b/src/charon/encoding/payloads/sa_payload.h
index 67d687857..34906c889 100644
--- a/src/charon/encoding/payloads/sa_payload.h
+++ b/src/charon/encoding/payloads/sa_payload.h
@@ -1,10 +1,3 @@
-/**
- * @file sa_payload.h
- *
- * @brief Interface of sa_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: sa_payload.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup sa_payload sa_payload
+ * @{ @ingroup payloads
*/
#ifndef SA_PAYLOAD_H_
@@ -33,24 +33,13 @@ typedef struct sa_payload_t sa_payload_t;
/**
* SA_PAYLOAD length in bytes without any proposal substructure.
- *
- * @ingroup payloads
*/
#define SA_PAYLOAD_HEADER_LENGTH 4
/**
- * @brief Class representing an IKEv2-SA Payload.
+ * Class representing an IKEv2-SA Payload.
*
* The SA Payload format is described in RFC section 3.3.
- *
- * @b Constructors:
- * - sa_payload_create()
- * - sa_payload_create_from_ike_proposals()
- * - sa_payload_create_from_proposal()
- *
- * @todo Add support of algorithms without specified keylength in get_proposals and get_ike_proposals.
- *
- * @ingroup payloads
*/
struct sa_payload_t {
/**
@@ -59,83 +48,70 @@ struct sa_payload_t {
payload_t payload_interface;
/**
- * @brief Creates an iterator of stored proposal_substructure_t objects.
+ * Creates an iterator of stored proposal_substructure_t objects.
*
- * @warning The created iterator has to get destroyed by the caller!
- *
- * @warning When deleting an proposal using this iterator,
- * the length of this transform substructure has to be refreshed
- * by calling get_length()!
+ * When deleting an proposal using this iterator,
+ * the length of this transform substructure has to be refreshed
+ * by calling get_length()!
*
- * @param this calling sa_payload_t object
- * @param[in] forward iterator direction (TRUE: front to end)
- * @return created iterator_t object
+ * @param forward iterator direction (TRUE: front to end)
+ * @return created iterator_t object
*/
- iterator_t *(*create_proposal_substructure_iterator) (sa_payload_t *this, bool forward);
+ iterator_t *(*create_proposal_substructure_iterator) (sa_payload_t *this,
+ bool forward);
/**
- * @brief Adds a proposal_substructure_t object to this object.
- *
- * @warning The added proposal_substructure_t object is
- * getting destroyed in destroy function of sa_payload_t.
+ * Adds a proposal_substructure_t object to this object.
*
- * @param this calling sa_payload_t object
* @param proposal proposal_substructure_t object to add
*/
- void (*add_proposal_substructure) (sa_payload_t *this,proposal_substructure_t *proposal);
+ void (*add_proposal_substructure) (sa_payload_t *this,
+ proposal_substructure_t *proposal);
/**
- * @brief Gets the proposals in this payload as a list.
+ * Gets the proposals in this payload as a list.
*
* @return a list containing proposal_t s
*/
linked_list_t *(*get_proposals) (sa_payload_t *this);
/**
- * @brief Add a child proposal (AH/ESP) to the payload.
+ * Add a child proposal (AH/ESP) to the payload.
*
* @param proposal child proposal to add to the payload
*/
void (*add_proposal) (sa_payload_t *this, proposal_t *proposal);
/**
- * @brief Destroys an sa_payload_t object.
- *
- * @param this sa_payload_t object to destroy
+ * Destroys an sa_payload_t object.
*/
void (*destroy) (sa_payload_t *this);
};
/**
- * @brief Creates an empty sa_payload_t object
+ * Creates an empty sa_payload_t object
*
* @return created sa_payload_t object
- *
- * @ingroup payloads
*/
sa_payload_t *sa_payload_create(void);
/**
- * @brief Creates a sa_payload_t object from a list of proposals.
+ * Creates a sa_payload_t object from a list of proposals.
*
* @param proposals list of proposals to build the payload from
* @return sa_payload_t object
- *
- * @ingroup payloads
*/
sa_payload_t *sa_payload_create_from_proposal_list(linked_list_t *proposals);
/**
- * @brief Creates a sa_payload_t object from a single proposal.
+ * Creates a sa_payload_t object from a single proposal.
*
* This is only for convenience. Use sa_payload_create_from_proposal_list
* if you want to add more than one proposal.
*
* @param proposal proposal from which the payload should be built.
