moved typedefs to beginning of files to solve some include problems
authorMartin Willi <martin@strongswan.org>
Mon, 30 Oct 2006 14:07:05 +0000 (14:07 -0000)
committerMartin Willi <martin@strongswan.org>
Mon, 30 Oct 2006 14:07:05 +0000 (14:07 -0000)
splitted authenticator to have a separate implementation for each auth_method_t
using va_copy to clone va_lists, should fix proplems on AMD64
some other cleanups

119 files changed:
src/charon/Makefile.am
src/charon/bus/bus.c
src/charon/bus/bus.h
src/charon/bus/listeners/file_logger.h
src/charon/bus/listeners/sys_logger.h
src/charon/config/configuration.h
src/charon/config/connections/connection.h
src/charon/config/connections/connection_store.h
src/charon/config/connections/local_connection_store.h
src/charon/config/credentials/credential_store.h
src/charon/config/credentials/local_credential_store.c
src/charon/config/credentials/local_credential_store.h
src/charon/config/policies/local_policy_store.h
src/charon/config/policies/policy.c
src/charon/config/policies/policy.h
src/charon/config/policies/policy_store.h
src/charon/config/proposal.h
src/charon/config/traffic_selector.h
src/charon/daemon.h
src/charon/encoding/generator.h
src/charon/encoding/message.h
src/charon/encoding/parser.h
src/charon/encoding/payloads/auth_payload.c
src/charon/encoding/payloads/auth_payload.h
src/charon/encoding/payloads/cert_payload.h
src/charon/encoding/payloads/certreq_payload.h
src/charon/encoding/payloads/configuration_attribute.h
src/charon/encoding/payloads/cp_payload.h
src/charon/encoding/payloads/delete_payload.h
src/charon/encoding/payloads/eap_payload.h
src/charon/encoding/payloads/encodings.h
src/charon/encoding/payloads/encryption_payload.h
src/charon/encoding/payloads/id_payload.h
src/charon/encoding/payloads/ike_header.h
src/charon/encoding/payloads/ke_payload.h
src/charon/encoding/payloads/nonce_payload.h
src/charon/encoding/payloads/notify_payload.h
src/charon/encoding/payloads/payload.h
src/charon/encoding/payloads/proposal_substructure.h
src/charon/encoding/payloads/sa_payload.h
src/charon/encoding/payloads/traffic_selector_substructure.h
src/charon/encoding/payloads/transform_attribute.h
src/charon/encoding/payloads/transform_substructure.h
src/charon/encoding/payloads/ts_payload.h
src/charon/encoding/payloads/unknown_payload.h
src/charon/encoding/payloads/vendor_id_payload.h
src/charon/network/packet.h
src/charon/network/socket.h
src/charon/queues/event_queue.h
src/charon/queues/job_queue.h
src/charon/queues/jobs/acquire_job.h
src/charon/queues/jobs/delete_child_sa_job.h
src/charon/queues/jobs/delete_ike_sa_job.h
src/charon/queues/jobs/incoming_packet_job.h
src/charon/queues/jobs/initiate_job.h
src/charon/queues/jobs/job.h
src/charon/queues/jobs/rekey_child_sa_job.h
src/charon/queues/jobs/rekey_ike_sa_job.h
src/charon/queues/jobs/retransmit_request_job.h
src/charon/queues/jobs/route_job.h
src/charon/queues/jobs/send_dpd_job.h
src/charon/queues/jobs/send_keepalive_job.h
src/charon/queues/send_queue.h
src/charon/sa/authenticator.c [deleted file]
src/charon/sa/authenticator.h [deleted file]
src/charon/sa/authenticators/authenticator.c [new file with mode: 0644]
src/charon/sa/authenticators/authenticator.h [new file with mode: 0644]
src/charon/sa/authenticators/psk_authenticator.c [new file with mode: 0644]
src/charon/sa/authenticators/psk_authenticator.h [new file with mode: 0644]
src/charon/sa/authenticators/rsa_authenticator.c [new file with mode: 0644]
src/charon/sa/authenticators/rsa_authenticator.h [new file with mode: 0644]
src/charon/sa/child_sa.c
src/charon/sa/child_sa.h
src/charon/sa/ike_sa.c
src/charon/sa/ike_sa.h
src/charon/sa/ike_sa_id.h
src/charon/sa/ike_sa_manager.h
src/charon/sa/transactions/create_child_sa.c
src/charon/sa/transactions/create_child_sa.h
src/charon/sa/transactions/dead_peer_detection.h
src/charon/sa/transactions/delete_child_sa.c
src/charon/sa/transactions/delete_child_sa.h
src/charon/sa/transactions/delete_ike_sa.h
src/charon/sa/transactions/ike_auth.c
src/charon/sa/transactions/ike_auth.h
src/charon/sa/transactions/ike_sa_init.h
src/charon/sa/transactions/rekey_ike_sa.c
src/charon/sa/transactions/rekey_ike_sa.h
src/charon/sa/transactions/transaction.h
src/charon/threads/kernel_interface.h
src/charon/threads/receiver.h
src/charon/threads/scheduler.h
src/charon/threads/sender.h
src/charon/threads/stroke_interface.h
src/charon/threads/thread_pool.h
src/libstrongswan/crypto/certinfo.h
src/libstrongswan/crypto/crl.h
src/libstrongswan/crypto/crypters/aes_cbc_crypter.h
src/libstrongswan/crypto/crypters/crypter.h
src/libstrongswan/crypto/crypters/des_crypter.h
src/libstrongswan/crypto/diffie_hellman.h
src/libstrongswan/crypto/hashers/hasher.h
src/libstrongswan/crypto/hashers/md5_hasher.h
src/libstrongswan/crypto/hashers/sha1_hasher.h
src/libstrongswan/crypto/hashers/sha2_hasher.h
src/libstrongswan/crypto/hmac.h
src/libstrongswan/crypto/prf_plus.h
src/libstrongswan/crypto/prfs/hmac_prf.h
src/libstrongswan/crypto/prfs/prf.h
src/libstrongswan/crypto/rsa/rsa_private_key.h
src/libstrongswan/crypto/rsa/rsa_public_key.h
src/libstrongswan/crypto/signers/hmac_signer.h
src/libstrongswan/crypto/signers/signer.h
src/libstrongswan/crypto/x509.h
src/libstrongswan/utils/host.h
src/libstrongswan/utils/identification.h
src/libstrongswan/utils/iterator.h
src/libstrongswan/utils/linked_list.h
src/libstrongswan/utils/randomizer.h

index 85e6264..913556f 100644 (file)
@@ -21,8 +21,11 @@ sa/transactions/delete_child_sa.h sa/transactions/delete_child_sa.c \
 sa/transactions/dead_peer_detection.h sa/transactions/dead_peer_detection.c \
 sa/transactions/delete_ike_sa.h sa/transactions/delete_ike_sa.c \
 sa/transactions/rekey_ike_sa.h sa/transactions/rekey_ike_sa.c \
+sa/authenticators/authenticator.h sa/authenticators/authenticator.c \
+sa/authenticators/rsa_authenticator.h sa/authenticators/rsa_authenticator.c \
+sa/authenticators/psk_authenticator.h sa/authenticators/psk_authenticator.c \
 sa/child_sa.c sa/child_sa.h sa/ike_sa.c sa/ike_sa.h sa/ike_sa_manager.c sa/ike_sa_manager.h \
-sa/ike_sa_id.c sa/ike_sa_id.h sa/authenticator.c sa/authenticator.h encoding/payloads/encryption_payload.c \
+sa/ike_sa_id.c sa/ike_sa_id.h encoding/payloads/encryption_payload.c \
 encoding/payloads/cert_payload.c encoding/payloads/payload.h encoding/payloads/traffic_selector_substructure.c \
 encoding/payloads/configuration_attribute.h encoding/payloads/proposal_substructure.h \
 encoding/payloads/transform_attribute.c encoding/payloads/transform_attribute.h \
index 0aff0f3..183263f 100644 (file)
@@ -161,10 +161,10 @@ static int get_thread_number(private_bus_t *this)
 {
        static int current_num = 0, stored_num;
        
-       stored_num = (int)pthread_getspecific(this->thread_id);
+       stored_num = (int)(intptr_t)pthread_getspecific(this->thread_id);
        if (stored_num == 0)
        {       /* first call of current thread */
-               pthread_setspecific(this->thread_id, (void*)++current_num);
+               pthread_setspecific(this->thread_id, (void*)(intptr_t)++current_num);
                return current_num;
        }
        else
@@ -237,7 +237,8 @@ static signal_t listen_(private_bus_t *this, level_t *level, int *thread,
        *thread = listener->thread;
        *ike_sa = listener->ike_sa;
        *format = listener->format;
-       *args   = listener->args;
+       va_copy(*args, listener->args);
+       va_end(listener->args);
        
        return listener->signal;
 }
@@ -285,7 +286,7 @@ static void vsignal(private_bus_t *this, signal_t signal, level_t level,
        bus_listener_t *listener;
        active_listener_t *active_listener;
        ike_sa_t *ike_sa;
-       int thread;
+       long thread;
        
        ike_sa = pthread_getspecific(this->thread_sa);
        thread = get_thread_number(this);
@@ -336,7 +337,6 @@ static void vsignal(private_bus_t *this, signal_t signal, level_t level,
                {
                        pthread_cond_wait(&active_listener->cond, &this->mutex);
                }
-               va_end(active_listener->args);
        }
        iterator->destroy(iterator);
        
index e1b4f55..cd5ca37 100644 (file)
 #ifndef BUS_H_
 #define BUS_H_
 
+typedef enum signal_t signal_t;
+typedef enum level_t level_t;
+typedef struct bus_listener_t bus_listener_t;
+typedef struct bus_t bus_t;
+
 #include <stdarg.h>
 
 #include <sa/ike_sa.h>
 #include <sa/child_sa.h>
 
 
-typedef enum signal_t signal_t;
-
 /**
  * @brief signals emitted by the daemon.
  *
@@ -123,8 +126,6 @@ enum signal_t {
  */
 extern enum_name_t *signal_names;
 
-typedef enum level_t level_t;
-
 /**
  * Signal levels used to control output verbosity.
  */
@@ -179,8 +180,6 @@ enum level_t {
 #define SIG_TYPE(sig) (sig > DBG_MAX ? SIG_ANY : sig)
 
 
-typedef struct bus_listener_t bus_listener_t;
-
 /**
  * @brief Interface for registering at the signal bus.
  *
@@ -213,9 +212,6 @@ struct bus_listener_t {
                                        int thread, ike_sa_t *ike_sa, char* format, va_list args);
 };
 
-
-typedef struct bus_t bus_t;
-
 /**
  * @brief Signal bus which sends signals to registered listeners.
  *
index 919c8f0..d67daba 100644 (file)
 #ifndef FILE_LOGGER_H_
 #define FILE_LOGGER_H_
 
-#include <bus/bus.h>
-
-
 typedef struct file_logger_t file_logger_t;
 
+#include <bus/bus.h>
+
 /**
  * @brief Logger to files which implements bus_listener_t.
- * 
+ *
  * @b Constructors:
  *  - file_logger_create()
- * 
+ *
  * @ingroup listeners
  */
 struct file_logger_t {
index ff0b9ba..0912173 100644 (file)
 #ifndef SYS_LOGGER_H_
 #define SYS_LOGGER_H_
 
+typedef struct sys_logger_t sys_logger_t;
+
 #include <syslog.h>
 
 #include <bus/bus.h>
 
-
-typedef struct sys_logger_t sys_logger_t;
-
 /**
  * @brief Logger for syslog which implements bus_listener_t.
- * 
+ *
  * @b Constructors:
  *  - sys_logger_create()
- * 
+ *
  * @ingroup listeners
  */
 struct sys_logger_t {
index ee25872..57e4885 100755 (executable)
 #ifndef CONFIGURATION_H_
 #define CONFIGURATION_H_
 
-#include <types.h>
-
-
 typedef struct configuration_t configuration_t;
 
+#include <types.h>
+
 /**
  * @brief The interface for various daemon related configs.
  * 
index 7605130..3f552d9 100644 (file)
@@ -24,6 +24,9 @@
 #ifndef CONNECTION_H_
 #define CONNECTION_H_
 
+typedef enum cert_policy_t cert_policy_t;
+typedef struct connection_t connection_t;
+
 #include <types.h>
 #include <utils/host.h>
 #include <utils/linked_list.h>
@@ -31,7 +34,6 @@
 #include <config/proposal.h>
 #include <crypto/diffie_hellman.h>
 
-typedef enum cert_policy_t cert_policy_t;
 
 /**
  * Certificate sending policy. This is also used for certificate
@@ -60,16 +62,12 @@ enum cert_policy_t {
  */
 extern enum_name_t *cert_policy_names;
 
-
-typedef struct connection_t connection_t;
-
 /**
  * @brief A connection_t defines the rules to set up an IKE_SA.
  *
- *
  * @b Constructors:
  *  - connection_create()
- * 
+ *
  * @ingroup config
  */
 struct connection_t {
index 9e6c0ef..1e73bd0 100755 (executable)
 #ifndef CONNECTION_STORE_H_
 #define CONNECTION_STORE_H_
 
+typedef struct connection_store_t connection_store_t;
+
 #include <types.h>
 #include <config/connections/connection.h>
 #include <utils/iterator.h>
 
-
-typedef struct connection_store_t connection_store_t;
-
 /**
  * @brief The interface for a store of connection_t's.
  *
index 6e73ef9..e36a66c 100644 (file)
 #ifndef LOCAL_CONNECTION_H_
 #define LOCAL_CONNECTION_H_
 
+typedef struct local_connection_store_t local_connection_store_t;
+
 #include <types.h>
 #include <config/connections/connection_store.h>
 
-
-typedef struct local_connection_store_t local_connection_store_t;
-
 /**
  * @brief A connection_store_t implementation using a simple connection list.
  *
index 2394a0f..e991ce3 100755 (executable)
@@ -24,6 +24,8 @@
 #ifndef CREDENTIAL_STORE_H_
 #define CREDENTIAL_STORE_H_
 
+typedef struct credential_store_t credential_store_t;
+
 #include <types.h>
 #include <crypto/x509.h>
 #include <crypto/rsa/rsa_private_key.h>
 #include <utils/identification.h>
 
 
-typedef struct credential_store_t credential_store_t;
-
 /**
  * @brief The interface for a credential_store backend.
- * 
+ *
  * @b Constructors:
- *     - stroke_create()
- * 
+ *  - stroke_create()
+ *
  * @ingroup config
  */
 struct credential_store_t { 
index f984082..3f4267a 100644 (file)
@@ -1125,7 +1125,7 @@ local_credential_store_t * local_credential_store_create(bool strict)
        this->public.credential_store.get_trusted_public_key = (rsa_public_key_t*(*)(credential_store_t*,identification_t*))get_trusted_public_key;
        this->public.credential_store.get_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_certificate;
        this->public.credential_store.get_ca_certificate = (x509_t* (*) (credential_store_t*,identification_t*))get_ca_certificate;
-       this->public.credential_store.get_ca_certificate_by_keyid = (x509_t* (*) (credential_store_t*,identification_t*))get_ca_certificate_by_keyid;
+       this->public.credential_store.get_ca_certificate_by_keyid = (x509_t* (*) (credential_store_t*,chunk_t))get_ca_certificate_by_keyid;
        this->public.credential_store.get_issuer_certificate = (x509_t* (*) (credential_store_t*,const x509_t*))get_issuer_certificate;
        this->public.credential_store.verify = (bool (*) (credential_store_t*,x509_t*,bool*))verify;
        this->public.credential_store.add_end_certificate = (x509_t* (*) (credential_store_t*,x509_t*))add_end_certificate;
index f27fe0c..05ad5f5 100644 (file)
 #ifndef LOCAL_CREDENTIAL_H_
 #define LOCAL_CREDENTIAL_H_
 
+typedef struct local_credential_store_t local_credential_store_t;
+
 #include <types.h>
 #include <daemon.h>
 #include <config/credentials/credential_store.h>
 
 
-typedef struct local_credential_store_t local_credential_store_t;
-
 /**
  * @brief A credential_store_t implementation using simple credentail lists.
  *
index ce9b33d..5834b8e 100644 (file)
 #ifndef LOCAL_POLICY_STORE_H_
 #define LOCAL_POLICY_STORE_H_
 
+typedef struct local_policy_store_t local_policy_store_t;
+
 #include <types.h>
 #include <config/policies/policy_store.h>
 
 
-typedef struct local_policy_store_t local_policy_store_t;
-
 /**
  * @brief A policy_store_t implementation using a simple policy lists.
  *
index 70beb1c..b52ae33 100644 (file)
 #include <utils/linked_list.h>
 #include <utils/identification.h>
 
-ENUM(auth_method_names, RSA_DIGITAL_SIGNATURE, DSS_DIGITAL_SIGNATURE,
-       "RSA signature",
-       "pre-shared key",
-       "DSS signature"
-);
-
-
 ENUM(dpd_action_names, DPD_NONE, DPD_RESTART,
        "DPD_NONE",
        "DPD_CLEAR",
index 3980d1d..279ce93 100644 (file)
 #ifndef POLICY_H_
 #define POLICY_H_
 
+typedef enum dpd_action_t dpd_action_t;
+typedef struct policy_t policy_t;
+
 #include <types.h>
 #include <utils/identification.h>
 #include <config/traffic_selector.h>
 #include <config/proposal.h>
+#include <sa/authenticators/authenticator.h>
 
-typedef enum auth_method_t auth_method_t;
-
-/**
- * AUTH Method to use.
- * 
- * @ingroup config
- */
-enum auth_method_t {
-       /**
-        * Computed as specified in section 2.15 of RFC using 
-        * an RSA private key over a PKCS#1 padded hash.
-        */
-       RSA_DIGITAL_SIGNATURE = 1,
-       
-       /** 
-        * Computed as specified in section 2.15 of RFC using the 
-        * shared key associated with the identity in the ID payload 
-        * and the negotiated prf function
-        */
-       SHARED_KEY_MESSAGE_INTEGRITY_CODE = 2,
-       
-       /**
-        * Computed as specified in section 2.15 of RFC using a 
-        * DSS private key over a SHA-1 hash.
-        */
-       DSS_DIGITAL_SIGNATURE = 3,
-};
-
-/**
- * enum names for auth_method_t.
- *
- * @ingroup config
- */
-extern enum_name_t *auth_method_names;
-
-
-typedef enum dpd_action_t dpd_action_t;
 
