1 files changed, 44 insertions, 31 deletions
diff --git a/src/charon/sa/authenticators/authenticator.h b/src/charon/sa/authenticators/authenticator.h
index c7b0fc81a..3c961d23e 100644
--- a/src/charon/sa/authenticators/authenticator.h
+++ b/src/charon/sa/authenticators/authenticator.h
@@ -1,11 +1,5 @@
-/**
- * @file authenticator.h
- *
- * @brief Interface of authenticator_t.
- *
- */
-
 /*
+ * Copyright (C) 2008 Tobias Brunner
  * Copyright (C) 2005-2006 Martin Willi
  * Copyright (C) 2005 Jan Hutter
  * Hochschule fuer Technik Rapperswil
@@ -19,6 +13,13 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
+ *
+ * $Id: authenticator.h 4051 2008-06-10 09:08:27Z tobias $
+ */
+
+/**
+ * @defgroup authenticator authenticator
+ * @{ @ingroup authenticators
  */
 
 #ifndef AUTHENTICATOR_H_
@@ -29,12 +30,11 @@ typedef struct authenticator_t authenticator_t;
 
 #include <library.h>
 #include <sa/ike_sa.h>
+#include <config/peer_cfg.h>
 #include <encoding/payloads/auth_payload.h>
 
 /**
  * Method to use for authentication.
- *
- * @ingroup authenticators
  */
 enum auth_method_t {
 	/**
@@ -57,6 +57,21 @@ enum auth_method_t {
 	AUTH_DSS = 3,
 	
 	/**
+	 * ECDSA with SHA-256 on the P-256 curve as specified in RFC 4754
+	 */
+	AUTH_ECDSA_256 = 9,
+	
+	/**
+	 * ECDSA with SHA-384 on the P-384 curve as specified in RFC 4754
+	 */
+	AUTH_ECDSA_384 = 10,
+	
+	/**
+	 * ECDSA with SHA-512 on the P-521 curve as specified in RFC 4754
+	 */
+	AUTH_ECDSA_521 = 11,
+	
+	/**
 	 * EAP authentication. This value is never negotiated and therefore
 	 * a value from private use.
 	 */
@@ -65,29 +80,22 @@ enum auth_method_t {
 
 /**
  * enum names for auth_method_t.
- *
- * @ingroup authenticators
  */
 extern enum_name_t *auth_method_names;
 
 /**
- * @brief Authenticator interface implemented by the various authenticators.
+ * Authenticator interface implemented by the various authenticators.
  *
  * Currently the following two AUTH methods are supported:
- *  - shared key message integrity code (AUTH_PSK)
- *  - RSA digital signature (AUTH_RSA)
- *
- * @b Constructors:
- *  - authenticator_create()
- *
- * @ingroup authenticators
+ *  - shared key message integrity code
+ *  - RSA digital signature
+ *  - ECDSA is supported using OpenSSL
  */
 struct authenticator_t {
 
 	/**
-	 * @brief Verify a received authentication payload.
+	 * Verify a received authentication payload.
 	 *
-	 * @param this 				calling object
 	 * @param ike_sa_init		binary representation of received ike_sa_init
 	 * @param my_nonce			the sent nonce
 	 * @param auth_payload		authentication payload to verify
@@ -102,9 +110,8 @@ struct authenticator_t {
 						chunk_t my_nonce, auth_payload_t *auth_payload);
 
 	/**
-	 * @brief Build an authentication payload to send to the other peer.
+	 * Build an authentication payload to send to the other peer.
 	 *
-	 * @param this 				calling object
 	 * @param ike_sa_init		binary representation of sent ike_sa_init
 	 * @param other_nonce		the received nonce
 	 * @param[out] auth_payload	the resulting authentication payload
@@ -117,23 +124,29 @@ struct authenticator_t {
 					   chunk_t other_nonce, auth_payload_t **auth_payload);
 
 	/**
-	 * @brief Destroys a authenticator_t object.
-	 *
-	 * @param this 				calling object
+	 * Destroys a authenticator_t object.
 	 */
 	void (*destroy) (authenticator_t *this);
 };
 
 /**
- * @brief Creates an authenticator for the specified auth method.
+ * Creates an authenticator for the specified auth method (as configured).
  *
  * @param ike_sa		associated ike_sa
  * @param auth_method	authentication method to use for build()/verify()
  *
  * @return				authenticator_t object
- *
- * @ingroup authenticators
  */
-authenticator_t *authenticator_create(ike_sa_t *ike_sa, auth_method_t auth_method);
+authenticator_t *authenticator_create(ike_sa_t *ike_sa, config_auth_method_t auth_method);
+
+/**
+ * Creates an authenticator from the given auth payload.
+ * 
+ * @param ike_sa		associated ike_sa
+ * @param auth_payload	auth payload
+ * 
+ * @return				authenticator_t object
+ */
+authenticator_t *authenticator_create_from_auth_payload(ike_sa_t *ike_sa, auth_payload_t *auth_payload);
 
-#endif /* AUTHENTICATOR_H_ */
+#endif /* AUTHENTICATOR_H_ @} */