* @return sa_payload_t object
- *
- * @ingroup payloads
*/
sa_payload_t *sa_payload_create_from_proposal(proposal_t *proposal);
-#endif /*SA_PAYLOAD_H_*/
+#endif /*SA_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.c b/src/charon/encoding/payloads/traffic_selector_substructure.c
index 573139bf3..f6042b4b6 100644
--- a/src/charon/encoding/payloads/traffic_selector_substructure.c
+++ b/src/charon/encoding/payloads/traffic_selector_substructure.c
@@ -1,10 +1,3 @@
-/**
- * @file traffic_selector_substructure.c
- *
- * @brief Interface of traffic_selector_substructure_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: traffic_selector_substructure.c 3589 2008-03-13 14:14:44Z martin $
*/
#include "traffic_selector_substructure.h"
diff --git a/src/charon/encoding/payloads/traffic_selector_substructure.h b/src/charon/encoding/payloads/traffic_selector_substructure.h
index 14efccc89..2a2769fb6 100644
--- a/src/charon/encoding/payloads/traffic_selector_substructure.h
+++ b/src/charon/encoding/payloads/traffic_selector_substructure.h
@@ -1,10 +1,3 @@
-/**
- * @file traffic_selector_substructure.h
- *
- * @brief Interface of traffic_selector_substructure_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,8 +12,14 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: traffic_selector_substructure.h 3589 2008-03-13 14:14:44Z martin $
*/
+/**
+ * @defgroup traffic_selector_substructure traffic_selector_substructure
+ * @{ @ingroup payloads
+ */
#ifndef TRAFFIC_SELECTOR_SUBSTRUCTURE_H_
#define TRAFFIC_SELECTOR_SUBSTRUCTURE_H_
@@ -34,21 +33,13 @@ typedef struct traffic_selector_substructure_t traffic_selector_substructure_t;
/**
* Length of a TRAFFIC SELECTOR SUBSTRUCTURE without start and end address.
- *
- * @ingroup payloads
*/
#define TRAFFIC_SELECTOR_HEADER_LENGTH 8
/**
- * @brief Class representing an IKEv2 TRAFFIC SELECTOR.
+ * Class representing an IKEv2 TRAFFIC SELECTOR.
*
* The TRAFFIC SELECTOR format is described in RFC section 3.13.1.
- *
- * @b Constructors:
- * - traffic_selector_substructure_create()
- * - traffic_selector_substructure_create_from_traffic_selector()
- *
- * @ingroup payloads
*/
struct traffic_selector_substructure_t {
/**
@@ -57,116 +48,106 @@ struct traffic_selector_substructure_t {
payload_t payload_interface;
/**
- * @brief Get the type of Traffic selector.
+ * Get the type of Traffic selector.
*
- * @param this calling traffic_selector_substructure_t object
* @return type of traffic selector
*
*/
ts_type_t (*get_ts_type) (traffic_selector_substructure_t *this);
/**
- * @brief Set the type of Traffic selector.
+ * Set the type of Traffic selector.
*
- * @param this calling traffic_selector_substructure_t object
* @param ts_type type of traffic selector
*/
- void (*set_ts_type) (traffic_selector_substructure_t *this,ts_type_t ts_type);
+ void (*set_ts_type) (traffic_selector_substructure_t *this,
+ ts_type_t ts_type);
/**
- * @brief Get the IP protocol ID of Traffic selector.
+ * Get the IP protocol ID of Traffic selector.
*
- * @param this calling traffic_selector_substructure_t object
* @return type of traffic selector
*
*/
u_int8_t (*get_protocol_id) (traffic_selector_substructure_t *this);
/**
- * @brief Set the IP protocol ID of Traffic selector
+ * Set the IP protocol ID of Traffic selector
*
- * @param this calling traffic_selector_substructure_t object
* @param protocol_id protocol ID of traffic selector
*/
- void (*set_protocol_id) (traffic_selector_substructure_t *this,u_int8_t protocol_id);
+ void (*set_protocol_id) (traffic_selector_substructure_t *this,
+ u_int8_t protocol_id);
/**
- * @brief Get the start port and address as host_t object.
+ * Get the start port and address as host_t object.
*
* Returned host_t object has to get destroyed by the caller.
*
- * @param this calling traffic_selector_substructure_t object
* @return start host as host_t object
*
*/
host_t *(*get_start_host) (traffic_selector_substructure_t *this);
/**
- * @brief Set the start port and address as host_t object.
+ * Set the start port and address as host_t object.
*
- * @param this calling traffic_selector_substructure_t object
* @param start_host start host as host_t object
*/
- void (*set_start_host) (traffic_selector_substructure_t *this,host_t *start_host);
+ void (*set_start_host) (traffic_selector_substructure_t *this,
+ host_t *start_host);
/**
- * @brief Get the end port and address as host_t object.
+ * Get the end port and address as host_t object.
*
* Returned host_t object has to get destroyed by the caller.
*
- * @param this calling traffic_selector_substructure_t object
* @return end host as host_t object
*
*/
host_t *(*get_end_host) (traffic_selector_substructure_t *this);
/**
- * @brief Set the end port and address as host_t object.