 /**
  * @brief Actions to take when a peer does not respond (dead peer detected).
@@ -90,18 +57,15 @@ enum dpd_action_t {
  */
 extern enum_name_t *dpd_action_names;
 
-
-typedef struct policy_t policy_t;
-
 /**
  * @brief A policy_t defines the policies to apply to CHILD_SAs.
- * 
+ *
  * The given two IDs identify a policy. These rules define how
  * child SAs may be set up and which traffic may be IPsec'ed.
- * 
+ *
  * @b Constructors:
  *   - policy_create()
- * 
+ *
  * @ingroup config
  */
 struct policy_t {
index a09263b..4796908 100755 (executable)
 #ifndef POLICY_STORE_H_
 #define POLICY_STORE_H_
 
+typedef struct policy_store_t policy_store_t;
+
 #include <types.h>
 #include <config/policies/policy.h>
 #include <utils/linked_list.h>
 
 
-typedef struct policy_store_t policy_store_t;
-
 /**
  * @brief The interface for a store of policy_t's.
  *
index 5ce19e9..6099eca 100644 (file)
 #ifndef PROPOSAL_H_
 #define PROPOSAL_H_
 
+typedef enum protocol_id_t protocol_id_t;
+typedef enum transform_type_t transform_type_t;
+typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
+typedef struct algorithm_t algorithm_t;
+typedef struct proposal_t proposal_t;
+
 #include <types.h>
 #include <utils/identification.h>
 #include <utils/linked_list.h>
 #include <crypto/diffie_hellman.h>
 #include <config/traffic_selector.h>
 
-
-typedef enum protocol_id_t protocol_id_t;
-
 /**
  * Protocol ID of a proposal.
- * 
+ *
  * @ingroup config
  */
 enum protocol_id_t {
@@ -55,11 +58,9 @@ enum protocol_id_t {
 extern enum_name_t *protocol_id_names;
 
 
-typedef enum transform_type_t transform_type_t;
-
 /**
  * Type of a transform, as in IKEv2 RFC 3.3.2.
- * 
+ *
  * @ingroup config
  */
 enum transform_type_t {
@@ -79,11 +80,9 @@ enum transform_type_t {
 extern enum_name_t *transform_type_names;
 
 
-typedef enum extended_sequence_numbers_t extended_sequence_numbers_t;
-
-/** 
+/**
  * Extended sequence numbers, as in IKEv2 RFC 3.3.2.
- * 
+ *
  * @ingroup config
  */
 enum extended_sequence_numbers_t {
@@ -99,7 +98,6 @@ enum extended_sequence_numbers_t {
 extern enum_name_t *extended_sequence_numbers_names;
 
 
-typedef struct algorithm_t algorithm_t;
 
 /**
  * Struct used to store different kinds of algorithms. The internal
@@ -117,8 +115,6 @@ struct algorithm_t {
        u_int16_t key_size;
 };
 
-typedef struct proposal_t proposal_t;
-
 /**
  * @brief Stores a set of algorithms used for an SA.
  * 
index ef1b832..09fdaf6 100644 (file)
@@ -24,6 +24,9 @@
 #ifndef TRAFFIC_SELECTOR_H_
 #define TRAFFIC_SELECTOR_H_
 
+typedef enum ts_type_t ts_type_t;
+typedef struct traffic_selector_t traffic_selector_t;
+
 #include <types.h>
 #include <utils/host.h>
 
@@ -32,8 +35,6 @@
  */
 #define TRAFFIC_SELECTOR_PRINTF_SPEC 'R'
 
-typedef enum ts_type_t ts_type_t;
-
 /**
  * Traffic selector types.
  * 
@@ -65,21 +66,18 @@ enum ts_type_t {
  */
 extern enum_name_t *ts_type_name;
 
-
-typedef struct traffic_selector_t traffic_selector_t;
-
 /**
  * @brief Object representing a traffic selector entry.
- * 
+ *
  * A traffic selector defines an range of addresses
  * and a range of ports. IPv6 is not fully supported yet.
- * 
+ *
  * @b Constructors:
  * - traffic_selector_create_from_bytes()
  * - traffic_selector_create_from_string()
- * 
+ *
  * @todo Add IPv6 support
- * 
+ *
  * @ingroup config
  */
 struct traffic_selector_t {
index 295f210..5b33498 100644 (file)
@@ -25,6 +25,8 @@
 #ifndef DAEMON_H_
 #define DAEMON_H_
 
+typedef struct daemon_t daemon_t;
+
 #include <threads/sender.h>
 #include <threads/receiver.h>
 #include <threads/scheduler.h>
  */
 #define SECRETS_FILE CONFIG_DIR "/ipsec.secrets"
 
-
-typedef struct daemon_t daemon_t;
-
 /**
  * @brief Main class of daemon, contains some globals.
- * 
+ *
  * @ingroup charon
- */ 
+ */
 struct daemon_t {
        /**
         * A socket_t instance.
index f0c31d6..924e1e6 100644 (file)
@@ -24,6 +24,8 @@
 #ifndef GENERATOR_H_
 #define GENERATOR_H_
 
+typedef struct generator_t generator_t;
+
 #include <types.h>
 #include <encoding/payloads/encodings.h>
 #include <encoding/payloads/payload.h>
 /**
  * Generating is done in a data buffer.
  * This is thehe start size of this buffer in bytes.
- * 
+ *
  * @ingroup enconding
  */
 #define GENERATOR_DATA_BUFFER_SIZE 500
 
 /**
  * Number of bytes to increase the buffer, if it is to small.
- * 
+ *
  * @ingroup enconding
  */
 #define GENERATOR_DATA_BUFFER_INCREASE_VALUE 500
 
 
-typedef struct generator_t generator_t;
-
 /**
  * @brief A generator_t class used to generate IKEv2 payloads.
- * 
+ *
  * After creation, multiple payloads can be generated with the generate_payload
  * method. The generated bytes are appended. After all payloads are added, 
  * the write_to_chunk method writes out all generated data since
index 3b91e8e..8b7e3c7 100644 (file)
@@ -25,6 +25,8 @@
 #ifndef MESSAGE_H_
 #define MESSAGE_H_
 
+typedef struct message_t message_t;
+
 #include <types.h>
 #include <sa/ike_sa_id.h>
 #include <network/packet.h>
@@ -39,9 +41,6 @@
  */
 #define MESSAGE_PRINTF_SPEC 'M'
 
-
-typedef struct message_t message_t;
-
 /**
  * @brief This class is used to represent an IKEv2-Message.
  *
index a78789b..bff3b50 100644 (file)
 #ifndef PARSER_H_
 #define PARSER_H_
 
+typedef struct parser_t parser_t;
+
 #include <types.h>
 #include <encoding/payloads/encodings.h>
 #include <encoding/payloads/payload.h>
 
-
-typedef struct parser_t parser_t;
-
 /**
  * @brief A parser_t class to parse IKEv2 payloads.
- * 
+ *
  * A parser is used for parsing one chunk of data. Multiple
  * payloads can be parsed out of the chunk using parse_payload.
  * The parser remains the state until destroyed.
- * 
+ *
  * @b Constructors:
  * - parser_create()
- * 
+ *
  * @ingroup encoding
  */
 struct parser_t {
index 55de405..5e35697 100644 (file)
@@ -70,7 +70,6 @@ struct private_auth_payload_t {
  * 
  * The defined offsets are the positions in a object of type 
  * private_auth_payload_t.
- * 
  */
 encoding_rule_t auth_payload_encodings[] = {
        /* 1 Byte next payload type, stored in the field next_payload */
@@ -78,23 +77,23 @@ encoding_rule_t auth_payload_encodings[] = {
        /* the critical bit */
        { FLAG,                         offsetof(private_auth_payload_t, critical)              },
        /* 7 Bit reserved bits, nowhere stored */
-       { RESERVED_BIT, 0                                                                                                       },
-       { RESERVED_BIT, 0                                                                                                       },
-       { RESERVED_BIT, 0                                                                                                       },
-       { RESERVED_BIT, 0                                                                                                       },
-       { RESERVED_BIT, 0                                                                                                       },
-       { RESERVED_BIT, 0                                                                                                       },
-       { RESERVED_BIT, 0                                                                                                       },
+       { RESERVED_BIT,         0                                                                                               },
+       { RESERVED_BIT,         0                                                                                               },
+       { RESERVED_BIT,         0                                                                                               },
+       { RESERVED_BIT,         0                                                                                               },
+       { RESERVED_BIT,         0                                                                                               },
+       { RESERVED_BIT,         0                                                                                               },
+       { RESERVED_BIT,         0                                                                                               },
        /* Length of the whole payload*/
        { PAYLOAD_LENGTH,       offsetof(private_auth_payload_t, payload_length)},
        /* 1 Byte AUTH type*/
        { U_INT_8,                      offsetof(private_auth_payload_t, auth_method)   },
        /* 3 reserved bytes */
-       { RESERVED_BYTE,        0                                                                                                       },
-       { RESERVED_BYTE,        0                                                                                                       },
-       { RESERVED_BYTE,        0                                                                                                       },
+       { RESERVED_BYTE,        0                                                                                               },
+       { RESERVED_BYTE,        0                                                                                               },
+       { RESERVED_BYTE,        0                                                                                               },
        /* some auth data bytes, length is defined in PAYLOAD_LENGTH */
-       { AUTH_DATA,                    offsetof(private_auth_payload_t, auth_data)             }
+       { AUTH_DATA,            offsetof(private_auth_payload_t, auth_data)     }
 };
 
 /*
@@ -116,8 +115,8 @@ encoding_rule_t auth_payload_encodings[] = {
  */
 static status_t verify(private_auth_payload_t *this)
 {
-       if ((this->auth_method == 0) ||
-               ((this->auth_method >= 4) && (this->auth_method <= 200)))
+       if (this->auth_method == 0 ||
+               (this->auth_method >= 4 && this->auth_method <= 200))
        {
                /* reserved IDs */
                return FAILED;
index 76fe534..7616a6e 100644 (file)
  * for more details.
  */
 
-
 #ifndef AUTH_PAYLOAD_H_
 #define AUTH_PAYLOAD_H_
 
+typedef struct auth_payload_t auth_payload_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
-#include <config/policies/policy.h>
+#include <sa/authenticators/authenticator.h>
 
 /**
  * Length of a auth payload without the auth data in bytes.
  */
 #define AUTH_PAYLOAD_HEADER_LENGTH 8
 
-
-typedef struct auth_payload_t auth_payload_t;
-
 /**
  * @brief Class representing an IKEv2 AUTH payload.
- * 
+ *
  * The AUTH payload format is described in RFC section 3.8.
- * 
+ *
  * @b Constructors:
  * - auth_payload_create()
- * 
+ *
  * @ingroup payloads
  */
 struct auth_payload_t {
index aaf0b85..c1ba0bd 100644 (file)
@@ -24,6 +24,9 @@
 #ifndef CERT_PAYLOAD_H_
 #define CERT_PAYLOAD_H_
 
+typedef enum cert_encoding_t cert_encoding_t;
+typedef struct cert_payload_t cert_payload_t;
+
 #include <types.h>
 #include <crypto/x509.h>
 #include <encoding/payloads/payload.h>
  */
 #define CERT_PAYLOAD_HEADER_LENGTH 5
 
-
-typedef enum cert_encoding_t cert_encoding_t;
-
 /**
  * @brief Certificate encoding, as described in IKEv2 RFC section 3.6
- * 
+ *
  * @ingroup payloads
  */
 enum cert_encoding_t {
@@ -66,11 +66,9 @@ enum cert_encoding_t {
  */
 extern enum_name_t *cert_encoding_names;
 
-typedef struct cert_payload_t cert_payload_t;
-
 /**
  * @brief Class representing an IKEv2 CERT payload.
- * 
+ *
  * The CERT payload format is described in RFC section 3.6.
  * This is just a dummy implementation to fullfill the standards
  * requirements. A full implementation would offer setters/getters
@@ -78,9 +76,9 @@ typedef struct cert_payload_t cert_payload_t;
  * 
  * @b Constructors:
  * - cert_payload_create()
- * 
+ *
  * @todo Implement setters/getters for the different certificate encodings.
- * 
+ *
  * @ingroup payloads
  */
 struct cert_payload_t {
index db3976a..e00d673 100644 (file)
@@ -24,6 +24,8 @@
 #ifndef CERTREQ_PAYLOAD_H_
 #define CERTREQ_PAYLOAD_H_
 
+typedef struct certreq_payload_t certreq_payload_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/cert_payload.h>
 #define CERTREQ_PAYLOAD_HEADER_LENGTH 5
 
 
-typedef struct certreq_payload_t certreq_payload_t;
-
 /**
  * @brief Class representing an IKEv2 CERTREQ payload.
- * 
+ *
  * The CERTREQ payload format is described in RFC section 3.7.
  * This is just a dummy implementation to fullfill the standards
  * requirements. A full implementation would offer setters/getters
  * for the different encoding types.
- * 
+ *
  * @b Constructors:
  * - certreq_payload_create()
- * 
+ *
  * @todo Implement payload functionality.
- * 
+ *
  * @ingroup payloads
  */
 struct certreq_payload_t {
index 5cd7b22..51abab6 100644 (file)
 #ifndef CONFIGURATION_ATTRIBUTE_H_
 #define CONFIGURATION_ATTRIBUTE_H_
 
+typedef enum configuration_attribute_type_t configuration_attribute_type_t;
+typedef struct configuration_attribute_t configuration_attribute_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 
 
-
 /**
  * Configuration attribute header length in bytes.
  * 
@@ -36,9 +38,6 @@
  */
 #define CONFIGURATION_ATTRIBUTE_HEADER_LENGTH 4
 
-
-typedef enum configuration_attribute_type_t configuration_attribute_type_t;
-
 /**
  * Type of the attribute, as in IKEv2 RFC 3.15.1.
  * 
@@ -68,8 +67,6 @@ enum configuration_attribute_type_t {
  */
 extern enum_name_t *configuration_attribute_type_names;
 
-typedef struct configuration_attribute_t configuration_attribute_t;
-
 /**
  * @brief Class representing an IKEv2-CONFIGURATION Attribute.
  * 
index 3391881..1978b69 100644 (file)
@@ -24,6 +24,9 @@
 #ifndef CP_PAYLOAD_H_
 #define CP_PAYLOAD_H_
 
+typedef enum config_type_t config_type_t;
+typedef struct cp_payload_t cp_payload_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/configuration_attribute.h>
  */
 #define CP_PAYLOAD_HEADER_LENGTH 8
 
-
-typedef enum config_type_t config_type_t;
-
 /**
  * Config Type of an Configuration Payload.
- * 
+ *
  * @ingroup payloads
  */
 enum config_type_t {
@@ -58,9 +58,6 @@ enum config_type_t {
  */
 extern enum_name_t *config_type_names;
 
-
-typedef struct cp_payload_t cp_payload_t;
-
 /**
  * @brief Class representing an IKEv2-CP Payload.
  * 
index 4a5af26..3484f02 100644 (file)
 #ifndef DELETE_PAYLOAD_H_
 #define DELETE_PAYLOAD_H_
 
+typedef struct delete_payload_t delete_payload_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/proposal_substructure.h>
 
 /**
  * Length of a delete payload without the SPI in bytes.
- * 
+ *
  * @ingroup payloads
  */
 #define DELETE_PAYLOAD_HEADER_LENGTH 8
 
-
-
-typedef struct delete_payload_t delete_payload_t;
-
 /**
  * @brief Class representing an IKEv2 DELETE payload.
- * 
+ *
  * The DELETE payload format is described in RFC section 3.11.
- * 
+ *
  * @b Constructors:
  * - delete_payload_create()
- * 
+ *
  * @todo Implement better setter/getters
- * 
+ *
  * @ingroup payloads
  */
 struct delete_payload_t {
index 6b93227..17af03d 100644 (file)
@@ -24,6 +24,8 @@
 #ifndef EAP_PAYLOAD_H_
 #define EAP_PAYLOAD_H_
 
+typedef struct eap_payload_t eap_payload_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 
  */
 #define EAP_PAYLOAD_HEADER_LENGTH 4
 
-
-typedef struct eap_payload_t eap_payload_t;
-
 /**
  * @brief Class representing an IKEv2 EAP payload.
- * 
+ *
  * The EAP payload format is described in RFC section 3.16.
  * 
  * @b Constructors:
  * - eap_payload_create()
- * 
+ *
  * @todo Implement functionality for this payload
- * 
+ *
  * @ingroup payloads
  */
 struct eap_payload_t {
index 24dc16f..d69de4f 100644 (file)
 #ifndef ENCODINGS_H_
 #define ENCODINGS_H_
 
-#include <types.h>
-#include <definitions.h>
+typedef enum encoding_type_t encoding_type_t;
+typedef struct encoding_rule_t encoding_rule_t;
 
 
-typedef enum encoding_type_t encoding_type_t;
+#include <types.h>
+#include <definitions.h>
 
 /**
  * @brief All different kinds of encoding types. 
@@ -36,12 +37,12 @@ typedef enum encoding_type_t encoding_type_t;
  * Each field of an IKEv2-Message (in header or payload) 
  * which has to be parsed or generated differently has its own
  * type defined here.
- * 
+ *
  * Header is parsed like a payload and gets its one payload_id 
  * from PRIVATE USE space. Also the substructures 
  * of specific payload types get their own payload_id 
  * from PRIVATE_USE space. See IKEv2-Draft for more informations.
- * 
+ *
  * @ingroup payloads
  */
 enum encoding_type_t {
@@ -505,9 +506,6 @@ enum encoding_type_t {
  */
 extern enum_name_t *encoding_type_names;
 