+ * Set the end port and address as host_t object.
*
- * @param this calling traffic_selector_substructure_t object
* @param end_host end host as host_t object
*/
- void (*set_end_host) (traffic_selector_substructure_t *this,host_t *end_host);
+ void (*set_end_host) (traffic_selector_substructure_t *this,
+ host_t *end_host);
/**
- * @brief Get a traffic_selector_t from this substructure.
+ * Get a traffic_selector_t from this substructure.
*
* @warning traffic_selector_t must be destroyed after usage.
*
- * @param this calling traffic_selector_substructure_t object
* @return contained traffic_selector_t
*/
- traffic_selector_t *(*get_traffic_selector) (traffic_selector_substructure_t *this);
+ traffic_selector_t *(*get_traffic_selector) (
+ traffic_selector_substructure_t *this);
/**
- * @brief Destroys an traffic_selector_substructure_t object.
- *
- * @param this traffic_selector_substructure_t object to destroy
+ * Destroys an traffic_selector_substructure_t object.
*/
void (*destroy) (traffic_selector_substructure_t *this);
};
/**
- * @brief Creates an empty traffic_selector_substructure_t object.
+ * Creates an empty traffic_selector_substructure_t object.
*
* TS type is set to default TS_IPV4_ADDR_RANGE!
*
* @return traffic_selector_substructure_t object
- *
- * @ingroup payloads
*/
traffic_selector_substructure_t *traffic_selector_substructure_create(void);
/**
- * @brief Creates an initialized traffif selector substructure using
+ * Creates an initialized traffif selector substructure using
* the values from a traffic_selector_t.
*
* @param traffic_selector traffic_selector_t to use for initialization
* @return traffic_selector_substructure_t object
- *
- * @ingroup payloads
*/
-traffic_selector_substructure_t *traffic_selector_substructure_create_from_traffic_selector(traffic_selector_t *traffic_selector);
-
+traffic_selector_substructure_t *traffic_selector_substructure_create_from_traffic_selector(
+ traffic_selector_t *traffic_selector);
-#endif /* /TRAFFIC_SELECTOR_SUBSTRUCTURE_H_ */
+#endif /* /TRAFFIC_SELECTOR_SUBSTRUCTURE_H_ @} */
diff --git a/src/charon/encoding/payloads/transform_attribute.c b/src/charon/encoding/payloads/transform_attribute.c
index 066885c55..b9b5ff879 100644
--- a/src/charon/encoding/payloads/transform_attribute.c
+++ b/src/charon/encoding/payloads/transform_attribute.c
@@ -1,10 +1,3 @@
-/**
- * @file transform_attribute.c
- *
- * @brief Implementation of transform_attribute_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: transform_attribute.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <string.h>
diff --git a/src/charon/encoding/payloads/transform_attribute.h b/src/charon/encoding/payloads/transform_attribute.h
index 30583b23f..891155913 100644
--- a/src/charon/encoding/payloads/transform_attribute.h
+++ b/src/charon/encoding/payloads/transform_attribute.h
@@ -1,10 +1,3 @@
-/**
- * @file transform_attribute.h
- *
- * @brief Interface of transform_attribute_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: transform_attribute.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup transform_attribute transform_attribute
+ * @{ @ingroup payloads
*/
#ifndef TRANSFORM_ATTRIBUTE_H_
@@ -33,8 +33,6 @@ typedef struct transform_attribute_t transform_attribute_t;
/**
* Type of the attribute, as in IKEv2 RFC 3.3.5.
- *
- * @ingroup payloads
*/
enum transform_attribute_type_t {
ATTRIBUTE_UNDEFINED = 16384,
@@ -43,17 +41,13 @@ enum transform_attribute_type_t {
/**
* enum name for transform_attribute_type_t.
- *
- * @ingroup payloads
*/
extern enum_name_t *transform_attribute_type_names;
/**
- * @brief Class representing an IKEv2- TRANSFORM Attribute.
+ * Class representing an IKEv2- TRANSFORM Attribute.
*
* The TRANSFORM ATTRIBUTE format is described in RFC section 3.3.5.
- *
- * @ingroup payloads
*/
struct transform_attribute_t {
/**
@@ -62,93 +56,79 @@ struct transform_attribute_t {
payload_t payload_interface;
/**
- * @brief Returns the currently set value of the attribute.
+ * Returns the currently set value of the attribute.
*
- * @warning Returned data are not copied.
+ * Returned data are not copied.
*
- * @param this calling transform_attribute_t object
* @return chunk_t pointing to the value
*/
chunk_t (*get_value_chunk) (transform_attribute_t *this);
/**
- * @brief Returns the currently set value of the attribute.
+ * Returns the currently set value of the attribute.
*
- * @warning Returned data are not copied.
+ * Returned data are not copied.
*
- * @param this calling transform_attribute_t object
* @return value
*/
u_int16_t (*get_value) (transform_attribute_t *this);
/**
- * @brief Sets the value of the attribute.
+ * Sets the value of the attribute.
*
- * @warning Value is getting copied.
+ * Value is getting copied.
*
- * @param this calling transform_attribute_t object
* @param value chunk_t pointing to the value to set
*/
void (*set_value_chunk) (transform_attribute_t *this, chunk_t value);
/**
- * @brief Sets the value of the attribute.
+ * Sets the value of the attribute.
*
- * @param this calling transform_attribute_t object
* @param value value to set
*/
void (*set_value) (transform_attribute_t *this, u_int16_t value);
/**
- * @brief Sets the type of the attribute.
+ * Sets the type of the attribute.
*
- * @param this calling transform_attribute_t object
* @param type type to set (most significant bit is set to zero)
*/
void (*set_attribute_type) (transform_attribute_t *this, u_int16_t type);
/**
- * @brief get the type of the attribute.
+ * get the type of the attribute.
*
- * @param this calling transform_attribute_t object
* @return type of the value
*/
u_int16_t (*get_attribute_type) (transform_attribute_t *this);
/**
- * @brief Clones an transform_attribute_t object.
+ * Clones an transform_attribute_t object.
*
- * @param this transform_attribute_t object to clone
* @return cloned transform_attribute_t object
*/
transform_attribute_t * (*clone) (transform_attribute_t *this);
/**
- * @brief Destroys an transform_attribute_t object.
- *
- * @param this transform_attribute_t object to destroy
+ * Destroys an transform_attribute_t object.
*/
void (*destroy) (transform_attribute_t *this);
};
/**
- * @brief Creates an empty transform_attribute_t object.
+ * Creates an empty transform_attribute_t object.
*
* @return transform_attribute_t object
- *
- * @ingroup payloads
*/
transform_attribute_t *transform_attribute_create(void);
/**
- * @brief Creates an transform_attribute_t of type KEY_LENGTH.
+ * Creates an transform_attribute_t of type KEY_LENGTH.
*
* @param key_length key length in bytes
* @return transform_attribute_t object
- *
- * @ingroup payloads
*/
transform_attribute_t *transform_attribute_create_key_length(u_int16_t key_length);
-
-#endif /*TRANSFORM_ATTRIBUTE_H_*/
+#endif /*TRANSFORM_ATTRIBUTE_H_ @} */
diff --git a/src/charon/encoding/payloads/transform_substructure.c b/src/charon/encoding/payloads/transform_substructure.c
index d64d6c754..7c3d6421a 100644
--- a/src/charon/encoding/payloads/transform_substructure.c
+++ b/src/charon/encoding/payloads/transform_substructure.c
@@ -1,10 +1,3 @@
-/**
- * @file transform_substructure.h
- *
- * @brief Implementation of transform_substructure_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: transform_substructure.c 3971 2008-05-16 13:27:21Z tobias $
*/
#include <stddef.h>
@@ -395,14 +390,28 @@ transform_substructure_t *transform_substructure_create_type(transform_type_t tr
transform->set_transform_id(transform,transform_id);
/* a keylength attribute is only created for variable length algos */
- if (transform_type == ENCRYPTION_ALGORITHM &&
- (transform_id == ENCR_AES_CBC ||
- transform_id == ENCR_IDEA ||
- transform_id == ENCR_CAST ||
- transform_id == ENCR_BLOWFISH))
+ if (transform_type == ENCRYPTION_ALGORITHM)
{
- transform_attribute_t *attribute = transform_attribute_create_key_length(key_length);
- transform->add_transform_attribute(transform,attribute);
+ switch(transform_id)
+ {
+ case ENCR_AES_CBC:
+ case ENCR_IDEA:
+ case ENCR_CAST:
+ case ENCR_BLOWFISH:
+ case ENCR_AES_CCM_ICV8:
+ case ENCR_AES_CCM_ICV12:
+ case ENCR_AES_CCM_ICV16:
+ case ENCR_AES_GCM_ICV8:
+ case ENCR_AES_GCM_ICV12:
+ case ENCR_AES_GCM_ICV16:
+ {
+ transform_attribute_t *attribute = transform_attribute_create_key_length(key_length);
+ transform->add_transform_attribute(transform,attribute);
+ break;
+ }
+ default:
+ break;
+ }
}
return transform;
diff --git a/src/charon/encoding/payloads/transform_substructure.h b/src/charon/encoding/payloads/transform_substructure.h
index 97f587d5d..6be4b6d1e 100644
--- a/src/charon/encoding/payloads/transform_substructure.h
+++ b/src/charon/encoding/payloads/transform_substructure.h
@@ -1,10 +1,3 @@
-/**
- * @file transform_substructure.h
- *
- * @brief Interface of transform_substructure_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: transform_substructure.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup transform_substructure transform_substructure
+ * @{ @ingroup payloads
*/
#ifndef TRANSFORM_SUBSTRUCTURE_H_
@@ -39,25 +39,19 @@ typedef struct transform_substructure_t transform_substructure_t;
/**
* IKEv1 Value for a transform payload.