-
-typedef struct encoding_rule_t encoding_rule_t;
-
 /**
  * An encoding rule is a mapping of a specific encoding type to 
  * a location in the data struct where the current field is stored to
index 116d6f2..c0b476b 100644 (file)
@@ -23,6 +23,8 @@
 #ifndef ENCRYPTION_PAYLOAD_H_
 #define ENCRYPTION_PAYLOAD_H_
 
+typedef struct encryption_payload_t encryption_payload_t;
+
 #include <types.h>
 #include <crypto/crypters/crypter.h>
 #include <crypto/signers/signer.h>
 #define ENCRYPTION_PAYLOAD_HEADER_LENGTH 4
 
 
-typedef struct encryption_payload_t encryption_payload_t;
-
-/** 
+/**
  * @brief The encryption payload as described in RFC section 3.14.
- * 
+ *
  * Before any crypt/decrypt/sign/verify operation can occur, 
  * the transforms must be set. After that, a parsed encryption payload
  * can be decrypted, which also will parse the contained payloads.
@@ -51,10 +51,10 @@ typedef struct encryption_payload_t encryption_payload_t;
  * must be builded after generation of all payloads and the encryption
  * of the encryption payload.
  * Signature verificatin is done before decryption.
- * 
+ *
  * @b Constructors:
  * - encryption_payload_create()
- * 
+ *
  * @ingroup payloads
  */
 struct encryption_payload_t {
index 1840c1a..01c6a4e 100644 (file)
@@ -25,6 +25,8 @@
 #ifndef ID_PAYLOAD_H_
 #define ID_PAYLOAD_H_
 
+typedef struct id_payload_t id_payload_t;
+
 #include <types.h>
 #include <utils/identification.h>
 #include <encoding/payloads/payload.h>
  */
 #define ID_PAYLOAD_HEADER_LENGTH 8
 
-
-typedef struct id_payload_t id_payload_t;
-
 /**
  * Object representing an IKEv2 ID payload.
- * 
+ *
  * The ID payload format is described in RFC section 3.5.
- * 
+ *
  * @b Constructors:
  * - id_payload_create_from_identification()
  * - id_payload_create()
- * 
+ *
  * @ingroup payloads
  */
 struct id_payload_t {
index 7bb380d..4cf253f 100644 (file)
@@ -24,6 +24,9 @@
 #ifndef IKE_HEADER_H_
 #define IKE_HEADER_H_
 
+typedef enum exchange_type_t exchange_type_t;
+typedef struct ike_header_t ike_header_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 
@@ -55,8 +58,6 @@
  */
 #define IKE_HEADER_LENGTH 28
 
-typedef enum exchange_type_t exchange_type_t;
-
 /**
  * @brief Different types of IKE-Exchanges.
  *
@@ -99,9 +100,6 @@ enum exchange_type_t{
  */
 extern enum_name_t *exchange_type_names;
 
-
-typedef struct ike_header_t ike_header_t;
-
 /**
  * @brief An object of this type represents an IKEv2 header and is used to 
  * generate and parse IKEv2 headers.
index 3af3cce..18f9dec 100644 (file)
@@ -24,6 +24,8 @@
 #ifndef KE_PAYLOAD_H_
 #define KE_PAYLOAD_H_
 
+typedef struct ke_payload_t ke_payload_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/transform_substructure.h>
  */
 #define KE_PAYLOAD_HEADER_LENGTH 8
 
-
-typedef struct ke_payload_t ke_payload_t;
-
 /**
  * @brief Class representing an IKEv2-KE Payload.
- * 
+ *
  * The KE Payload format is described in RFC section 3.4.
- * 
+ *
  * @b Constructors:
  * - ke_payload_create()
- * 
+ *
  * @ingroup payloads
  */
 struct ke_payload_t {
index db3eec3..444110a 100644 (file)
@@ -24,6 +24,8 @@
 #ifndef NONCE_PAYLOAD_H_
 #define NONCE_PAYLOAD_H_
 
+typedef struct nonce_payload_t nonce_payload_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 
@@ -43,8 +45,6 @@
  */
 #define NONCE_PAYLOAD_HEADER_LENGTH 4
 
-typedef struct nonce_payload_t nonce_payload_t;
-
 /**
  * Object representing an IKEv2 Nonce payload.
  * 
index ec6536c..df95633 100644 (file)
@@ -26,6 +26,9 @@
 #ifndef NOTIFY_PAYLOAD_H_
 #define NOTIFY_PAYLOAD_H_
 
+typedef enum notify_type_t notify_type_t;
+typedef struct notify_payload_t notify_payload_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/proposal_substructure.h>
  */
 #define NOTIFY_PAYLOAD_HEADER_LENGTH 8
 
-typedef enum notify_type_t notify_type_t;
-
-
-/** 
+/**
  * @brief Notify message types.
- * 
+ *
  * See IKEv2 RFC 3.10.1.
- * 
+ *
  * @ingroup payloads
  */
 enum notify_type_t {
@@ -98,8 +98,6 @@ enum notify_type_t {
 extern enum_name_t *notify_type_names;
 
 
-typedef struct notify_payload_t notify_payload_t;
-
 /**
  * @brief Class representing an IKEv2-Notify Payload.
  * 
index 30f2cbf..dfc3054 100644 (file)
 #ifndef PAYLOAD_H_
 #define PAYLOAD_H_
 
+typedef enum payload_type_t payload_type_t;
+typedef struct payload_t payload_t;
+
 #include <types.h>
 #include <definitions.h>
 #include <encoding/payloads/encodings.h>
 
 
-typedef enum payload_type_t payload_type_t;
-
 /**
  * @brief Payload-Types of a IKEv2-Message.
- * 
+ *
  * Header and substructures are also defined as 
  * payload types with values from PRIVATE USE space.
- * 
+ *
  * @ingroup payloads
  */
 enum payload_type_t{
@@ -194,9 +195,6 @@ extern enum_name_t *payload_type_names;
  */
 extern enum_name_t *payload_type_short_names;
 
-
-typedef struct payload_t payload_t;
-
 /**
  * @brief Generic interface for all payload types (incl.header and substructures).
  * 
index b9bd0a8..f1ce5bc 100644 (file)
@@ -24,6 +24,8 @@
 #ifndef PROPOSAL_SUBSTRUCTURE_H_
 #define PROPOSAL_SUBSTRUCTURE_H_
 
+typedef struct proposal_substructure_t proposal_substructure_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/transform_substructure.h>
@@ -38,9 +40,6 @@
  */
 #define PROPOSAL_SUBSTRUCTURE_HEADER_LENGTH 8
 
-
-typedef struct proposal_substructure_t proposal_substructure_t;
-
 /**
  * @brief Class representing an IKEv2-PROPOSAL SUBSTRUCTURE.
  * 
index ce85dbe..90ded9a 100644 (file)
@@ -24,6 +24,8 @@
 #ifndef SA_PAYLOAD_H_
 #define SA_PAYLOAD_H_
 
+typedef struct sa_payload_t sa_payload_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 #include <encoding/payloads/proposal_substructure.h>
  */
 #define SA_PAYLOAD_HEADER_LENGTH 4
 
-typedef struct sa_payload_t sa_payload_t;
-
 /**
  * @brief Class representing an IKEv2-SA Payload.
- * 
+ *
  * The SA Payload format is described in RFC section 3.3.
- * 
+ *
  * @b Constructors:
  * - sa_payload_create()
  * - sa_payload_create_from_ike_proposals()
  * - sa_payload_create_from_proposal()
- * 
+ *
  * @todo Add support of algorithms without specified keylength in get_proposals and get_ike_proposals.
- * 
+ *
  * @ingroup payloads
  */
 struct sa_payload_t {
index 5c19c6c..5fc7dce 100644 (file)
@@ -25,6 +25,8 @@
 #ifndef TRAFFIC_SELECTOR_SUBSTRUCTURE_H_
 #define TRAFFIC_SELECTOR_SUBSTRUCTURE_H_
 
+typedef struct traffic_selector_substructure_t traffic_selector_substructure_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 #include <utils/host.h>
@@ -37,8 +39,6 @@
  */
 #define TRAFFIC_SELECTOR_HEADER_LENGTH 8
 
-typedef struct traffic_selector_substructure_t traffic_selector_substructure_t;
-
 /**
  * @brief Class representing an IKEv2 TRAFFIC SELECTOR.
  * 
index ffc0650..1588b8f 100644 (file)
 #ifndef TRANSFORM_ATTRIBUTE_H_
 #define TRANSFORM_ATTRIBUTE_H_
 
+typedef enum transform_attribute_type_t transform_attribute_type_t;
+typedef struct transform_attribute_t transform_attribute_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 
 
-typedef enum transform_attribute_type_t transform_attribute_type_t;
-
 /**
  * Type of the attribute, as in IKEv2 RFC 3.3.5.
  * 
@@ -47,8 +48,6 @@ enum transform_attribute_type_t {
  */
 extern enum_name_t *transform_attribute_type_names;
 
-typedef struct transform_attribute_t transform_attribute_t;
-
 /**
  * @brief Class representing an IKEv2- TRANSFORM Attribute.
  * 
index 2811fb9..ee297f8 100644 (file)
@@ -24,6 +24,8 @@
 #ifndef TRANSFORM_SUBSTRUCTURE_H_
 #define TRANSFORM_SUBSTRUCTURE_H_
 
+typedef struct transform_substructure_t transform_substructure_t;
+
 #include <types.h>
 #include <definitions.h>
 #include <encoding/payloads/payload.h>
@@ -51,8 +53,6 @@
 #define TRANSFORM_SUBSTRUCTURE_HEADER_LENGTH 8
 
 
-typedef struct transform_substructure_t transform_substructure_t;
-
 /**
  * @brief Class representing an IKEv2- TRANSFORM SUBSTRUCTURE.
  * 
index a8c5a38..a5595c9 100644 (file)
@@ -25,6 +25,8 @@
 #ifndef TS_PAYLOAD_H_
 #define TS_PAYLOAD_H_
 
+typedef struct ts_payload_t ts_payload_t;
+
 #include <types.h>
 #include <utils/linked_list.h>
 #include <config/traffic_selector.h>
 #define TS_PAYLOAD_HEADER_LENGTH 8
 
 
-typedef struct ts_payload_t ts_payload_t;
-
 /**
  * @brief Class representing an IKEv2 TS payload.
- * 
+ *
  * The TS payload format is described in RFC section 3.13.
- * 
+ *
  * @b Constructors:
  * - ts_payload_create()
  * - ts_payload_create_from_traffic_selectors()
- * 
+ *
  * @ingroup payloads
  */
 struct ts_payload_t {
index 5279773..23cf421 100644 (file)
@@ -24,6 +24,8 @@
 #ifndef UNKNOWN_PAYLOAD_H_
 #define UNKNOWN_PAYLOAD_H_
 
+typedef struct unknown_payload_t unknown_payload_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 
  */
 #define UNKNOWN_PAYLOAD_HEADER_LENGTH 4
 
-
-typedef struct unknown_payload_t unknown_payload_t;
-
 /**
  * @brief Payload which can't be processed further.
- * 
+ *
  * When the parser finds an unknown payload, he builds an instance of
  * this class. This allows further processing of this payload, such as
  * a check for the critical bit in the header.
- * 
+ *
  * @b Constructors:
  * - unknown_payload_create()
- * 
+ *
  * @ingroup payloads
  */
 struct unknown_payload_t {
index 415313c..8972eaa 100644 (file)
@@ -24,6 +24,8 @@
 #ifndef VENDOR_ID_PAYLOAD_H_
 #define VENDOR_ID_PAYLOAD_H_
 
+typedef struct vendor_id_payload_t vendor_id_payload_t;
+
 #include <types.h>
 #include <encoding/payloads/payload.h>
 
 #define VENDOR_ID_PAYLOAD_HEADER_LENGTH 4
 
 
-typedef struct vendor_id_payload_t vendor_id_payload_t;
-
 /**
  * @brief Class representing an IKEv2 VENDOR ID payload.
- * 
+ *
  * The VENDOR ID payload format is described in RFC section 3.12.
- * 
+ *
  * @b Constructors:
  * - vendor_id_payload_create()
- * 
+ *
  * @ingroup payloads
  */
 struct vendor_id_payload_t {
index 790233c..0736e85 100644 (file)
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */
+
 #ifndef PACKET_H_
 #define PACKET_H_
 
+typedef struct packet_t packet_t;
 
 #include <types.h>
 #include <utils/host.h>
 
-
-typedef struct packet_t packet_t;
-
 /**
  * @brief Abstraction of an UDP-Packet, contains data, sender and receiver.
- * 
+ *
  * @b Constructors:
  * - packet_create()
- * 
+ *
  * @ingroup network
  */
 struct packet_t {
index 431d9f2..a6437c8 100644 (file)
 #ifndef SOCKET_H_
 #define SOCKET_H_
 
+typedef struct socket_t socket_t;
 
 #include <types.h>
 #include <network/packet.h>
 #include <utils/host.h>
 #include <utils/linked_list.h>
 
-
 /**
  * @brief Maximum size of a packet.
- * 
+ *
  * 3000 Bytes should be sufficient, see IKEv2 RFC.
- * 
+ *
  * @ingroup network
  */
 #define MAX_PACKET 3000
 
-
-typedef struct socket_t socket_t;
-
 /**
  * @brief Abstraction of all sockets (IPv6/IPv6 send/receive).
  *
index 9c7c302..583fb2f 100644 (file)
 #ifndef EVENT_QUEUE_H_
 #define EVENT_QUEUE_H_
 
+typedef struct event_queue_t event_queue_t;
+
 #include <sys/time.h>
 
 #include <types.h>
 #include <queues/jobs/job.h>
 
-typedef struct event_queue_t event_queue_t;
-
 /**
  * @brief Event-Queue used to store timed events.
  * 
index 48e6bdc..8dd542e 100644 (file)
 #ifndef JOB_QUEUE_H_
 #define JOB_QUEUE_H_
 
+typedef struct job_queue_t job_queue_t;
+
 #include <types.h>
 #include <queues/jobs/job.h>
 
-typedef struct job_queue_t job_queue_t;
-
 /**
  * @brief The job queue stores jobs, which will be processed by the thread_pool_t.
  *
index d607c91..5a59c38 100644 (file)
 #ifndef ACQUIRE_JOB_H_
 #define ACQUIRE_JOB_H_
 
+typedef struct acquire_job_t acquire_job_t;
+
 #include <types.h>
 #include <queues/jobs/job.h>
 
-
-typedef struct acquire_job_t acquire_job_t;
-
 /**
  * @brief Class representing an ACQUIRE Job.
  * 
index fb87440..99e042f 100644 (file)
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  */
+
 #ifndef DELETE_CHILD_SA_JOB_H_
 #define DELETE_CHILD_SA_JOB_H_
 
+typedef struct delete_child_sa_job_t delete_child_sa_job_t;
+
 #include <types.h>
 #include <sa/ike_sa_id.h>
 #include <queues/jobs/job.h>
 #include <config/proposal.h>
 
 
-typedef struct delete_child_sa_job_t delete_child_sa_job_t;
-
 /**
  * @brief Class representing an DELETE_CHILD_SA Job.
  * 
index 8ef68b1..5857e99 100644 (file)
 #ifndef DELETE_IKE_SA_JOB_H_
 #define DELETE_IKE_SA_JOB_H_
 
+typedef struct delete_ike_sa_job_t delete_ike_sa_job_t;
+
 #include <types.h>
 #include <sa/ike_sa_id.h>
 #include <queues/jobs/job.h>
 
 
-typedef struct delete_ike_sa_job_t delete_ike_sa_job_t;
-
 /**
  * @brief Class representing an DELETE_IKE_SA Job.
- * 
+ *
  * This job is responsible for deleting established or half open IKE_SAs. 
  * A half open IKE_SA is every IKE_SA which hasn't reache the SA_ESTABLISHED
  * state.
- * 
+ *
  * @b Constructors:
  *  - delete_ike_sa_job_create()
- * 
+ *
  * @ingroup jobs
  */
 struct delete_ike_sa_job_t {
index 2ed0e50..9228d2e 100644 (file)
 #ifndef INCOMING_PACKET_JOB_H_
 #define INCOMING_PACKET_JOB_H_
 
+typedef struct incoming_packet_job_t incoming_packet_job_t;
+
 #include <types.h>
 #include <network/packet.h>
 #include <queues/jobs/job.h>
 
-
-typedef struct incoming_packet_job_t incoming_packet_job_t;
-
 /**
  * @brief Class representing an INCOMING_PACKET Job.
- * 
+ *
  * An incoming pack job is created from the receiver, which has
  * read a packet to process from the socket.
- * 
+ *
  * @b Constructors:
  * - incoming_packet_job_create()
- * 
+ *
  * @ingroup jobs
  */
 struct incoming_packet_job_t {
index cb6acf3..6771505 100644 (file)
 #ifndef INITIATE_IKE_SA_JOB_H_
 #define INITIATE_IKE_SA_JOB_H_
 
+typedef struct initiate_job_t initiate_job_t;
+
 #include <types.h>
 #include <queues/jobs/job.h>
 #include <config/connections/connection.h>
 #include <config/policies/policy.h>
 
-
-typedef struct initiate_job_t initiate_job_t;
-
 /**
  * @brief Class representing an INITIATE_IKE_SA Job.
  * 
index 523c416..aa29797 100644 (file)
 #ifndef JOB_H_
 #define JOB_H_
 
+typedef enum job_type_t job_type_t;
+typedef struct job_t job_t;
+
 #include <types.h>
 #include <definitions.h>
 
-
-typedef enum job_type_t job_type_t;
-
 /**
  * @brief Definition of the various job types.
- * 
+ *
  * @ingroup jobs
  */
 enum job_type_t {
@@ -122,8 +122,6 @@ enum job_type_t {
 extern enum_name_t *job_type_names;
 
 
-typedef struct job_t job_t;
-
 /**
  * @brief Job-Interface as it is stored in the job queue.
  * 
index 72d75d1..4aacf57 100644 (file)
 #ifndef REKEY_CHILD_SA_JOB_H_
 #define REKEY_CHILD_SA_JOB_H_
 