- *
- * @ingroup payloads
*/
#define TRANSFORM_TYPE_VALUE 3
/**
* Length of the transform substructure header in bytes.
- *
- * @ingroup payloads
*/
#define TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH 8
/**
- * @brief Class representing an IKEv2- TRANSFORM SUBSTRUCTURE.
+ * Class representing an IKEv2- TRANSFORM SUBSTRUCTURE.
*
* The TRANSFORM SUBSTRUCTURE format is described in RFC section 3.3.2.
- *
- * @ingroup payloads
*/
struct transform_substructure_t {
/**
@@ -66,121 +60,105 @@ struct transform_substructure_t {
payload_t payload_interface;
/**
- * @brief Creates an iterator of stored transform_attribute_t objects.
- *
- * @warning The created iterator has to get destroyed by the caller!
+ * Creates an iterator of stored transform_attribute_t objects.
*
- * @warning When deleting an transform attribute using this iterator,
- * the length of this transform substructure has to be refreshed
- * by calling get_length()!
+ * When deleting an transform attribute using this iterator,
+ * the length of this transform substructure has to be refreshed
+ * by calling get_length().
*
- * @param this calling transform_substructure_t object
- * @param[in] forward iterator direction (TRUE: front to end)
+ * @param forward iterator direction (TRUE: front to end)
* @return created iterator_t object.
*/
- iterator_t * (*create_transform_attribute_iterator) (transform_substructure_t *this, bool forward);
+ iterator_t * (*create_transform_attribute_iterator) (
+ transform_substructure_t *this, bool forward);
/**
- * @brief Adds a transform_attribute_t object to this object.
- *
- * @warning The added proposal_substructure_t object is
- * getting destroyed in destroy function of transform_substructure_t.
+ * Adds a transform_attribute_t object to this object.
*
- * @param this calling transform_substructure_t object
* @param proposal transform_attribute_t object to add
*/
- void (*add_transform_attribute) (transform_substructure_t *this,transform_attribute_t *attribute);
+ void (*add_transform_attribute) (transform_substructure_t *this,
+ transform_attribute_t *attribute);
/**
- * @brief Sets the next_payload field of this substructure
+ * Sets the next_payload field of this substructure
*
* If this is the last transform, next payload field is set to 0,
* otherwise to 3
*
- * @param this calling transform_substructure_t object
* @param is_last When TRUE, next payload field is set to 0, otherwise to 3
*/
void (*set_is_last_transform) (transform_substructure_t *this, bool is_last);
/**
- * @brief Checks if this is the last transform.
+ * Checks if this is the last transform.
*
- * @param this calling transform_substructure_t object
* @return TRUE if this is the last Transform, FALSE otherwise
*/
bool (*get_is_last_transform) (transform_substructure_t *this);
/**
- * @brief Sets transform type of the current transform substructure.
+ * Sets transform type of the current transform substructure.
*
- * @param this calling transform_substructure_t object
* @param type type value to set
*/
- void (*set_transform_type) (transform_substructure_t *this,u_int8_t type);
+ void (*set_transform_type) (transform_substructure_t *this, u_int8_t type);
/**
- * @brief get transform type of the current transform.
+ * get transform type of the current transform.
*
- * @param this calling transform_substructure_t object
* @return Transform type of current transform substructure.
*/
u_int8_t (*get_transform_type) (transform_substructure_t *this);
/**
- * @brief Sets transform id of the current transform substructure.
+ * Sets transform id of the current transform substructure.
*
- * @param this calling transform_substructure_t object
- * @param id transform id to set
+ * @param id transform id to set
*/
- void (*set_transform_id) (transform_substructure_t *this,u_int16_t id);
+ void (*set_transform_id) (transform_substructure_t *this, u_int16_t id);
/**
- * @brief get transform id of the current transform.
+ * get transform id of the current transform.
*
- * @param this calling transform_substructure_t object
* @return Transform id of current transform substructure.
*/
u_int16_t (*get_transform_id) (transform_substructure_t *this);
/**
- * @brief get transform id of the current transform.
+ * get transform id of the current transform.
*
- * @param this calling transform_substructure_t object
- * @param key_length The key length is written to this location
+ * @param key_length The key length is written to this location
* @return
* - SUCCESS if a key length attribute is contained
* - FAILED if no key length attribute is part of this
* transform or key length uses more then 16 bit!
*/
- status_t (*get_key_length) (transform_substructure_t *this,u_int16_t *key_length);
+ status_t (*get_key_length) (transform_substructure_t *this,
+ u_int16_t *key_length);
/**
- * @brief Clones an transform_substructure_t object.
+ * Clones an transform_substructure_t object.
*
- * @param this transform_substructure_t object to clone
* @return cloned transform_substructure_t object
*/
transform_substructure_t* (*clone) (transform_substructure_t *this);
/**
- * @brief Destroys an transform_substructure_t object.
- *
- * @param this transform_substructure_t object to destroy
+ * Destroys an transform_substructure_t object.
*/
void (*destroy) (transform_substructure_t *this);
};
/**
- * @brief Creates an empty transform_substructure_t object.
+ * Creates an empty transform_substructure_t object.
*
* @return created transform_substructure_t object
- *
- * @ingroup payloads
*/
transform_substructure_t *transform_substructure_create(void);
/**
- * @brief Creates an empty transform_substructure_t object.
+ * Creates an empty transform_substructure_t object.
*
* The key length is used for the transport types ENCRYPTION_ALGORITHM,
* PSEUDO_RANDOM_FUNCTION, INTEGRITY_ALGORITHM. For all
@@ -190,9 +168,9 @@ transform_substructure_t *transform_substructure_create(void);
* @param transform_id transform id specifying the specific algorithm of a transform type
* @param key_length Key length for key lenght attribute
* @return transform_substructure_t object
- *
- * @ingroup payloads
*/
-transform_substructure_t *transform_substructure_create_type(transform_type_t transform_type, u_int16_t transform_id, u_int16_t key_length);
+transform_substructure_t *transform_substructure_create_type(
+ transform_type_t transform_type, u_int16_t transform_id,
+ u_int16_t key_length);
-#endif /*TRANSFORM_SUBSTRUCTURE_H_*/
+#endif /*TRANSFORM_SUBSTRUCTURE_H_ @} */
diff --git a/src/charon/encoding/payloads/ts_payload.c b/src/charon/encoding/payloads/ts_payload.c
index ae89919f6..5d53793b1 100644
--- a/src/charon/encoding/payloads/ts_payload.c
+++ b/src/charon/encoding/payloads/ts_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file ts_payload.c
- *
- * @brief Implementation of ts_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: ts_payload.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stddef.h>
diff --git a/src/charon/encoding/payloads/ts_payload.h b/src/charon/encoding/payloads/ts_payload.h
index 1addee22c..d8a108ddd 100644
--- a/src/charon/encoding/payloads/ts_payload.h
+++ b/src/charon/encoding/payloads/ts_payload.h
@@ -1,10 +1,3 @@
-/**
- * @file ts_payload.h
- *
- * @brief Interface of ts_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: ts_payload.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup ts_payload ts_payload
+ * @{ @ingroup payloads
*/
@@ -35,22 +35,14 @@ typedef struct ts_payload_t ts_payload_t;
/**
* Length of a TS payload without the Traffic selectors.
- *
- * @ingroup payloads
*/
#define TS_PAYLOAD_HEADER_LENGTH 8
/**
- * @brief Class representing an IKEv2 TS payload.
+ * Class representing an IKEv2 TS payload.
*
* The TS payload format is described in RFC section 3.13.
- *
- * @b Constructors:
- * - ts_payload_create()
- * - ts_payload_create_from_traffic_selectors()
- *
- * @ingroup payloads
*/
struct ts_payload_t {
/**
@@ -59,9 +51,8 @@ struct ts_payload_t {
payload_t payload_interface;
/**
- * @brief Get the type of TSpayload (TSi or TSr).
+ * Get the type of TSpayload (TSi or TSr).
*
- * @param this calling id_payload_t object
* @return
* - TRUE if this payload is of type TSi
* - FALSE if this payload is of type TSr
@@ -69,9 +60,8 @@ struct ts_payload_t {
bool (*get_initiator) (ts_payload_t *this);
/**
- * @brief Set the type of TS payload (TSi or TSr).
+ * Set the type of TS payload (TSi or TSr).
*
- * @param this calling id_payload_t object
* @param is_initiator
* - TRUE if this payload is of type TSi
* - FALSE if this payload is of type TSr
@@ -79,75 +69,61 @@ struct ts_payload_t {
void (*set_initiator) (ts_payload_t *this,bool is_initiator);
/**
- * @brief Adds a traffic_selector_substructure_t object to this object.
- *
- * @warning The added traffic_selector_substructure_t object is
- * getting destroyed in destroy function of ts_payload_t.