+typedef struct rekey_child_sa_job_t rekey_child_sa_job_t;
+
 #include <types.h>
 #include <sa/ike_sa_id.h>
 #include <queues/jobs/job.h>
 #include <config/proposal.h>
 
-
-typedef struct rekey_child_sa_job_t rekey_child_sa_job_t;
-
 /**
  * @brief Class representing an REKEY_CHILD_SA Job.
- * 
+ *
  * This job initiates the rekeying of a CHILD SA.
- * 
+ *
  * @b Constructors:
  *  - rekey_child_sa_job_create()
- * 
+ *
  * @ingroup jobs
  */
 struct rekey_child_sa_job_t {
index 1fb3fb6..b1fdb33 100644 (file)
 #ifndef REKEY_IKE_SA_JOB_H_
 #define REKEY_IKE_SA_JOB_H_
 
+typedef struct rekey_ike_sa_job_t rekey_ike_sa_job_t;
+
 #include <types.h>
 #include <sa/ike_sa_id.h>
 #include <queues/jobs/job.h>
 
-
-typedef struct rekey_ike_sa_job_t rekey_ike_sa_job_t;
-
 /**
  * @brief Class representing an REKEY_IKE_SA Job.
  * 
index eb119ba..c57a870 100644 (file)
 #ifndef RESEND_MESSAGE_JOB_H_
 #define RESEND_MESSAGE_JOB_H_
 
+typedef struct retransmit_request_job_t retransmit_request_job_t;
+
 #include <types.h>
 #include <queues/jobs/job.h>
 #include <sa/ike_sa_id.h>
 
-
-typedef struct retransmit_request_job_t retransmit_request_job_t;
-
 /**
  * @brief Class representing an RETRANSMIT_REQUEST Job.
- * 
+ *
  * This job is scheduled every time a request is sent over the
  * wire. If the response to the request is not received at schedule
  * time, the retransmission will be initiated.
- * 
+ *
  * @b Constructors:
  * - retransmit_request_job_create()
- * 
+ *
  * @ingroup jobs
  */
 struct retransmit_request_job_t {
index df2648a..ad7b48b 100644 (file)
 #ifndef ROUTE_JOB_H_
 #define ROUTE_JOB_H_
 
+typedef struct route_job_t route_job_t;
+
 #include <types.h>
 #include <queues/jobs/job.h>
 #include <config/policies/policy.h>
 #include <config/connections/connection.h>
 
-
-typedef struct route_job_t route_job_t;
-
 /**
  * @brief Class representing an ROUTE Job.
- * 
+ *
  * @b Constructors:
  * - route_job_create()
- * 
+ *
  * @ingroup jobs
  */
 struct route_job_t {
index 31758b0..fb17574 100644 (file)
 #ifndef SEND_DPD_JOB_H_
 #define SEND_DPD_JOB_H_
 
+typedef struct send_dpd_job_t send_dpd_job_t;
+
 #include <types.h>
 #include <queues/jobs/job.h>
 #include <config/connections/connection.h>
 #include <sa/ike_sa_id.h>
 
-
-typedef struct send_dpd_job_t send_dpd_job_t;
-
 /**
  * @brief Class representing a SEND_DPD Job.
  * 
index 4c21730..1bb7afd 100644 (file)
 #ifndef SEND_KEEPALIVE_JOB_H_
 #define SEND_KEEPALIVE_JOB_H_
 
+typedef struct send_keepalive_job_t send_keepalive_job_t;
+
 #include <types.h>
 #include <queues/jobs/job.h>
 #include <config/connections/connection.h>
 #include <sa/ike_sa_id.h>
 
-
-typedef struct send_keepalive_job_t send_keepalive_job_t;
-
 /**
  * @brief Class representing a SEND_KEEPALIVE Job.
  * 
index 5b8a02e..8043f17 100644 (file)
 #ifndef SEND_QUEUE_H_
 #define SEND_QUEUE_H_
 
+typedef struct send_queue_t send_queue_t;
+
 #include <types.h>
 #include <network/packet.h>
 
-
-typedef struct send_queue_t send_queue_t;
-
 /**
  * @brief The send queue stores packet for the sender_t instance.
  * 
diff --git a/src/charon/sa/authenticator.c b/src/charon/sa/authenticator.c
deleted file mode 100644 (file)
index b9b9d00..0000000
+++ /dev/null
@@ -1,356 +0,0 @@
-/**
- * @file authenticator.c
- *
- * @brief Implementation of authenticator_t.
- *
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#include <string.h>
-
-#include "authenticator.h"
-
-#include <config/policies/policy.h>
-#include <daemon.h>
-
-/**
- * Key pad for the AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
- */
-#define IKEV2_KEY_PAD "Key Pad for IKEv2"
-
-
-typedef struct private_authenticator_t private_authenticator_t;
-
-/**
- * Private data of an authenticator_t object.
- */
-struct private_authenticator_t {
-
-       /**
-        * Public authenticator_t interface.
-        */
-       authenticator_t public;
-
-       /**
-        * Assigned IKE_SA
-        */
-       ike_sa_t *ike_sa;
-       
-       /**
-        * auth_method to create own signature/mac/whatever..
-        */
-       auth_method_t auth_method;
-       
-       /**
-        * PRF taken from the IKE_SA.
-        */
-       prf_t *prf;
-};
-
-/**
- * Builds the octets to be signed (RSA or PSK) as described in section 2.15 of RFC 4306
- */
-static chunk_t build_tbs_octets(private_authenticator_t *this,
-                                                               chunk_t last_message, 
-                                                               chunk_t other_nonce,
-                                                               identification_t *id,
-                                                               bool initiator)
-{
-       prf_t *prf;
-
-       chunk_t  id_encoding = id->get_encoding(id);
-       u_int8_t id_with_header[4 + id_encoding.len];
-       chunk_t id_with_header_chunk = {ptr:id_with_header, len: sizeof(id_with_header)};
-
-       u_int8_t *current_pos;
-       chunk_t octets;
-       
-       id_with_header[0] = id->get_type(id);
-       id_with_header[1] = 0x00;
-       id_with_header[2] = 0x00;
-       id_with_header[3] = 0x00;
-       memcpy(id_with_header + 4, id_encoding.ptr, id_encoding.len);
-       
-       if (initiator)
-       {
-               prf = this->ike_sa->get_prf_auth_i(this->ike_sa);
-       }
-       else
-       {
-               prf = this->ike_sa->get_prf_auth_r(this->ike_sa);
-       }
-       
-       /* 4 bytes are id type and reserved fields of id payload */
-       octets.len = last_message.len + other_nonce.len + prf->get_block_size(prf);
-       octets.ptr = malloc(octets.len);
-       current_pos = octets.ptr;
-       memcpy(current_pos, last_message.ptr, last_message.len);
-       current_pos += last_message.len;
-       memcpy(current_pos, other_nonce.ptr, other_nonce.len);
-       current_pos += other_nonce.len;
-       prf->get_bytes(prf, id_with_header_chunk, current_pos);
-       
-       return octets;
-}
-
-/**
- * Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
- */
-static chunk_t build_shared_key_signature(private_authenticator_t *this,
-                                                                                 chunk_t last_message,
-                                                                                 chunk_t nonce,
-                                                                                 identification_t *id,
-                                                                                 bool initiator,
-                                                                                 chunk_t secret)
-{
-       chunk_t key_pad = {ptr: IKEV2_KEY_PAD, len:strlen(IKEV2_KEY_PAD)};
-       u_int8_t key_buffer[this->prf->get_block_size(this->prf)];
-       chunk_t key = {ptr: key_buffer, len: sizeof(key_buffer)};
-       chunk_t auth_data;
-       
-       chunk_t octets = build_tbs_octets(this, last_message, nonce, id, initiator);
-       
-       /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
-       this->prf->set_key(this->prf, secret);
-       this->prf->get_bytes(this->prf, key_pad, key_buffer);
-       this->prf->set_key(this->prf, key);
-       this->prf->allocate_bytes(this->prf, octets, &auth_data);
-       DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", &octets);
-       DBG3(DBG_IKE, "secret %B", &secret);
-       DBG3(DBG_IKE, "keypad %B", &key_pad);
-       DBG3(DBG_IKE, "prf(secret, keypad) %B", &key);
-       DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", &auth_data);
-       chunk_free(&octets);
-
-       return auth_data;
-}
-
-/**
- * Implementation of authenticator_t.verify_auth_data.
- */
-static status_t verify_auth_data (private_authenticator_t *this,
-                                                                       auth_payload_t *auth_payload,
-                                                                       chunk_t last_received_packet,
-                                                                       chunk_t my_nonce,
-                                                                       identification_t *my_id,
-                                                                       identification_t *other_id,
-                                                                       bool initiator)
-{
-       status_t status;
-       chunk_t       auth_data   = auth_payload->get_data(auth_payload);
-       auth_method_t auth_method = auth_payload->get_auth_method(auth_payload);
-
-       switch (auth_method)
-       {
-               case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
-               {
-                       chunk_t shared_key;
-                       chunk_t my_auth_data;
-                                               
-                       status = charon->credentials->get_shared_key(charon->credentials,
-                                                                                                                my_id,
-                                                                                                                other_id,
-                                                                                                                &shared_key);
-                       if (status != SUCCESS)
-                       {
-                               DBG1(DBG_IKE, "no shared key found for '%D' - '%D'",
-                                        my_id, other_id);
-                               chunk_free(&shared_key);
-                               break;
-                       }
-                       
-                       my_auth_data = build_shared_key_signature(this, last_received_packet,
-                                                                                                         my_nonce, other_id,
-                                                                                                         initiator, shared_key);
-                       chunk_free(&shared_key);
-
-
-                       status = (auth_data.len == my_auth_data.len &&
-                                         memeq(auth_data.ptr, my_auth_data.ptr, my_auth_data.len))
-                                        ? SUCCESS : FAILED;
-                       chunk_free(&my_auth_data);
-                   break;
-               }
-               case RSA_DIGITAL_SIGNATURE:
-               {
-                       chunk_t octets;
-
-                       rsa_public_key_t *public_key =
-                               charon->credentials->get_trusted_public_key(charon->credentials, other_id);
-
-                       if (public_key == NULL)
-                       {
-                               DBG1(DBG_IKE, "no RSA public key found for '%D'", other_id);
-                               status = NOT_FOUND;
-                               break;
-                       }
-                       
-                       octets = build_tbs_octets(this, last_received_packet, my_nonce,
-                                                                         other_id, initiator);
-                       status = public_key->verify_emsa_pkcs1_signature(public_key, octets, 
-                                                                                                                        auth_data);
-                       chunk_free(&octets);
-                       break;
-               }
-               default:
-               {
-                       return NOT_SUPPORTED;
-               }
-       }
-       
-       if (status == SUCCESS)
-       {
-               DBG1(DBG_IKE, "authentication of '%D' with %N successful",
-                        other_id, auth_method_names, auth_method);
-       }
-       
-       return status;
-}
-
-/**
- * Implementation of authenticator_t.compute_auth_data.
- */
-static status_t compute_auth_data (private_authenticator_t *this,
-                                                                  auth_payload_t **auth_payload,
-                                                                  chunk_t last_sent_packet,
-                                                                  chunk_t other_nonce,
-                                                                  identification_t *my_id,
-                                                                  identification_t *other_id,
-                                                                  bool initiator)
-{
-       DBG1(DBG_IKE, "authentication of '%D' with %N (myself)",
-                my_id, auth_method_names, this->auth_method);
-
-       switch (this->auth_method)
-       {
-               case SHARED_KEY_MESSAGE_INTEGRITY_CODE:
-               {
-                       chunk_t shared_key;
-                       chunk_t auth_data;
-
-                       status_t status = charon->credentials->get_shared_key(charon->credentials,
-                                                                                                                                 my_id,
-                                                                                                                                 other_id,
-                                                                                                                                 &shared_key);
-
-                       if (status != SUCCESS)
-                       {
-                               DBG1(DBG_IKE, "no shared key found for '%D' - '%D'",
-                                        my_id, other_id);
-                               return status;  
-                       }
-                       
-                       auth_data = build_shared_key_signature(this, last_sent_packet,
-                                                                                                  other_nonce,  my_id,
-                                                                                                  initiator, shared_key);
-                       chunk_free(&shared_key);
-                       *auth_payload = auth_payload_create();
-                       (*auth_payload)->set_auth_method(*auth_payload,
-                                                                                        SHARED_KEY_MESSAGE_INTEGRITY_CODE);
-                       (*auth_payload)->set_data(*auth_payload, auth_data);
-
-                       chunk_free(&auth_data);
-                       return SUCCESS;
-               }
-               case RSA_DIGITAL_SIGNATURE:
-               {
-                       chunk_t chunk;
-                       chunk_t octets;
-                       chunk_t auth_data;
-                       status_t status;
-                       rsa_public_key_t  *my_pubkey;
-                       rsa_private_key_t *my_key;
-
-                       DBG2(DBG_IKE, "looking for RSA public key belonging to '%D'",
-                                                         my_id);
-
-                       my_pubkey = charon->credentials->get_rsa_public_key(charon->credentials, my_id);
-                       if (my_pubkey == NULL)
-                       {
-                               DBG1(DBG_IKE, "no RSA public key found for '%D'", my_id);
-                               return NOT_FOUND;
-                       }
-                       DBG2(DBG_IKE, "matching RSA public key found");
-                       
-                       chunk = my_pubkey->get_keyid(my_pubkey);
-                       DBG2(DBG_IKE, "looking for RSA private key with keyid %#B", &chunk);
-
-                       my_key = charon->credentials->get_rsa_private_key(charon->credentials, my_pubkey);
-                       if (my_key == NULL)
-                       {
-                               DBG1(DBG_IKE, "no RSA private key found with for %D with keyid %#B",
-                                        my_id, &chunk);
-                               return NOT_FOUND;
-                       }
-                       DBG2(DBG_IKE, "matching RSA private key found");
-
-                       octets = build_tbs_octets(this, last_sent_packet, other_nonce,
-                                                                         my_id, initiator);
-                       status = my_key->build_emsa_pkcs1_signature(my_key, HASH_SHA1,
-                                                                                                               octets, &auth_data);
-                       chunk_free(&octets);
-
-                       if (status != SUCCESS)
-                       {
-                               my_key->destroy(my_key);
-                               return status;
-                       }
-                       DBG2(DBG_IKE, "successfully signed with RSA private key");
-                       
-                       *auth_payload = auth_payload_create();
-                       (*auth_payload)->set_auth_method(*auth_payload, RSA_DIGITAL_SIGNATURE);
-                       (*auth_payload)->set_data(*auth_payload, auth_data);
-
-                       my_key->destroy(my_key);
-                       chunk_free(&auth_data);
-                       return SUCCESS;
-               }
-               default:
-               {
-                       return NOT_SUPPORTED;
-               }
-       }
-}
-
-/**
- * Implementation of authenticator_t.destroy.
- */
-static void destroy (private_authenticator_t *this)
-{
-       free(this);
-}
-
-/*
- * Described in header.
- */
-authenticator_t *authenticator_create(ike_sa_t *ike_sa, auth_method_t auth_method)
-{
-       private_authenticator_t *this = malloc_thing(private_authenticator_t);
-
-       /* Public functions */
-       this->public.destroy = (void(*)(authenticator_t*))destroy;
-       this->public.verify_auth_data = (status_t (*) (authenticator_t*,auth_payload_t*,chunk_t,chunk_t,identification_t*,identification_t*,bool)) verify_auth_data;
-       this->public.compute_auth_data = (status_t (*) (authenticator_t*,auth_payload_t**,chunk_t,chunk_t,identification_t*,identification_t*,bool)) compute_auth_data;
-       
-       /* private data */
-       this->ike_sa = ike_sa;
-       this->auth_method = auth_method;
-       this->prf = this->ike_sa->get_prf(this->ike_sa);
-       
-       return &(this->public);
-}
diff --git a/src/charon/sa/authenticator.h b/src/charon/sa/authenticator.h
deleted file mode 100644 (file)
index 4fb7766..0000000
+++ /dev/null
@@ -1,137 +0,0 @@
-/**
- * @file authenticator.h
- *
- * @brief Interface of authenticator_t.
- *
- */
-
-/*
- * Copyright (C) 2005-2006 Martin Willi
- * Copyright (C) 2005 Jan Hutter
- * Hochschule fuer Technik Rapperswil
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the
- * Free Software Foundation; either version 2 of the License, or (at your
- * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
- * for more details.
- */
-
-#ifndef AUTHENTICATOR_H_
-#define AUTHENTICATOR_H_
-
-#include <types.h>
-#include <sa/ike_sa.h>
-#include <network/packet.h>
-#include <encoding/payloads/auth_payload.h>
-#include <encoding/payloads/id_payload.h>
-
-
-typedef struct authenticator_t authenticator_t;
-
-/**
- * @brief Class used to authenticate a peer.
- * 
- * Currently the following two AUTH methods are supported:
- *  - SHARED_KEY_MESSAGE_INTEGRITY_CODE
- *  - RSA_DIGITAL_SIGNATURE
- * 
- * This class retrieves needed data for specific AUTH methods (RSA keys, shared secrets, etc.)
- * over an internal stored protected_ike_sa_t object or directly from the configuration_t over
- * the daemon_t object "charon".
- * 
- * @b Constructors:
- *  - authenticator_create()
- * 
- * @ingroup sa
- */
-struct authenticator_t {
-
-       /**
-        * @brief Verify's given authentication data. 
-        * 
-        * To verify a received AUTH payload the following data must be provided:
-        * - the last received IKEv2 Message from the other peer in binary form
-        * - the nonce value sent to the other peer
-        * - the ID payload of the other peer
-        *
-        * @param this                                  calling object
-        * @param last_received_packet  binary representation of the last received IKEv2-Message
-        * @param my_nonce                              the sent nonce (without payload header)
-        * @param my_id                                 my ID
-        * @param other_id                              peer ID
-        * @param initiator                             type of peer. TRUE, if it is original initiator, FALSE otherwise
-        * 
-        * @todo Document RSA error status types
-        * 
-        * @return
-        *                                                              - SUCCESS if verification successful
-        *                                                              - FAILED if verification failed
-        *                                                              - NOT_SUPPORTED if AUTH method not supported
-        *                                                              - NOT_FOUND if the data for specific AUTH method could not be found 
-        *                                                                      (e.g. shared secret, rsa key)
-        */
-       status_t (*verify_auth_data) (authenticator_t *this,
-                                                                 auth_payload_t *auth_payload, 
-                                                                 chunk_t last_received_packet,
-                                                                 chunk_t my_nonce,
-                                                                 identification_t *my_id,
-                                                                 identification_t *other_id,
-                                                                 bool initiator);
-
-       /**
-        * @brief Computes authentication data and creates specific AUTH payload.
-        * 
-        * To create an AUTH payload, the following data must be provided:
-        * - the last sent IKEv2 Message in binary form
-        * - the nonce value received from the other peer
-        * - the ID payload of myself
-        * 
-        * @param this                                  calling object
-        * @param[out] auth_payload             The object of typee auth_payload_t will be created at pointing location
-        * @param last_sent_packet              binary representation of the last sent IKEv2-Message
-        * @param other_nonce                   the received nonce (without payload header)
-        * @param my_id                                 my ID
-        * @param other_id                              peer ID
-        * @param initiator                             type of myself. TRUE, if I'm original initiator, FALSE otherwise
-        *
-        * @todo Document RSA error status types
-        * 
-        * @return
-        *                                                              - SUCCESS if authentication data could be computed
-        *                                                              - NOT_SUPPORTED if AUTH method not supported
-        *                                                              - NOT_FOUND if the data for AUTH method could not be found
-        */
-       status_t (*compute_auth_data) (authenticator_t *this,
-                                                                  auth_payload_t **auth_payload,
-                                                                  chunk_t last_sent_packet,
-                                                                  chunk_t other_nonce,
-                                                                  identification_t *my_id,
-                                                                  identification_t *other_id,
-                                                                  bool initiator);
-
-       /**
-        * @brief Destroys a authenticator_t object.
-        *
-        * @param this                  calling object
-        */
-       void (*destroy) (authenticator_t *this);
-};
-
-/**
- * @brief Creates an authenticator object.
- * 
- * @param ike_sa               associated ike_sa
- * @param auth_method  authentication method to use for own signature/mac
- * 
- * @return                             authenticator_t object
- * 
- * @ingroup sa
- */
-authenticator_t *authenticator_create(ike_sa_t *ike_sa, auth_method_t auth_method);
-
-#endif /* AUTHENTICATOR_H_ */
diff --git a/src/charon/sa/authenticators/authenticator.c b/src/charon/sa/authenticators/authenticator.c
new file mode 100644 (file)
index 0000000..2460181
--- /dev/null
@@ -0,0 +1,53 @@
+/**
+ * @file authenticator.c
+ *
+ * @brief Generic constructor for authenticators.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "authenticator.h"
+
+#include <sa/authenticators/rsa_authenticator.h>
+#include <sa/authenticators/psk_authenticator.h>
+
+
+ENUM_BEGIN(auth_method_names, AUTH_RSA, AUTH_DSS,
+       "RSA signature",
+       "pre-shared key",
+       "DSS signature");
+ENUM_NEXT(auth_method_names, AUTH_EAP, AUTH_EAP, AUTH_DSS,
+       "EAP");
+ENUM_END(auth_method_names, AUTH_EAP);
+
+/*
+ * Described in header.
+ */
+authenticator_t *authenticator_create(ike_sa_t *ike_sa, auth_method_t auth_method)
+{
+       switch (auth_method)
+       {
+               case AUTH_RSA:
+                       return (authenticator_t*)rsa_authenticator_create(ike_sa);
+               case AUTH_PSK:
+                       return (authenticator_t*)psk_authenticator_create(ike_sa);
+               default:
+                       return NULL;
+       }
+}
diff --git a/src/charon/sa/authenticators/authenticator.h b/src/charon/sa/authenticators/authenticator.h
new file mode 100644 (file)
index 0000000..b1645c2
--- /dev/null
@@ -0,0 +1,139 @@
+/**
+ * @file authenticator.h
+ *
+ * @brief Interface of authenticator_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef AUTHENTICATOR_H_
+#define AUTHENTICATOR_H_
+
+typedef enum auth_method_t auth_method_t;
+typedef struct authenticator_t authenticator_t;
+
+#include <types.h>
+#include <sa/ike_sa.h>
+#include <encoding/payloads/auth_payload.h>
+
+/**
+ * Method to use for authentication.
+ *
+ * @ingroup authenticator
+ */
+enum auth_method_t {
+       /**
+        * Computed as specified in section 2.15 of RFC using 
+        * an RSA private key over a PKCS#1 padded hash.
+        */
+       AUTH_RSA = 1,
+       
+       /**
+        * Computed as specified in section 2.15 of RFC using the 
+        * shared key associated with the identity in the ID payload 
+        * and the negotiated prf function
+        */
+       AUTH_PSK = 2,
+       
+       /**
+        * Computed as specified in section 2.15 of RFC using a 
+        * DSS private key over a SHA-1 hash.
+        */
+       AUTH_DSS = 3,
+       
+       /**
+        * EAP authentication. This value is never negotiated and therefore
+        * a value from private use.
+        */
+       AUTH_EAP = 201,
+};
+
+/**
+ * enum names for auth_method_t.
+ *
+ * @ingroup authenticator
+ */
+extern enum_name_t *auth_method_names;
+
+/**
+ * @brief Authenticator interface implemented by the various authenticators.
+ *
+ * Currently the following two AUTH methods are supported:
+ *  - shared key message integrity code (AUTH_PSK)
+ *  - RSA digital signature (AUTH_RSA)
+ *
+ * @b Constructors:
+ *  - authenticator_create()
+ *
+ * @ingroup authenticator
+ */
+struct authenticator_t {
+
+       /**
+        * @brief Verify a received authentication payload.
+        *
+        * @param this                          calling object
+        * @param ike_sa_init           binary representation of received ike_sa_init
+        * @param my_nonce                      the sent nonce
+        * @param auth_payload          authentication payload to verify
+        *
+        * @return
+        *                                                      - SUCCESS,
+        *                                                      - FAILED if verification failed
+        *                                                      - INVALID_ARG if auth_method does not match
+        *                                                      - NOT_FOUND if credentials not found
+        */
+       status_t (*verify) (authenticator_t *this, chunk_t ike_sa_init,
+                                               chunk_t my_nonce, auth_payload_t *auth_payload);
+
+       /**
+        * @brief Build an authentication payload to send to the other peer.
+        *
+        * @param this                          calling object
+        * @param ike_sa_init           binary representation of sent ike_sa_init
+        * @param other_nonce           the received nonce
+        * @param[out] auth_payload     the resulting authentication payload
+        *
+        * @return
+        *                                                      - SUCCESS,
+        *                                                      - NOT_FOUND if the data for AUTH method could not be found
+        */
+       status_t (*build) (authenticator_t *this, chunk_t ike_sa_init,
+                                          chunk_t other_nonce, auth_payload_t **auth_payload);
+
+       /**
+        * @brief Destroys a authenticator_t object.
+        *
+        * @param this                          calling object
+        */
+       void (*destroy) (authenticator_t *this);
+};
+
+/**
+ * @brief Creates an authenticator for the specified auth method.
+ *
+ * @param ike_sa               associated ike_sa
+ * @param auth_method  authentication method to use for build()/verify()
+ *
+ * @return                             authenticator_t object
+ *
+ * @ingroup sa
+ */
+authenticator_t *authenticator_create(ike_sa_t *ike_sa, auth_method_t auth_method);
+
+#endif /* AUTHENTICATOR_H_ */
diff --git a/src/charon/sa/authenticators/psk_authenticator.c b/src/charon/sa/authenticators/psk_authenticator.c
new file mode 100644 (file)
index 0000000..b3f49ef
--- /dev/null
@@ -0,0 +1,193 @@
+/**
+ * @file authenticator.c
+ *
+ * @brief Implementation of authenticator_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "psk_authenticator.h"
+
+#include <config/policies/policy.h>
+#include <daemon.h>
+
+/**
+ * Key pad for the AUTH method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
+ */
+#define IKEV2_KEY_PAD "Key Pad for IKEv2"
+#define IKEV2_KEY_PAD_LENGTH 17
+
+
+typedef struct private_psk_authenticator_t private_psk_authenticator_t;
+
+/**
+ * Private data of an psk_authenticator_t object.
+ */
+struct private_psk_authenticator_t {
+
+       /**
+        * Public authenticator_t interface.
+        */
+       psk_authenticator_t public;
+
+       /**
+        * Assigned IKE_SA
+        */
+       ike_sa_t *ike_sa;
+};
+
+/**
+ * Function implemented in rsa_authenticator.c
+ */
+extern chunk_t build_tbs_octets(private_psk_authenticator_t *this, chunk_t ike_sa_init,
+                                                               chunk_t nonce, identification_t *id, prf_t *prf);
+
+/**
+ * Creates the AUTH data using auth method SHARED_KEY_MESSAGE_INTEGRITY_CODE.
+ */
+static chunk_t build_shared_key_signature(private_psk_authenticator_t *this,
+                                                                                 chunk_t ike_sa_init,
+                                                                                 chunk_t nonce,
+                                                                                 chunk_t secret,
+                                                                                 identification_t *id,
+                                                                                 prf_t *prf)
+{
+       chunk_t key_pad, key, auth_data, octets;
+       
+       octets = build_tbs_octets(this, ike_sa_init, nonce, id, prf);
+       /* AUTH = prf(prf(Shared Secret,"Key Pad for IKEv2"), <msg octets>) */
+       key_pad.ptr = IKEV2_KEY_PAD;
+       key_pad.len = IKEV2_KEY_PAD_LENGTH;
+       prf->set_key(prf, secret);
+       prf->allocate_bytes(prf, key_pad, &key);
+       prf->set_key(prf, key);
+       prf->allocate_bytes(prf, octets, &auth_data);
+       DBG3(DBG_IKE, "octets = message + nonce + prf(Sk_px, IDx') %B", &octets);
+       DBG3(DBG_IKE, "secret %B", &secret);
+       DBG3(DBG_IKE, "keypad %B", &key_pad);
+       DBG3(DBG_IKE, "prf(secret, keypad) %B", &key);
+       DBG3(DBG_IKE, "AUTH = prf(prf(secret, keypad), octets) %B", &auth_data);
+       chunk_free(&octets);
+       chunk_free(&key);
+       
+       return auth_data;
+}
+
+/**
+ * Implementation of authenticator_t.verify.
+ */
+static status_t verify(private_psk_authenticator_t *this, chunk_t ike_sa_init,
+                                          chunk_t my_nonce, auth_payload_t *auth_payload)
+{
+       status_t status;
+       chunk_t auth_data, recv_auth_data, shared_key;
+       identification_t *my_id, *other_id;
+       
+       my_id = this->ike_sa->get_my_id(this->ike_sa);
+       other_id = this->ike_sa->get_other_id(this->ike_sa);
+       status = charon->credentials->get_shared_key(charon->credentials, my_id,
+                                                                                                other_id, &shared_key);
+       if (status != SUCCESS)
+       {
+               DBG1(DBG_IKE, "no shared key found for '%D' - '%D'",  my_id, other_id);
+               return status;
+       }
+       
+       auth_data = build_shared_key_signature(this, ike_sa_init, my_nonce,
+                                                                                  shared_key, other_id,
+                                                                                  this->ike_sa->get_auth_verify(this->ike_sa));
+       chunk_free(&shared_key);
+       
+       recv_auth_data = auth_payload->get_data(auth_payload);
+       if (auth_data.len != recv_auth_data.len ||
+               !memeq(auth_data.ptr, recv_auth_data.ptr, auth_data.len))
+       {
+               DBG1(DBG_IKE, "PSK MAC verification failed");
+               chunk_free(&auth_data);
+               return FAILED;
+       }
+       chunk_free(&auth_data);
+       
+       DBG1(DBG_IKE, "authentication of '%D' with %N successful",
+                other_id, auth_method_names, AUTH_PSK);
+       return SUCCESS;
+}
+
+/**
+ * Implementation of authenticator_t.build.
+ */
+static status_t build(private_psk_authenticator_t *this, chunk_t ike_sa_init,
+                                         chunk_t other_nonce, auth_payload_t **auth_payload)
+{
+       chunk_t shared_key;
+       chunk_t auth_data;
+       status_t status;
+       identification_t *my_id, *other_id;
+       
+       my_id = this->ike_sa->get_my_id(this->ike_sa);
+       other_id = this->ike_sa->get_other_id(this->ike_sa);
+       DBG1(DBG_IKE, "authentication of '%D' (myself) with %N",
+                my_id, auth_method_names, AUTH_PSK);
+       status = charon->credentials->get_shared_key(charon->credentials, my_id,
+                                                                                                other_id, &shared_key);
+       if (status != SUCCESS)
+       {
+               DBG1(DBG_IKE, "no shared key found for '%D' - '%D'", my_id, other_id);
+               return status;
+       }
+                       
+       auth_data = build_shared_key_signature(this, ike_sa_init,
+                                                                                  other_nonce,  shared_key, my_id,
+                                                                                  this->ike_sa->get_auth_build(this->ike_sa));
+       DBG2(DBG_IKE, "successfully created shared key MAC");
+       chunk_free(&shared_key);
+       *auth_payload = auth_payload_create();
+       (*auth_payload)->set_auth_method(*auth_payload, AUTH_PSK);
+       (*auth_payload)->set_data(*auth_payload, auth_data);
+       
+       chunk_free(&auth_data);
+       return SUCCESS;
+}
+
+/**
+ * Implementation of authenticator_t.destroy.
+ */
+static void destroy(private_psk_authenticator_t *this)
+{
+       free(this);
+}
+
+/*
+ * Described in header.
+ */
+psk_authenticator_t *psk_authenticator_create(ike_sa_t *ike_sa)
+{
+       private_psk_authenticator_t *this = malloc_thing(private_psk_authenticator_t);
+       
+       /* public functions */
+       this->public.authenticator_interface.verify = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t*))verify;
+       this->public.authenticator_interface.build = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t**))build;
+       this->public.authenticator_interface.destroy = (void(*)(authenticator_t*))destroy;
+       
+       /* private data */
+       this->ike_sa = ike_sa;
+       
+       return &this->public;
+}
diff --git a/src/charon/sa/authenticators/psk_authenticator.h b/src/charon/sa/authenticators/psk_authenticator.h
new file mode 100644 (file)
index 0000000..cfe6ebd
--- /dev/null
@@ -0,0 +1,57 @@
+/**
+ * @file psk_authenticator.h
+ *
+ * @brief Interface of psk_authenticator_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef PSK_AUTHENTICATOR_H_
+#define PSK_AUTHENTICATOR_H_
+
+typedef struct psk_authenticator_t psk_authenticator_t;
+
+#include <sa/authenticators/authenticator.h>
+
+/**
+ * @brief Implementation of the authenticator_t interface using AUTH_PSK.
+ *
+ * @b Constructors:
+ *  - psk_authenticator_create()
+ *  - authenticator_create() using auth_method AUTH_PSK
+ *
+ * @ingroup authenticator
+ */
+struct psk_authenticator_t {
+
+       /**
+        * Implemented authenticator_t interface.
+        */
+       authenticator_t authenticator_interface;
+};
+
+/**
+ * @brief Creates an authenticator for AUTH_PSK.
+ *
+ * @param ike_sa               associated ike_sa
+ * @return                             psk_authenticator_t object
+ *
+ * @ingroup authenticator
+ */
+psk_authenticator_t *psk_authenticator_create(ike_sa_t *ike_sa);
+
+#endif /* PSK_AUTHENTICATOR_H_ */
diff --git a/src/charon/sa/authenticators/rsa_authenticator.c b/src/charon/sa/authenticators/rsa_authenticator.c
new file mode 100644 (file)
index 0000000..8632c23
--- /dev/null
@@ -0,0 +1,194 @@
+/**
+ * @file authenticator.c
+ *
+ * @brief Implementation of authenticator_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005 Jan Hutter
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+
+#include "rsa_authenticator.h"
+
+#include <config/policies/policy.h>
+#include <daemon.h>
+
+
+typedef struct private_rsa_authenticator_t private_rsa_authenticator_t;
+
+/**
+ * Private data of an rsa_authenticator_t object.
+ */
+struct private_rsa_authenticator_t {
+       
+       /**
+        * Public authenticator_t interface.
+        */
+       rsa_authenticator_t public;
+       
+       /**
+        * Assigned IKE_SA
+        */
+       ike_sa_t *ike_sa;
+};
+
+/**
+ * Builds the octets to be signed as described in section 2.15 of RFC 4306
+ */
+chunk_t build_tbs_octets(private_rsa_authenticator_t *this, chunk_t ike_sa_init,
+                                                chunk_t nonce, identification_t *id, prf_t *prf)
+{
+       u_int8_t id_header_buf[] = {0x00, 0x00, 0x00, 0x00};
+       chunk_t id_header = chunk_from_buf(id_header_buf);
+       chunk_t id_with_header, id_prfd, id_encoding;
+       
+       id_header_buf[0] = id->get_type(id);
+       id_encoding = id->get_encoding(id);
+       
+       id_with_header = chunk_cat("cc", id_header, id_encoding);
+       prf->allocate_bytes(prf, id_with_header, &id_prfd);
+       chunk_free(&id_with_header);
+       
+       return chunk_cat("ccm", ike_sa_init, nonce, id_prfd);
+}
+
+/**
+ * Implementation of authenticator_t.verify.
+ */
+static status_t verify(private_rsa_authenticator_t *this, chunk_t ike_sa_init,
+                                          chunk_t my_nonce, auth_payload_t *auth_payload)
+{
+       status_t status;
+       chunk_t auth_data, octets;
+       rsa_public_key_t *public_key;
+       identification_t *other_id;
+       
+       other_id = this->ike_sa->get_other_id(this->ike_sa);
+       
+       if (auth_payload->get_auth_method(auth_payload) != AUTH_RSA)
+       {
+               return INVALID_ARG;
+       }
+       auth_data = auth_payload->get_data(auth_payload);
+       public_key = charon->credentials->get_trusted_public_key(charon->credentials,
+                                                                                                                        other_id);
+       if (public_key == NULL)
+       {
+               DBG1(DBG_IKE, "no RSA public key found for '%D'", other_id);
+               return NOT_FOUND;
+       }
+       octets = build_tbs_octets(this, ike_sa_init, my_nonce, other_id,
+                                                         this->ike_sa->get_auth_verify(this->ike_sa));
+       status = public_key->verify_emsa_pkcs1_signature(public_key, octets, auth_data);
+       chunk_free(&octets);
+       
+       if (status != SUCCESS)
+       {
+               DBG1(DBG_IKE, "RSA signature verification failed");
+               return status;
+       }
+       
+       DBG1(DBG_IKE, "authentication of '%D' with %N successful",
+                other_id, auth_method_names, AUTH_RSA);
+       return SUCCESS;
+}
+
+/**
+ * Implementation of authenticator_t.build.
+ */
+static status_t build(private_rsa_authenticator_t *this, chunk_t ike_sa_init,
+                                         chunk_t other_nonce, auth_payload_t **auth_payload)
+{
+       chunk_t chunk;
+       chunk_t octets;
+       chunk_t auth_data;
+       status_t status;
+       rsa_public_key_t *my_pubkey;
+       rsa_private_key_t *my_key;
+       identification_t *my_id;
+
+       my_id = this->ike_sa->get_my_id(this->ike_sa);
+       DBG1(DBG_IKE, "authentication of '%D' with %N (myself)",
+                my_id, auth_method_names, AUTH_RSA);
+       DBG2(DBG_IKE, "looking for RSA public key belonging to '%D'", my_id);
+
+       my_pubkey = charon->credentials->get_rsa_public_key(charon->credentials, my_id);
+       if (my_pubkey == NULL)
+       {
+               DBG1(DBG_IKE, "no RSA public key found for '%D'", my_id);
+               return NOT_FOUND;
+       }
+       DBG2(DBG_IKE, "matching RSA public key found");
+       chunk = my_pubkey->get_keyid(my_pubkey);
+       DBG2(DBG_IKE, "looking for RSA private key with keyid %#B", &chunk);
+       my_key = charon->credentials->get_rsa_private_key(charon->credentials, my_pubkey);
+       if (my_key == NULL)
+       {
+               DBG1(DBG_IKE, "no RSA private key found with for %D with keyid %#B",
+                        my_id, &chunk);
+               return NOT_FOUND;
+       }
+       DBG2(DBG_IKE, "matching RSA private key found");
+
+       octets = build_tbs_octets(this, ike_sa_init, other_nonce, my_id,
+                                                         this->ike_sa->get_auth_build(this->ike_sa));
+       status = my_key->build_emsa_pkcs1_signature(my_key, HASH_SHA1, octets, &auth_data);
+       chunk_free(&octets);
+
+       if (status != SUCCESS)
+       {
+               my_key->destroy(my_key);
+               DBG1(DBG_IKE, "build signature of SHA1 hash failed");
+               return status;
+       }
+       DBG2(DBG_IKE, "successfully signed with RSA private key");
+       
+       *auth_payload = auth_payload_create();
+       (*auth_payload)->set_auth_method(*auth_payload, AUTH_RSA);
+       (*auth_payload)->set_data(*auth_payload, auth_data);
+       
+       my_key->destroy(my_key);
+       chunk_free(&auth_data);
+       return SUCCESS;
+}
+
+/**
+ * Implementation of authenticator_t.destroy.
+ */
+static void destroy(private_rsa_authenticator_t *this)
+{
+       free(this);
+}
+
+/*
+ * Described in header.
+ */
+rsa_authenticator_t *rsa_authenticator_create(ike_sa_t *ike_sa)
+{
+       private_rsa_authenticator_t *this = malloc_thing(private_rsa_authenticator_t);
+       
+       /* public functions */
+       this->public.authenticator_interface.verify = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t*))verify;
+       this->public.authenticator_interface.build = (status_t(*)(authenticator_t*,chunk_t,chunk_t,auth_payload_t**))build;
+       this->public.authenticator_interface.destroy = (void(*)(authenticator_t*))destroy;
+       
+       /* private data */
+       this->ike_sa = ike_sa;
+       
+       return &this->public;
+}
diff --git a/src/charon/sa/authenticators/rsa_authenticator.h b/src/charon/sa/authenticators/rsa_authenticator.h
new file mode 100644 (file)
index 0000000..58b4002
--- /dev/null
@@ -0,0 +1,57 @@
+/**
+ * @file rsa_authenticator.h
+ *
+ * @brief Interface of rsa_authenticator_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef RSA_AUTHENTICATOR_H_
+#define RSA_AUTHENTICATOR_H_
+
+typedef struct rsa_authenticator_t rsa_authenticator_t;
+
+#include <sa/authenticators/authenticator.h>
+
+/**
+ * @brief Implementation of the authenticator_t interface using AUTH_RSA.
+ *
+ * @b Constructors:
+ *  - rsa_authenticator_create()
+ *  - authenticator_create() using auth_method AUTH_RSA
+ *
+ * @ingroup authenticator
+ */
+struct rsa_authenticator_t {
+
+       /**
+        * Implemented authenticator_t interface.
+        */
+       authenticator_t authenticator_interface;
+};
+
+/**
+ * @brief Creates an authenticator for AUTH_RSA.
+ *
+ * @param ike_sa               associated ike_sa
+ * @return                             rsa_authenticator_t object
+ *
+ * @ingroup authenticator
+ */
+rsa_authenticator_t *rsa_authenticator_create(ike_sa_t *ike_sa);
+
+#endif /* RSA_AUTHENTICATOR_H_ */
index 1caed21..2f73e49 100644 (file)
@@ -151,7 +151,7 @@ struct private_child_sa_t {
        /**
         * transaction which is rekeying this CHILD_SA
         */
-       void *rekeying_transaction;
+       transaction_t *rekeying_transaction;
 