+ * Adds a traffic_selector_substructure_t object to this object.
*
- * @param this calling ts_payload_t object
* @param traffic_selector traffic_selector_substructure_t object to add
*/
- void (*add_traffic_selector_substructure) (ts_payload_t *this,traffic_selector_substructure_t *traffic_selector);
+ void (*add_traffic_selector_substructure) (ts_payload_t *this,
+ traffic_selector_substructure_t *traffic_selector);
/**
- * @brief Creates an iterator of stored traffic_selector_substructure_t objects.
+ * Creates an iterator of stored traffic_selector_substructure_t objects.
*
- * @warning The created iterator has to get destroyed by the caller!
- *
- * @warning When removing an traffic_selector_substructure_t object
- * using this iterator, the length of this payload
- * has to get refreshed by calling payload_t.get_length!
+ * When removing an traffic_selector_substructure_t object
+ * using this iterator, the length of this payload
+ * has to get refreshed by calling payload_t.get_length!
*
- * @param this calling ts_payload_t object
- * @param[in] forward iterator direction (TRUE: front to end)
+ * @param forward iterator direction (TRUE: front to end)
* @return created iterator_t object
*/
- iterator_t *(*create_traffic_selector_substructure_iterator) (ts_payload_t *this, bool forward);
+ iterator_t *(*create_traffic_selector_substructure_iterator) (
+ ts_payload_t *this, bool forward);
/**
- * @brief Get a list of nested traffic selectors as traffic_selector_t.
+ * Get a list of nested traffic selectors as traffic_selector_t.
*
* Resulting list and its traffic selectors must be destroyed after usage
*
- * @param this calling ts_payload_t object
* @return list of traffic selectors
*/
linked_list_t *(*get_traffic_selectors) (ts_payload_t *this);
/**
- * @brief Destroys an ts_payload_t object.
- *
- * @param this ts_payload_t object to destroy
+ * Destroys an ts_payload_t object.
*/
void (*destroy) (ts_payload_t *this);
};
/**
- * @brief Creates an empty ts_payload_t object.
- *
+ * Creates an empty ts_payload_t object.
*
* @param is_initiator
* - TRUE if this payload is of type TSi
* - FALSE if this payload is of type TSr
* @return ts_payload_t object
- *
- * @ingroup payloads
*/
ts_payload_t *ts_payload_create(bool is_initiator);
/**
- * @brief Creates ts_payload with a list of traffic_selector_t
- *
+ * Creates ts_payload with a list of traffic_selector_t
*
* @param is_initiator
* - TRUE if this payload is of type TSi
* - FALSE if this payload is of type TSr
* @param traffic_selectors list of traffic selectors to include
* @return ts_payload_t object
- *
- * @ingroup payloads
*/
-ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator, linked_list_t *traffic_selectors);
-
+ts_payload_t *ts_payload_create_from_traffic_selectors(bool is_initiator,
+ linked_list_t *traffic_selectors);
-#endif /* TS_PAYLOAD_H_ */
+#endif /* TS_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/unknown_payload.c b/src/charon/encoding/payloads/unknown_payload.c
index bbe736085..8a8db308d 100644
--- a/src/charon/encoding/payloads/unknown_payload.c
+++ b/src/charon/encoding/payloads/unknown_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file unknown_payload.c
- *
- * @brief Implementation of unknown_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: unknown_payload.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stddef.h>
diff --git a/src/charon/encoding/payloads/unknown_payload.h b/src/charon/encoding/payloads/unknown_payload.h
index 8d13a03a3..045448f06 100644
--- a/src/charon/encoding/payloads/unknown_payload.h
+++ b/src/charon/encoding/payloads/unknown_payload.h
@@ -1,10 +1,3 @@
-/**
- * @file unknown_payload.h
- *
- * @brief Interface of unknown_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: unknown_payload.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup unknown_payload unknown_payload
+ * @{ @ingroup payloads
*/
#ifndef UNKNOWN_PAYLOAD_H_
@@ -31,22 +31,15 @@ typedef struct unknown_payload_t unknown_payload_t;
/**
* Header length of the unknown payload.
- *
- * @ingroup payloads
*/
#define UNKNOWN_PAYLOAD_HEADER_LENGTH 4
/**
- * @brief Payload which can't be processed further.
+ * Payload which can't be processed further.
*
* When the parser finds an unknown payload, he builds an instance of
* this class. This allows further processing of this payload, such as
* a check for the critical bit in the header.
- *
- * @b Constructors:
- * - unknown_payload_create()
- *
- * @ingroup payloads
*/
struct unknown_payload_t {
@@ -56,40 +49,33 @@ struct unknown_payload_t {
payload_t payload_interface;
/**
- * @brief Get the raw data of this payload, without
+ * Get the raw data of this payload, without
* the generic payload header.