        /**
         * Updown script
@@ -696,7 +696,7 @@ static linked_list_t *get_other_traffic_selectors(private_child_sa_t *this)
 /**
  * Implementation of child_sa_t.set_rekeying_transaction.
  */
-static void set_rekeying_transaction(private_child_sa_t *this, void *transaction)
+static void set_rekeying_transaction(private_child_sa_t *this, transaction_t *transaction)
 {
        this->rekeying_transaction = transaction;
 }
@@ -704,7 +704,7 @@ static void set_rekeying_transaction(private_child_sa_t *this, void *transaction
 /**
  * Implementation of child_sa_t.get_rekeying_transaction.
  */
-static void* get_rekeying_transaction(private_child_sa_t *this)
+static transaction_t* get_rekeying_transaction(private_child_sa_t *this)
 {
        return this->rekeying_transaction;
 }
@@ -1104,8 +1104,8 @@ child_sa_t * child_sa_create(u_int32_t rekey, host_t *me, host_t* other,
        this->public.get_my_traffic_selectors = (linked_list_t*(*)(child_sa_t*))get_my_traffic_selectors;
        this->public.get_other_traffic_selectors = (linked_list_t*(*)(child_sa_t*))get_other_traffic_selectors;
        this->public.get_use_time = (status_t (*)(child_sa_t*,bool,time_t*))get_use_time;
-       this->public.set_rekeying_transaction = (void (*)(child_sa_t*,void*))set_rekeying_transaction;
-       this->public.get_rekeying_transaction = (void* (*)(child_sa_t*))get_rekeying_transaction;
+       this->public.set_rekeying_transaction = (void (*)(child_sa_t*,transaction_t*))set_rekeying_transaction;
+       this->public.get_rekeying_transaction = (transaction_t* (*)(child_sa_t*))get_rekeying_transaction;
        this->public.set_state = (void(*)(child_sa_t*,child_sa_state_t))set_state;
        this->public.get_state = (child_sa_state_t(*)(child_sa_t*))get_state;
        this->public.destroy = (void(*)(child_sa_t*))destroy;
index d2c9ba1..881c500 100644 (file)
 #ifndef CHILD_SA_H_
 #define CHILD_SA_H_
 
+typedef enum child_sa_state_t child_sa_state_t;
+typedef struct child_sa_t child_sa_t;
+
 #include <types.h>
 #include <crypto/prf_plus.h>
 #include <encoding/payloads/proposal_substructure.h>
 #include <config/proposal.h>
+#include <sa/transactions/transaction.h>
 
 /**
  * Where we should start with reqid enumeration
@@ -40,8 +44,6 @@
  */
 #define CHILD_SA_PRINTF_SPEC 'P'
 
-typedef enum child_sa_state_t child_sa_state_t;
-
 /**
  * @brief States of a CHILD_SA
  */
@@ -78,8 +80,6 @@ enum child_sa_state_t {
  */
 extern enum_name_t *child_sa_state_names;
 
-typedef struct child_sa_t child_sa_t;
-
 /**
  * @brief Represents an IPsec SAs between two hosts.
  * 
@@ -266,22 +266,17 @@ struct child_sa_t {
         * such situations to handle them cleanly. A rekeying transaction
         * registers itself to the CHILD_SA, and checks later if another
         * transaction is in progress of a rekey.
-        * 
-        * @todo Fix include problematics to allow inclusion of 
-        * the create_child_sa_t transaction.
         *
         * @param this          calling object
         */     
-       void (*set_rekeying_transaction) (child_sa_t *this, void *transaction);
+       void (*set_rekeying_transaction) (child_sa_t *this, transaction_t *transaction);
        
        /**
         * @brief Get the transaction which rekeys this CHILD_SA.
         *
-        * @see set_rekeying_transactoin().
-        *
         * @param this          calling object
         */     
-       void* (*get_rekeying_transaction) (child_sa_t *this);
+       transaction_t* (*get_rekeying_transaction) (child_sa_t *this);
        
        /**
         * @brief Destroys a child_sa.
index 0446c9d..def5ecb 100644 (file)
@@ -149,14 +149,14 @@ struct private_ike_sa_t {
        prf_t *child_prf;
        
        /**
-        * PRF, with key set to pi_key, used for authentication
+        * PRF to build outging authentication data
         */
-       prf_t *prf_auth_i;
+       prf_t *auth_build;
 
        /**
-        * PRF, with key set to pr_key, used for authentication
+        * PRF to verify incoming authentication data
         */
-       prf_t *prf_auth_r;
+       prf_t *auth_verify;
        
        /**
         * NAT hasher.
@@ -231,7 +231,7 @@ struct private_ike_sa_t {
        /**
         * Transaction which rekeys this IKE_SA, used do detect simultaneus rekeying
         */
-       rekey_ike_sa_t *rekeying_transaction;
+       transaction_t *rekeying_transaction;
 };
 
 /**
@@ -1357,19 +1357,19 @@ static prf_t *get_child_prf(private_ike_sa_t *this)
 }
 
 /**
- * Implementation of ike_sa_t.get_prf_auth_i.
+ * Implementation of ike_sa_t.get_auth_bild
  */
-static prf_t *get_prf_auth_i(private_ike_sa_t *this)
+static prf_t *get_auth_build(private_ike_sa_t *this)
 {
-       return this->prf_auth_i;
+       return this->auth_build;
 }
 
 /**
- * Implementation of ike_sa_t.get_prf_auth_r.
+ * Implementation of ike_sa_t.get_auth_verify
  */
-static prf_t *get_prf_auth_r(private_ike_sa_t *this)
+static prf_t *get_auth_verify(private_ike_sa_t *this)
 {
-       return this->prf_auth_r;
+       return this->auth_verify;
 }
 
 /**
@@ -1428,6 +1428,7 @@ static status_t derive_keys(private_ike_sa_t *this,
        size_t key_size;
        crypter_t *crypter_i, *crypter_r;
        signer_t *signer_i, *signer_r;
+       prf_t *prf_i, *prf_r;
        u_int8_t spi_i_buf[sizeof(u_int64_t)], spi_r_buf[sizeof(u_int64_t)];
        chunk_t spi_i = chunk_from_buf(spi_i_buf);
        chunk_t spi_r = chunk_from_buf(spi_r_buf);
@@ -1571,20 +1572,31 @@ static status_t derive_keys(private_ike_sa_t *this,
        
        /* SK_pi/SK_pr used for authentication => prf_auth_i, prf_auth_r */     
        proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &algo);
-       this->prf_auth_i = prf_create(algo->algorithm);
-       this->prf_auth_r = prf_create(algo->algorithm);
+       prf_i = prf_create(algo->algorithm);
+       prf_r = prf_create(algo->algorithm);
        
-       key_size = this->prf_auth_i->get_key_size(this->prf_auth_i);
+       key_size = prf_i->get_key_size(prf_i);
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
        DBG4(DBG_IKE, "Sk_pi secret %B", &key);
-       this->prf_auth_i->set_key(this->prf_auth_i, key);
+       prf_i->set_key(prf_i, key);
        chunk_free(&key);
        
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
        DBG4(DBG_IKE, "Sk_pr secret %B", &key);
-       this->prf_auth_r->set_key(this->prf_auth_r, key);
+       prf_r->set_key(prf_r, key);
        chunk_free(&key);
        
+       if (initiator)
+       {
+               this->auth_verify = prf_r;
+               this->auth_build = prf_i;
+       }
+       else
+       {
+               this->auth_verify = prf_i;
+               this->auth_build = prf_r;
+       }
+       
        /* all done, prf_plus not needed anymore */
        prf_plus->destroy(prf_plus);
        
@@ -1764,7 +1776,7 @@ static status_t rekey(private_ike_sa_t *this)
 /**
  * Implementation of ike_sa_t.get_rekeying_transaction.
  */
-static rekey_ike_sa_t* get_rekeying_transaction(private_ike_sa_t *this)
+static transaction_t* get_rekeying_transaction(private_ike_sa_t *this)
 {
        return this->rekeying_transaction;
 }
@@ -1772,7 +1784,7 @@ static rekey_ike_sa_t* get_rekeying_transaction(private_ike_sa_t *this)
 /**
  * Implementation of ike_sa_t.set_rekeying_transaction.
  */
-static void set_rekeying_transaction(private_ike_sa_t *this, rekey_ike_sa_t *rekey)
+static void set_rekeying_transaction(private_ike_sa_t *this, transaction_t *rekey)
 {
        this->rekeying_transaction = rekey;
 }
@@ -1920,8 +1932,8 @@ static void destroy(private_ike_sa_t *this)
        DESTROY_IF(this->signer_out);
        DESTROY_IF(this->prf);
        DESTROY_IF(this->child_prf);
-       DESTROY_IF(this->prf_auth_i);
-       DESTROY_IF(this->prf_auth_r);
+       DESTROY_IF(this->auth_verify);
+       DESTROY_IF(this->auth_build);
        
        DESTROY_IF(this->my_host);
        DESTROY_IF(this->other_host);
@@ -1967,8 +1979,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->public.send_keepalive = (void (*)(ike_sa_t*)) send_keepalive;
        this->public.get_prf = (prf_t *(*) (ike_sa_t *)) get_prf;
        this->public.get_child_prf = (prf_t *(*) (ike_sa_t *)) get_child_prf;
-       this->public.get_prf_auth_i = (prf_t *(*) (ike_sa_t *)) get_prf_auth_i;
-       this->public.get_prf_auth_r = (prf_t *(*) (ike_sa_t *)) get_prf_auth_r;
+       this->public.get_auth_verify = (prf_t *(*) (ike_sa_t *)) get_auth_verify;
+       this->public.get_auth_build = (prf_t *(*) (ike_sa_t *)) get_auth_build;
        this->public.derive_keys = (status_t (*) (ike_sa_t *,proposal_t*,diffie_hellman_t*,chunk_t,chunk_t,bool,prf_t*,prf_t*)) derive_keys;
        this->public.add_child_sa = (void (*) (ike_sa_t*,child_sa_t*)) add_child_sa;
        this->public.has_child_sa = (bool(*)(ike_sa_t*,u_int32_t)) has_child_sa;
@@ -1982,8 +1994,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->public.set_lifetimes = (void(*)(ike_sa_t*,u_int32_t,u_int32_t))set_lifetimes;
        this->public.apply_connection = (void(*)(ike_sa_t*,connection_t*))apply_connection;
        this->public.rekey = (status_t(*)(ike_sa_t*))rekey;
-       this->public.get_rekeying_transaction = (void*(*)(ike_sa_t*))get_rekeying_transaction;
-       this->public.set_rekeying_transaction = (void(*)(ike_sa_t*,void*))set_rekeying_transaction;
+       this->public.get_rekeying_transaction = (transaction_t*(*)(ike_sa_t*))get_rekeying_transaction;
+       this->public.set_rekeying_transaction = (void(*)(ike_sa_t*,transaction_t*))set_rekeying_transaction;
        this->public.adopt_children = (void(*)(ike_sa_t*,ike_sa_t*))adopt_children;
        
        /* initialize private fields */
@@ -1999,8 +2011,8 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id)
        this->signer_in = NULL;
        this->signer_out = NULL;
        this->prf = NULL;
-       this->prf_auth_i = NULL;
-       this->prf_auth_r = NULL;
+       this->auth_verify = NULL;
+       this->auth_build = NULL;
        this->child_prf = NULL;
        this->nat_here = FALSE;
        this->nat_there = FALSE;
index f09625a..f4710b1 100644 (file)
 #ifndef IKE_SA_H_
 #define IKE_SA_H_
 
+typedef enum ike_sa_state_t ike_sa_state_t;
+typedef struct ike_sa_t ike_sa_t;
+
 #include <types.h>
 #include <encoding/message.h>
 #include <encoding/payloads/proposal_substructure.h>
 #include <sa/ike_sa_id.h>
 #include <sa/child_sa.h>
+#include <sa/transactions/transaction.h>
 #include <config/configuration.h>
 #include <utils/randomizer.h>
 #include <crypto/prfs/prf.h>
 #include <config/policies/policy.h>
 #include <config/proposal.h>
 
-
 #define IKE_SA_PRINTF_SPEC 'K'
 
-typedef enum ike_sa_state_t ike_sa_state_t;
-
 /**
  * @brief State of an IKE_SA.
  *
@@ -116,9 +117,6 @@ enum ike_sa_state_t {
  */
 extern enum_name_t *ike_sa_state_names;
 