*
* Returned data are NOT copied and must not be freed.
*
- * @param this calling unknown_payload_t object
* @return data as chunk_t
*/
chunk_t (*get_data) (unknown_payload_t *this);
/**
- * @brief Get the critical flag.
+ * Get the critical flag.
*
- * @param this calling unknown_payload_t object
* @return TRUE if payload is critical, FALSE if not
*/
bool (*is_critical) (unknown_payload_t *this);
/**
- * @brief Destroys an unknown_payload_t object.
- *
- * @param this unknown_payload_t object to destroy
+ * Destroys an unknown_payload_t object.
*/
void (*destroy) (unknown_payload_t *this);
};
/**
- * @brief Creates an empty unknown_payload_t object.
+ * Creates an empty unknown_payload_t object.
*
* @return unknown_payload_t object
- *
- * @ingroup payloads
*/
unknown_payload_t *unknown_payload_create(void);
-
-#endif /* UNKNOWN_PAYLOAD_H_ */
+#endif /* UNKNOWN_PAYLOAD_H_ @} */
diff --git a/src/charon/encoding/payloads/vendor_id_payload.c b/src/charon/encoding/payloads/vendor_id_payload.c
index e3a4d2e1f..3eacc1a72 100644
--- a/src/charon/encoding/payloads/vendor_id_payload.c
+++ b/src/charon/encoding/payloads/vendor_id_payload.c
@@ -1,10 +1,3 @@
-/**
- * @file vendor_id_payload.c
- *
- * @brief Implementation of vendor_id_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: vendor_id_payload.c 3589 2008-03-13 14:14:44Z martin $
*/
#include <stddef.h>
diff --git a/src/charon/encoding/payloads/vendor_id_payload.h b/src/charon/encoding/payloads/vendor_id_payload.h
index c7eebc155..e489bfd5a 100644
--- a/src/charon/encoding/payloads/vendor_id_payload.h
+++ b/src/charon/encoding/payloads/vendor_id_payload.h
@@ -1,10 +1,3 @@
-/**
- * @file vendor_id_payload.h
- *
- * @brief Interface of vendor_id_payload_t.
- *
- */
-
/*
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
@@ -19,6 +12,13 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * $Id: vendor_id_payload.h 3589 2008-03-13 14:14:44Z martin $
+ */
+
+/**
+ * @defgroup vendor_id_payload vendor_id_payload
+ * @{ @ingroup payloads
*/
#ifndef VENDOR_ID_PAYLOAD_H_
@@ -31,21 +31,14 @@ typedef struct vendor_id_payload_t vendor_id_payload_t;
/**
* Length of a VENDOR ID payload without the VID data in bytes.
- *
- * @ingroup payloads
*/
#define VENDOR_ID_PAYLOAD_HEADER_LENGTH 4
/**
- * @brief Class representing an IKEv2 VENDOR ID payload.
+ * Class representing an IKEv2 VENDOR ID payload.
*
* The VENDOR ID payload format is described in RFC section 3.12.
- *
- * @b Constructors:
- * - vendor_id_payload_create()
- *
- * @ingroup payloads
*/
struct vendor_id_payload_t {
/**
@@ -54,51 +47,43 @@ struct vendor_id_payload_t {
payload_t payload_interface;
/**
- * @brief Set the VID data.
+ * Set the VID data.
*
* Data are getting cloned.
*
- * @param this calling vendor_id_payload_t object
* @param data VID data as chunk_t
*/
void (*set_data) (vendor_id_payload_t *this, chunk_t data);
/**
- * @brief Get the VID data.
+ * Get the VID data.
*
* Returned data are a copy of the internal one.
*
- * @param this calling vendor_id_payload_t object
* @return VID data as chunk_t
*/
chunk_t (*get_data_clone) (vendor_id_payload_t *this);
/**
- * @brief Get the VID data.
+ * Get the VID data.
*
* Returned data are NOT copied.
*
- * @param this calling vendor_id_payload_t object
* @return VID data as chunk_t
*/
chunk_t (*get_data) (vendor_id_payload_t *this);
/**
- * @brief Destroys an vendor_id_payload_t object.
- *
- * @param this vendor_id_payload_t object to destroy
+ * Destroys an vendor_id_payload_t object.
*/
void (*destroy) (vendor_id_payload_t *this);
};
/**
- * @brief Creates an empty vendor_id_payload_t object.
+ * Creates an empty vendor_id_payload_t object.
*
* @return vendor_id_payload_t object
- *
- * @ingroup payloads
*/
vendor_id_payload_t *vendor_id_payload_create(void);
-
-#endif /* VENDOR_ID_PAYLOAD_H_ */
+#endif /* VENDOR_ID_PAYLOAD_H_ @} */