-
-typedef struct ike_sa_t ike_sa_t;
-
 /**
  * @brief Class ike_sa_t representing an IKE_SA.
  *
@@ -444,20 +442,20 @@ struct ike_sa_t {
        prf_t *(*get_child_prf) (ike_sa_t *this);
        
        /**
-        * @brief Get the prf used for authentication of initiator.
+        * @brief Get the prf to build outgoing authentication data.
         * 
         * @param this                  calling object
         * @return                              pointer to prf_t object
         */
-       prf_t *(*get_prf_auth_i) (ike_sa_t *this);
+       prf_t *(*get_auth_build) (ike_sa_t *this);
        
        /**
-        * @brief Get the prf used for authentication of responder.
+        * @brief Get the prf to verify incoming authentication data.
         * 
         * @param this                  calling object
         * @return                              pointer to prf_t object
         */
-       prf_t *(*get_prf_auth_r) (ike_sa_t *this);
+       prf_t *(*get_auth_verify) (ike_sa_t *this);
        
        /**
         * @brief Associates a child SA to this IKE SA
@@ -567,13 +565,11 @@ struct ike_sa_t {
 
        /**
         * @brief Get the transaction which rekeys this IKE_SA.
-        * 
-        * @todo Fix include for rekey_ike_sa.h
         *
         * @param this                  calling object
         * @return                              rekey_ike_sa_t transaction or NULL
         */
-       void* (*get_rekeying_transaction) (ike_sa_t *this);
+       transaction_t* (*get_rekeying_transaction) (ike_sa_t *this);
 
        /**
         * @brief Set the transaction which rekeys this IKE_SA.
@@ -581,7 +577,7 @@ struct ike_sa_t {
         * @param this                  calling object
         * @param rekey                 rekey_ike_sa_t transaction or NULL
         */
-       void (*set_rekeying_transaction) (ike_sa_t *this, void *rekey);
+       void (*set_rekeying_transaction) (ike_sa_t *this, transaction_t *rekey);
 
        /**
         * @brief Move all children from other IKE_SA to this IKE_SA.
index a4ff889..8462d65 100644 (file)
@@ -25,6 +25,8 @@
 #ifndef IKE_SA_ID_H_
 #define IKE_SA_ID_H_
 
+typedef struct ike_sa_id_t ike_sa_id_t;
+
 #include <types.h>
 
 /**
@@ -32,8 +34,6 @@
  */
 #define IKE_SA_ID_PRINTF_SPEC 'J'
 
-typedef struct ike_sa_id_t ike_sa_id_t;
-
 /**
  * @brief An object of type ike_sa_id_t is used to identify an IKE_SA.
  *
index d99c6bf..c14d04a 100644 (file)
 #ifndef IKE_SA_MANAGER_H_
 #define IKE_SA_MANAGER_H_
 
+typedef struct ike_sa_manager_t ike_sa_manager_t;
+
 #include <types.h>
 #include <sa/ike_sa.h>
 
-typedef struct ike_sa_manager_t ike_sa_manager_t;
-
 /**
  * @brief The IKE_SA-Manager is responsible for managing all initiated and responded IKE_SA's.
  *
index 64984cb..c04fd11 100644 (file)
@@ -337,7 +337,8 @@ static status_t get_request(private_create_child_sa_t *this, message_t **result)
                request->add_payload(request, (payload_t*)notify);
                
                /* register us as rekeying to detect multiple rekeying */
-               this->rekeyed_sa->set_rekeying_transaction(this->rekeyed_sa, &this->public);
+               this->rekeyed_sa->set_rekeying_transaction(this->rekeyed_sa,
+                                                                                                  &this->public.transaction);
        }
        
        this->message_id = this->ike_sa->get_next_message_id(this->ike_sa);
@@ -718,7 +719,8 @@ static status_t get_response(private_create_child_sa_t *this, message_t *request
        {
                private_create_child_sa_t *other;
                
-               other = this->rekeyed_sa->get_rekeying_transaction(this->rekeyed_sa);
+               other = (private_create_child_sa_t*)
+                       this->rekeyed_sa->get_rekeying_transaction(this->rekeyed_sa);
                if (other)
                {
                        /* store our lower nonce in the simultaneus transaction, it 
index f35b252..8ce72e1 100644 (file)
 #ifndef CREATE_CHILD_SA_H_
 #define CREATE_CHILD_SA_H_
 
+typedef struct create_child_sa_t create_child_sa_t;
+
+#include <sa/transactions/transaction.h>
 #include <sa/ike_sa.h>
 #include <sa/child_sa.h>
-#include <sa/transactions/transaction.h>
-
-
-typedef struct create_child_sa_t create_child_sa_t;
 
 /**
  * @brief A transaction to create a new or rekey an existing CHILD_SA.
index a1aeb24..78d7b9b 100644 (file)
 #ifndef DEAD_PEER_DETECTION_H_
 #define DEAD_PEER_DETECTION_H_
 
+typedef struct dead_peer_detection_t dead_peer_detection_t;
+
 #include <sa/ike_sa.h>
 #include <sa/transactions/transaction.h>
 
-
-typedef struct dead_peer_detection_t dead_peer_detection_t;
-
 /**
  * @brief A transaction used to detect dead peers.
  *
index 6fb367d..7ec3320 100644 (file)
@@ -180,7 +180,7 @@ static status_t process_delete(private_delete_child_sa_t *this, delete_payload_t
                        DBG1(DBG_IKE, "received DELETE for %N CHILD_SA with SPI 0x%x, deleting",
                                 protocol_id_names, protocol, ntohl(spi));
                        
-                       rekey = child_sa->get_rekeying_transaction(child_sa);
+                       rekey = (create_child_sa_t*)child_sa->get_rekeying_transaction(child_sa);
                        if (rekey)
                        {
                                /* we have received a delete for an SA which we are still rekeying.
index da222f0..b4cd8ea 100644 (file)
 #ifndef DELETE_CHILD_SA_H_
 #define DELETE_CHILD_SA_H_
 
+typedef struct delete_child_sa_t delete_child_sa_t;
+
 #include <sa/ike_sa.h>
 #include <sa/transactions/transaction.h>
 
 
-typedef struct delete_child_sa_t delete_child_sa_t;
-
 /**
  * @brief A transaction used to delete a CHILD_SA.
  *
index 74f4275..139e65e 100644 (file)
 #ifndef DELETE_IKE_SA_H_
 #define DELETE_IKE_SA_H_
 
+typedef struct delete_ike_sa_t delete_ike_sa_t;
+
 #include <sa/ike_sa.h>
 #include <sa/transactions/transaction.h>
 
-
-typedef struct delete_ike_sa_t delete_ike_sa_t;
-
 /**
  * @brief A transaction used to delete the IKE_SA.
  *
index a229d4d..b09b703 100644 (file)
@@ -33,7 +33,7 @@
 #include <encoding/payloads/certreq_payload.h>
 #include <encoding/payloads/auth_payload.h>
 #include <encoding/payloads/ts_payload.h>
-#include <sa/authenticator.h>
+#include <sa/authenticators/authenticator.h>
 #include <sa/child_sa.h>
 
 
@@ -238,7 +238,7 @@ static status_t get_request(private_ike_auth_t *this, message_t **result)
        }
        
        /* build certificate payload. TODO: Handle certreq from init_ike_sa. */
-       if (this->policy->get_auth_method(this->policy) == RSA_DIGITAL_SIGNATURE
+       if (this->policy->get_auth_method(this->policy) == AUTH_RSA
        &&  this->connection->get_cert_policy(this->connection) != CERT_NEVER_SEND)
        {
                cert_payload_t *cert_payload;
@@ -273,13 +273,15 @@ static status_t get_request(private_ike_auth_t *this, message_t **result)
                
                auth_method = this->policy->get_auth_method(this->policy);
                authenticator = authenticator_create(this->ike_sa, auth_method);
-               status = authenticator->compute_auth_data(authenticator,
-                                                                                                 &auth_payload,
-                                                                                                 this->init_request,
-                                                                                                 this->nonce_r,
-                                                                                                 my_id,
-                                                                                                 other_id,
-                                                                                                 TRUE);
+               if (authenticator == NULL)
+               {
+                       SIG(IKE_UP_FAILED, "auth method %N not supported, deleting IKE_SA",
+                           auth_method_names, auth_method);
+                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
+                       return DESTROY_ME;
+               }
+               status = authenticator->build(authenticator, this->init_request,
+                                                                         this->nonce_r, &auth_payload);
                authenticator->destroy(authenticator);
                if (status != SUCCESS)
                {
@@ -718,7 +720,7 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
                response->add_payload(response, (payload_t*)idr_response);
        }
        
-       if (this->policy->get_auth_method(this->policy) == RSA_DIGITAL_SIGNATURE
+       if (this->policy->get_auth_method(this->policy) == AUTH_RSA
        &&  this->connection->get_cert_policy(this->connection) != CERT_NEVER_SEND)
        {       /* build certificate payload */
                x509_t *cert;
@@ -747,28 +749,37 @@ static status_t get_response(private_ike_auth_t *this, message_t *request,
                auth_method_t auth_method;
                status_t status;
                
-               auth_method = this->policy->get_auth_method(this->policy);
+               auth_method = auth_request->get_auth_method(auth_request);
                authenticator = authenticator_create(this->ike_sa, auth_method);
-               status = authenticator->verify_auth_data(authenticator, auth_request,
-                                                                                                this->init_request,
-                                                                                                this->nonce_r,
-                                                                                                my_id,
-                                                                                                other_id,
-                                                                                                TRUE);
+               if (authenticator == NULL)
+               {
+                       SIG(IKE_UP_FAILED, "auth method %N not supported, deleting IKE_SA",
+                               auth_method_names, auth_method);
+                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
+                       return DESTROY_ME;
+               }
+               status = authenticator->verify(authenticator, this->init_request,
+                                                                          this->nonce_r, auth_request);
+               authenticator->destroy(authenticator);
                if (status != SUCCESS)
                {
                        SIG(IKE_UP_FAILED, "authentication failed, deleting IKE_SA");
                        SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
                        build_notify(AUTHENTICATION_FAILED, response, TRUE);
-                       authenticator->destroy(authenticator);
                        return DESTROY_ME;
                }
-               status = authenticator->compute_auth_data(authenticator, &auth_response,
-                                                                                                 this->init_response,
-                                                                                                 this->nonce_i,
-                                                                                                 my_id,
-                                                                                                 other_id,
-                                                                                                 FALSE);
+               
+               auth_method = this->policy->get_auth_method(this->policy);
+               authenticator = authenticator_create(this->ike_sa, auth_method);
+               if (authenticator == NULL)
+               {
+                       SIG(IKE_UP_FAILED, "auth method %N not supported, deleting IKE_SA",
+                               auth_method_names, auth_method);
+                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
+                       return DESTROY_ME;
+               }
+               status = authenticator->build(authenticator, this->init_response,
+                                                                         this->nonce_i, &auth_response);
                authenticator->destroy(authenticator);
                if (status != SUCCESS)
                {
@@ -968,17 +979,18 @@ static status_t conclude(private_ike_auth_t *this, message_t *response,
                auth_method_t auth_method;
                status_t status;
                
-               auth_method = this->policy->get_auth_method(this->policy);
-               authenticator = authenticator_create(this->ike_sa, auth_method);
                my_id = this->policy->get_my_id(this->policy);
-
-               status = authenticator->verify_auth_data(authenticator,
-                                                                                                auth_payload,
-                                                                                                this->init_response,
-                                                                                                this->nonce_i,
-                                                                                                my_id,
-                                                                                                other_id,
-                                                                                                FALSE);
+               auth_method = auth_payload->get_auth_method(auth_payload);
+               authenticator = authenticator_create(this->ike_sa, auth_method);
+               if (authenticator == NULL)
+               {
+                       SIG(IKE_UP_FAILED, "auth method %N not supported, deleting IKE_SA",
+                               auth_method_names, auth_method);
+                       SIG(CHILD_UP_FAILED, "initiating CHILD_SA failed, unable to create IKE_SA");
+                       return DESTROY_ME;
+               }
+               status = authenticator->verify(authenticator, this->init_response,
+                                                                          this->nonce_i, auth_payload);
                authenticator->destroy(authenticator);
                if (status != SUCCESS)
                {
index 4c6fd82..490359e 100644 (file)
 #ifndef IKE_AUTH_H_
 #define IKE_AUTH_H_
 
+typedef struct ike_auth_t ike_auth_t;
+
 #include <sa/ike_sa.h>
 #include <sa/transactions/transaction.h>
 
-
-typedef struct ike_auth_t ike_auth_t;
-
 /**
  * @brief A transaction for the second message exchange to authenticate an IKE_SA.
  *
index c7a493c..ab820fe 100644 (file)
 #ifndef IKE_SA_INIT_H_
 #define IKE_SA_INIT_H_
 
+typedef struct ike_sa_init_t ike_sa_init_t;
+
 #include <sa/ike_sa.h>
 #include <sa/transactions/transaction.h>
 
-
-typedef struct ike_sa_init_t ike_sa_init_t;
-
 /**
  * @brief A transaction for the first message exchange to set up an IKE_SA.
  * 
index 59fc6f8..06c8707 100644 (file)
@@ -270,7 +270,7 @@ static status_t get_request(private_rekey_ike_sa_t *this, message_t **result)
        
        /* register us as rekeying to detect multiple rekeying */
        this->ike_sa->set_state(this->ike_sa, IKE_REKEYING);
-       this->ike_sa->set_rekeying_transaction(this->ike_sa, &this->public);
+       this->ike_sa->set_rekeying_transaction(this->ike_sa, &this->public.transaction);
        
        return SUCCESS;
 }
@@ -623,7 +623,8 @@ static status_t get_response(private_rekey_ike_sa_t *this, message_t *request,
        {
                private_rekey_ike_sa_t *other;
                
-               other = this->ike_sa->get_rekeying_transaction(this->ike_sa);
+               other = (private_rekey_ike_sa_t*)
+                                               this->ike_sa->get_rekeying_transaction(this->ike_sa);
                if (other)
                {
                        /* store our lower nonce in the simultaneus transaction, we 
@@ -641,7 +642,7 @@ static status_t get_response(private_rekey_ike_sa_t *this, message_t *request,
                                other->nonce_s = chunk_clone(this->nonce_r);
                        }
                        /* overwrite "other" in IKE_SA, allows "other" to access "this" */
-                       this->ike_sa->set_rekeying_transaction(this->ike_sa, &this->public);
+                       this->ike_sa->set_rekeying_transaction(this->ike_sa, &this->public.transaction);
                }
                else
                {
@@ -768,7 +769,8 @@ static status_t conclude(private_rekey_ike_sa_t *this, message_t *response,
         * of the SA. If it changed, we are not alone. Then we must compare the nonces.
         * If no simultaneous rekeying is going on, we just initiate the delete of
         * the superseded SA. */
-       other_trans = this->ike_sa->get_rekeying_transaction(this->ike_sa);
+       other_trans = (private_rekey_ike_sa_t*)
+                                               this->ike_sa->get_rekeying_transaction(this->ike_sa);
        this->ike_sa->set_rekeying_transaction(this->ike_sa, NULL);
        
        if (this->nonce_s.ptr)
index f9b4491..dbb6523 100644 (file)
 #ifndef REKEY_IKE_SA_H
 #define REKEY_IKE_SA_H
 
+typedef struct rekey_ike_sa_t rekey_ike_sa_t;
+
 #include <sa/ike_sa.h>
 #include <sa/transactions/transaction.h>
 #include <crypto/diffie_hellman.h>
 
 
-typedef struct rekey_ike_sa_t rekey_ike_sa_t;
-
 /**
  * @brief A transaction to rekey an established IKE_SA
  *
index bf910ea..a22cf71 100644 (file)
 #ifndef TRANSACTION_H_
 #define TRANSACTION_H_
 
-
 typedef struct transaction_t transaction_t;
 
 #include <types.h>
 #include <encoding/message.h>
 #include <sa/ike_sa.h>
 
-
-
 /**
  * @brief This interface represents a transaction an established IKE_SA can do.
  *
index 4370e82..2655745 100644 (file)
 #ifndef KERNEL_INTERFACE_H_
 #define KERNEL_INTERFACE_H_
 
+typedef struct natt_conf_t natt_conf_t;
+typedef enum policy_dir_t policy_dir_t;
+typedef struct kernel_interface_t kernel_interface_t;
+
 #include <utils/host.h>
 #include <crypto/prf_plus.h>
 #include <encoding/payloads/proposal_substructure.h>
 
-typedef struct natt_conf_t natt_conf_t;
-
 /**
  * Configuration for NAT-T
  */
@@ -41,8 +43,6 @@ struct natt_conf_t {
        u_int16_t dport;
 };
 
-typedef enum policy_dir_t policy_dir_t;
-
 /**
  * Direction of a policy. These are equal to those
  * defined in xfrm.h, but we want to stay implementation
@@ -57,8 +57,6 @@ enum policy_dir_t {
        POLICY_FWD = 2,
 };
 
-typedef struct kernel_interface_t kernel_interface_t;
-
 /**
  * @brief Interface to the kernel.
  * 
index dada9b1..19c0a05 100644 (file)
 #ifndef RECEIVER_H_
 #define RECEIVER_H_
 
-#include <types.h>
-
-
 typedef struct receiver_t receiver_t;
 
+#include <types.h>
+
 /**
  * @brief Receives packets from the socket and adds them to the job queue.
  * 
index 943a18c..e794cce 100644 (file)
 #ifndef SCHEDULER_H_
 #define SCHEDULER_H_
 
-#include <types.h>
-
 typedef struct scheduler_t scheduler_t;
 
+#include <types.h>
+
 /**
  * @brief The scheduler thread is responsible for timed events.
- * 
+ *
  * The scheduler thread takes out jobs from the event-queue and adds them
  * to the job-queue.
- * 
+ *
  * Starts a thread which does the work, since event-queue is blocking.
- * 
+ *
  * @b Constructors:
  *  - scheduler_create()
- * 
+ *
  * @ingroup threads
  */
 struct scheduler_t {   
index a362459..6ec83a7 100644 (file)
 #ifndef SENDER_H_
 #define SENDER_H_
 
-#include <types.h>
-
 typedef struct sender_t sender_t;
 
+#include <types.h>
+
 /**
  * @brief Thread responsible for sending packets over the socket.
  * 
index 941841d..0def516 100644 (file)
@@ -23,8 +23,6 @@
 #ifndef STROKE_INTERFACE_H_
 #define STROKE_INTERFACE_H_
 
-
-
 typedef struct stroke_t stroke_t;
 
 /**
index e4a04e8..2d8fd4f 100644 (file)
 #ifndef THREAD_POOL_H_
 #define THREAD_POOL_H_
 
+typedef struct thread_pool_t thread_pool_t;
+
 #include <stdlib.h>
 
 #include <types.h>
 
-
-typedef struct thread_pool_t thread_pool_t;
-
 /**
  * @brief A thread_pool consists of a pool of threads processing jobs from the job queue.
- * 
+ *
  * Current implementation uses as many threads as specified in constructor.
  * A more improved version would dynamically increase thread count if necessary.
- * 
+ *
  * @b Constructors:
  *  - thread_pool_create()
- * 
+ *
  * @todo Add support for dynamic thread handling
  * 
  * @ingroup threads
index 6561462..b391cbc 100644 (file)
 #ifndef CERTINFO_H_
 #define CERTINFO_H_
 
+typedef enum cert_status_t cert_status_t;
+typedef enum crl_reason_t crl_reason_t;
+typedef struct certinfo_t certinfo_t;
+
 #include <types.h>
 #include <definitions.h>
 
 /**
  * RFC 2560 OCSP - certificate status
  */
-typedef enum {
+enum cert_status_t {
        CERT_GOOD =             0,
        CERT_REVOKED =          1,
        CERT_UNKNOWN =          2,
        CERT_UNDEFINED =        3,
        CERT_UNTRUSTED =        4  /* private use */
-} cert_status_t;
+};
 
 extern enum_name_t *cert_status_names;
 
 /**
  * RFC 2459 CRL reason codes
  */
-typedef enum {
+enum crl_reason_t {
     REASON_UNSPECIFIED =                       0,
     REASON_KEY_COMPROMISE =            1,
     REASON_CA_COMPROMISE =                     2,
@@ -51,16 +55,13 @@ typedef enum {
     REASON_CESSATION_OF_OPERATON =     5,
     REASON_CERTIFICATE_HOLD =          6,
     REASON_REMOVE_FROM_CRL =           8
-} crl_reason_t;
+};
 
 extern enum_name_t *crl_reason_names;
 
-typedef struct certinfo_t certinfo_t;
-
 /**
  * @brief X.509 certificate status information
- * 
- * 
+ *
  * @ingroup transforms
  */
 struct certinfo_t {
index 8848e4e..ff4ccd8 100755 (executable)
@@ -23,6 +23,8 @@
 #ifndef CRL_H_
 #define CRL_H_
 
+typedef struct crl_t crl_t;
+
 #include <types.h>
 #include <definitions.h>
 #include <crypto/rsa/rsa_public_key.h>
@@ -37,8 +39,6 @@
  */
 #define CRL_PRINTF_SPEC 'U'
 
-typedef struct crl_t crl_t;
-
 /**
  * @brief X.509 certificate revocation list
  * 
index 509ee5f..5da248b 100644 (file)
 #ifndef AES_CBC_CRYPTER_H_
 #define AES_CBC_CRYPTER_H_
 
-#include <crypto/crypters/crypter.h>
-
-
 typedef struct aes_cbc_crypter_t aes_cbc_crypter_t;
 
+#include <crypto/crypters/crypter.h>
+
 /**
  * @brief Class implementing the AES symmetric encryption algorithm.
- * 
+ *
  * @b Constructors:
  *  - aes_cbc_crypter_create()
- * 
+ *
  * @ingroup crypters
  */
 struct aes_cbc_crypter_t {
index cb7f9b1..411dfed 100644 (file)
 #ifndef CRYPTER_H_
 #define CRYPTER_H_
 
-#include <types.h>
-
 typedef enum encryption_algorithm_t encryption_algorithm_t;
+typedef struct crypter_t crypter_t;
+
+#include <types.h>
 
 /**
  * @brief Encryption algorithm, as in IKEv2 RFC 3.3.2.
- * 
+ *
  * Currently only the following algorithms are implemented:
  * - ENCR_AES_CBC
  * - ENCR_DES
  * - ENCR_3DES
- * 
+ *
  * @ingroup crypters
  */
 enum encryption_algorithm_t {
@@ -62,15 +63,12 @@ enum encryption_algorithm_t {
  */
 extern enum_name_t *encryption_algorithm_names;
 
-
-typedef struct crypter_t crypter_t;
-
 /**
  * @brief Generic interface for symmetric encryption algorithms.
- * 
+ *
  * @b Constructors:
  *  - crypter_create()
- * 
+ *
  * @ingroup crypters
  */
 struct crypter_t {
index 90e1580..0c87b0a 100644 (file)
 #ifndef DES_CRYPTER_H_
 #define DES_CRYPTER_H_
 
-#include <crypto/crypters/crypter.h>
+typedef struct des_crypter_t des_crypter_t;
 
+#include <crypto/crypters/crypter.h>
 
-typedef struct des_crypter_t des_crypter_t;
 
 /**
  * @brief Class implementing the DES and 3DES encryption algorithms.
index 4659c7f..65921a5 100644 (file)
 #ifndef DIFFIE_HELLMAN_H_
 #define DIFFIE_HELLMAN_H_
 
-#include <types.h>
-
-
 typedef enum diffie_hellman_group_t diffie_hellman_group_t;
+typedef struct diffie_hellman_t diffie_hellman_t;
 
-/** 
+#include <types.h>
+
+/**
  * @brief Diffie-Hellman group.
- * 
+ *
  * The modulus (or group) to use for a Diffie-Hellman calculation.
- * 
+ *
  * See IKEv2 RFC 3.3.2 and RFC 3526.
- * 
+ *
  * @ingroup transforms
  */
 enum diffie_hellman_group_t {
@@ -55,9 +55,6 @@ enum diffie_hellman_group_t {
  */
 extern enum_name_t *diffie_hellman_group_names;
 
-
-typedef struct diffie_hellman_t diffie_hellman_t;
-
 /**
  * @brief Implementation of the widely used Diffie-Hellman algorithm.
  * 
index ed3defb..3c6192f 100644 (file)
 #ifndef HASHER_H_
 #define HASHER_H_
 
+typedef enum hash_algorithm_t hash_algorithm_t;
+typedef struct hasher_t hasher_t;
 
 #include <types.h>
 
-
-typedef enum hash_algorithm_t hash_algorithm_t;
-
 /**
  * @brief Algorithms to use for hashing.
- * 
+ *
  * Currently only the following algorithms are implemented:
  * - HASH_MD5
  * - HASH_SHA1
@@ -70,8 +69,6 @@ enum hash_algorithm_t {
 extern enum_name_t *hash_algorithm_names;
 
 
-typedef struct hasher_t hasher_t;
-
 /**
  * @brief Generic interface for all hash functions.
  * 
index 8447a72..715f116 100644 (file)
 #ifndef MD5_HASHER_H_
 #define MD5_HASHER_H_
 
-#include <crypto/hashers/hasher.h>
-
-
 typedef struct md5_hasher_t md5_hasher_t;
 
+#include <crypto/hashers/hasher.h>
+
 /**
  * @brief Implementation of hasher_t interface using the
  * MD5 algorithm.
- * 
+ *
  * @b Constructors:
  * - hasher_create() using HASH_MD5 as algorithm
  * - md5_hasher_create()
- * 
+ *
  * @see hasher_t
- * 
+ *
  * @ingroup hashers
  */
 struct md5_hasher_t {
index d200a23..380fa98 100644 (file)
 #ifndef SHA1_HASHER_H_
 #define SHA1_HASHER_H_
 
-#include <crypto/hashers/hasher.h>
-
-
 typedef struct sha1_hasher_t sha1_hasher_t;
 
+#include <crypto/hashers/hasher.h>
+
 /**
  * @brief Implementation of hasher_t interface using the
  * SHA1 algorithm.
index d5a8a70..91e82fe 100644 (file)
 #ifndef SHA2_HASHER_H_
 #define SHA2_HASHER_H_
 
-#include <crypto/hashers/hasher.h>
-
-
 typedef struct sha2_hasher_t sha2_hasher_t;
 
+#include <crypto/hashers/hasher.h>
+
 /**
  * @brief Implementation of hasher_t interface using the SHA2 algorithms.
- * 
+ *
  * SHA2 is an other name for the SHA-256, SHA-384 and SHA-512 variants of
  * the SHA hash algorithm.
- * 
+ *
  * @b Constructors:
  * - hasher_create() using HASH_SHA256, HASH_SHA384 or HASH_SHA512 as algorithm
  * - sha2_hasher_create()
- * 
+ *
  * @see hasher_t
  * 
  * @ingroup hashers
index cddd862..0f9ac70 100644 (file)
 #ifndef HMAC_H_
 #define HMAC_H_
 
+typedef struct hmac_t hmac_t;
+
 #include <crypto/hashers/hasher.h>
 #include <definitions.h>
 
-
-typedef struct hmac_t hmac_t;
-
 /**
  * @brief Message authentication using hash functions.
- * 
+ *
  * This class implements the message authenticaion algorithm
  * described in RFC2104. It uses a hash function, wich must
  * be implemented as a hasher_t class.
- * 
+ *
  * See http://www.faqs.org/rfcs/rfc2104.html for RFC.
  * @see        
  *                     - hasher_t
  *                     - prf_hmac_t
- * 
+ *
  * @b Constructors:
  *  - hmac_create()
- * 
+ *
  * @ingroup transforms
  */
 struct hmac_t {
index 430162a..90f9ce2 100644 (file)
 #ifndef PRF_PLUS_H_
 #define PRF_PLUS_H_
 
+typedef struct prf_plus_t prf_plus_t;
 
 #include <crypto/prfs/prf.h>
 
-
-typedef struct prf_plus_t prf_plus_t;
-
 /**
  * @brief Implementation of the prf+ function described in IKEv2 RFC.
  *
index 17b28ac..ecd6196 100644 (file)
 #ifndef PRF_HMAC_H_
 #define PRF_HMAC_H_
 
+typedef struct hmac_prf_t hmac_prf_t;
+
 #include <types.h>
 #include <crypto/prfs/prf.h>
 #include <crypto/hashers/hasher.h>
 
-typedef struct hmac_prf_t hmac_prf_t;
-
 /**
  * @brief Implementation of prf_t interface using the
  * HMAC algorithm.
index 0a0e0fa..b95cc45 100644 (file)
 #ifndef PRF_H_
 #define PRF_H_
 
-#include <types.h>
-
 typedef enum pseudo_random_function_t pseudo_random_function_t;
+typedef struct prf_t prf_t;
+
+#include <types.h>
 
 /**
  * @brief Pseudo random function, as in IKEv2 RFC 3.3.2.
@@ -52,9 +53,6 @@ enum pseudo_random_function_t {
  */
 extern enum_name_t *pseudo_random_function_names;
 
-
-typedef struct prf_t prf_t;
-
 /**
  * @brief Generic interface for pseudo-random-functions.
  * 
index da5cb43..2263d2f 100644 (file)
 #ifndef RSA_PRIVATE_KEY_H_
 #define RSA_PRIVATE_KEY_H_
 
+typedef struct rsa_private_key_t rsa_private_key_t;
+
 #include <types.h>
 #include <definitions.h>
 #include <crypto/rsa/rsa_public_key.h>
 #include <crypto/hashers/hasher.h>
 
-
-typedef struct rsa_private_key_t rsa_private_key_t;
-
 /**
  * @brief RSA private key with associated functions.
- * 
+ *
  * Currently only supports signing using EMSA encoding.
- * 
+ *
  * @b Constructors:
  *  - rsa_private_key_create()
  *  - rsa_private_key_create_from_chunk()
  *  - rsa_private_key_create_from_file()
  * 
  * @see rsa_public_key_t
- * 
+ *
  * @todo Implement get_key(), save_key(), get_public_key()
  *
  * @ingroup rsa
index 033995e..b56df28 100644 (file)
 #ifndef RSA_PUBLIC_KEY_H_
 #define RSA_PUBLIC_KEY_H_
 
+typedef struct rsa_public_key_t rsa_public_key_t;
+
 #include <gmp.h>
 
 #include <types.h>
 #include <definitions.h>
 
-
-typedef struct rsa_public_key_t rsa_public_key_t;
-
 /**
  * @brief RSA public key with associated functions.
  * 
index 057d61f..5b95490 100644 (file)
 #ifndef HMAC_SIGNER_H_
 #define HMAC_SIGNER_H_
 
+typedef struct hmac_signer_t hmac_signer_t;
+
 #include <crypto/signers/signer.h>
 #include <crypto/hashers/hasher.h>
 
-typedef struct hmac_signer_t hmac_signer_t;
-
 /**
  * @brief Implementation of signer_t interface using the
  * HMAC algorithm in combination with either MD5 or SHA1.
index b7c7af5..a9a80a5 100644 (file)
 #ifndef SIGNER_H_
 #define SIGNER_H_
 
+typedef enum integrity_algorithm_t integrity_algorithm_t;
+typedef struct signer_t signer_t;
+
 #include <types.h>
 #include <definitions.h>
 
-typedef enum integrity_algorithm_t integrity_algorithm_t;
-
 /**
  * @brief Integrity algorithm, as in IKEv2 RFC 3.3.2.
  * 
@@ -54,18 +55,15 @@ enum integrity_algorithm_t {
  */
 extern enum_name_t *integrity_algorithm_names;
 
-
-typedef struct signer_t signer_t;
-
 /**
  * @brief Generig interface for a symmetric signature algorithm.
- * 
+ *
  * @b Constructors:
  *  - signer_create()
  *  - hmac_signer_create()
- * 
+ *
  * @todo Implement more integrity algorithms
- * 
+ *
  * @ingroup signers
  */
 struct signer_t {
index 5d0b2c9..346590e 100755 (executable)
@@ -23,6 +23,8 @@
 #ifndef X509_H_
 #define X509_H_
 
+typedef struct x509_t x509_t;
+
 #include <types.h>
 #include <definitions.h>
 #include <crypto/rsa/rsa_public_key.h>
@@ -37,8 +39,6 @@
  */
 #define X509_PRINTF_SPEC 'Q'
 
-typedef struct x509_t x509_t;
-
 /**
  * @brief X.509 certificate.
  * 
index 38bdc80..74b75ee 100644 (file)
@@ -25,6 +25,9 @@
 #ifndef HOST_H_
 #define HOST_H_
 
+typedef enum host_diff_t host_diff_t;
+typedef struct host_t host_t;
+
 #include <stdlib.h>
 #include <stdio.h>
 #include <sys/types.h>
@@ -35,7 +38,6 @@
 
 #include <types.h>
 
-
 /**
  * printf() specifier to print a host.
  * The specifier option '#' does include the port number, e.g.:
@@ -43,8 +45,6 @@
  */
 #define HOST_PRINTF_SPEC 'H'
 
-typedef enum host_diff_t host_diff_t;
-
 /**
  * Differences between two hosts. They differ in
  * address, port, or both.
@@ -55,8 +55,6 @@ enum host_diff_t {
        HOST_DIFF_PORT = 2,
 };
 
-typedef struct host_t host_t;
-
 /**
  * @brief Representates a Host
  * 
index 0d2bc79..8d8b599 100644 (file)
 #ifndef IDENTIFICATION_H_
 #define IDENTIFICATION_H_
 
-#include "types.h"
+typedef enum id_type_t id_type_t;
+typedef struct identification_t identification_t;
+
+#include <types.h>
 
 #define MAX_WILDCARDS     14
 /**
@@ -33,8 +36,6 @@
  */
 #define IDENTIFICATION_PRINTF_SPEC 'D'
 
-typedef enum id_type_t id_type_t;
-
 /**
  * @brief ID Types in a ID payload.
  *
@@ -120,8 +121,6 @@ enum id_type_t {
  */
 extern enum_name_t *id_type_names;
 
-typedef struct identification_t identification_t;
-
 /**
  * @brief Generic identification, such as used in ID payload.
  * 
index 668fbb7..51a8d60 100644 (file)
@@ -28,18 +28,18 @@ typedef struct iterator_t iterator_t;
 
 /**
  * @brief Iterator interface, allows iteration over collections.
- * 
+ *
  * iterator_t defines an interface for iterating over collections.
  * It allows searching, deleting, updating and inserting.
- * 
+ *
  * Thanks to JMP for iterator lessons :-)
- * 
+ *
  * @b Constructors:
  * - via linked_list_t.create_iterator, or
  * - any other class which supports the iterator_t interface
- * 
+ *
  * @see linked_list_t
- * 
+ *
  * @ingroup utils 
  */
 struct iterator_t {
index 63c7eb6..6a97d44 100644 (file)
 #ifndef LINKED_LIST_H_
 #define LINKED_LIST_H_
 
+typedef struct linked_list_t linked_list_t;
+
 #include <pthread.h>
 
 #include <types.h>
 #include <utils/iterator.h>
 
-
-typedef struct linked_list_t linked_list_t;
-
 /**
  * @brief Class implementing a double linked list.
  *
  * General purpose linked list. This list is not synchronized.
- * 
+ *
  * @b Costructors:
  * - linked_list_create()
  *
index 2387cd5..d797633 100644 (file)
@@ -24,8 +24,9 @@
 #ifndef RANDOMIZER_H_
 #define RANDOMIZER_H_
 
-#include <types.h>
+typedef struct randomizer_t randomizer_t;
 
+#include <types.h>
 
 #ifndef DEV_RANDOM
 /**
@@ -41,8 +42,6 @@
 # define DEV_URANDOM "/dev/urandom"
 #endif
 
-typedef struct randomizer_t randomizer_t;
-
 /**
  * @brief Class used to get random and pseudo random values.
  *