Some documentation corrections
This commit is contained in:
Adrian-Ken Rueegsegger
Tobias Brunner
parent
17e3a92661
commit
2a375e62f3
|
|
@ -63,7 +63,6 @@ extern enum_name_t *auth_class_names;
|
|||
* to transport credentials during the authentication process.
|
||||
*/
|
||||
enum auth_rule_t {
|
||||
|
||||
/** identity to use for IKEv2 authentication exchange, identification_t* */
|
||||
AUTH_RULE_IDENTITY,
|
||||
/** authentication class, auth_class_t */
|
||||
|
|
@ -119,8 +118,8 @@ extern enum_name_t *auth_rule_names;
|
|||
*
|
||||
* RFC4739 defines multiple authentication rounds. This class defines such
|
||||
* a round from a configuration perspective, either for the local or the remote
|
||||
* peer. Local config are called "rulesets", as they define how we authenticate.
|
||||
* Remote peer configs are called "constraits", they define what is needed to
|
||||
* peer. Local configs are called "rulesets". They define how we authenticate.
|
||||
* Remote peer configs are called "constraits". They define what is needed to
|
||||
* complete the authentication round successfully.
|
||||
*
|
||||
* @verbatim
|
||||
|
|
@ -144,7 +143,7 @@ extern enum_name_t *auth_rule_names;
|
|||
|
||||
@endverbatim
|
||||
*
|
||||
* Values for each items are either pointers (casted to void*) or short
|
||||
* Values for each item are either pointers (casted to void*) or short
|
||||
* integers (use uintptr_t cast).
|
||||
*/
|
||||
struct auth_cfg_t {
|
||||
|
|
@ -158,7 +157,7 @@ struct auth_cfg_t {
|
|||
void (*add)(auth_cfg_t *this, auth_rule_t rule, ...);
|
||||
|
||||
/**
|
||||
* Get an rule value.
|
||||
* Get a rule value.
|
||||
*
|
||||
* @param rule rule type
|
||||
* @return bool if item has been found
|
||||
|
|
@ -173,9 +172,9 @@ struct auth_cfg_t {
|
|||
enumerator_t* (*create_enumerator)(auth_cfg_t *this);
|
||||
|
||||
/**
|
||||
* Replace an rule at enumerator position.
|
||||
* Replace a rule at enumerator position.
|
||||
*
|
||||
* @param pos enumerator position position
|
||||
* @param pos enumerator position
|
||||
* @param rule rule type
|
||||
* @param ... associated value to rule
|
||||
*/
|
||||
|
|
@ -186,7 +185,7 @@ struct auth_cfg_t {
|
|||
* Check if a used config fulfills a set of configured constraints.
|
||||
*
|
||||
* @param constraints required authorization rules
|
||||
* @param log_error wheter to log compliance errors
|
||||
* @param log_error whether to log compliance errors
|
||||
* @return TRUE if this complies with constraints
|
||||
*/
|
||||
bool (*complies)(auth_cfg_t *this, auth_cfg_t *constraints, bool log_error);
|
||||
|
|
@ -202,20 +201,20 @@ struct auth_cfg_t {
|
|||
/**
|
||||
* Purge all rules in a config.
|
||||
*
|
||||
* @param keep_ca wheter to keep AUTH_RULE_CA_CERT entries
|
||||
* @param keep_ca whether to keep AUTH_RULE_CA_CERT entries
|
||||
*/
|
||||
void (*purge)(auth_cfg_t *this, bool keep_ca);
|
||||
|
||||
/**
|
||||
* Check two configs for equality.
|
||||
*
|
||||
* @param other other config to compaire against this
|
||||
* @param other other config to compare against this
|
||||
* @return TRUE if auth infos identical
|
||||
*/
|
||||
bool (*equals)(auth_cfg_t *this, auth_cfg_t *other);
|
||||
|
||||
/**
|
||||
* Clone a authentication config, including all rules.
|
||||
* Clone an authentication config, including all rules.
|
||||
*
|
||||
* @return cloned configuration
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -28,8 +28,8 @@ typedef enum builder_part_t builder_part_t;
|
|||
/**
|
||||
* Constructor function to build credentials.
|
||||
*
|
||||
* Any added parts are cloned/refcounted by the builder implementation, a
|
||||
* caller may need to free the passed ressources themself.
|
||||
* Any added parts are cloned/refcounted by the builder implementation.
|
||||
* Callers may need to free the passed ressources themselves.
|
||||
*
|
||||
* @param subtype constructor specific subtype, e.g. a certificate_type_t
|
||||
* @param args list of builder part types, followed by parts, BUILD_END
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ struct cert_validator_t {
|
|||
*
|
||||
* @param subject subject certificate to check
|
||||
* @param issuer issuer of subject
|
||||
* @param online wheter to do online revocation checking
|
||||
* @param online whether to do online revocation checking
|
||||
* @param pathlen the current length of the path bottom-up
|
||||
* @param anchor is issuer trusted root anchor
|
||||
* @param auth container for resulting authentication info
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ bool cred_encoding_args(va_list args, ...);
|
|||
/**
|
||||
* Encoding type of a fingerprint/credential.
|
||||
*
|
||||
* Fingerprints have have the KEYID_*, public keys the PUBKEY_* and
|
||||
* Fingerprints have the KEYID_*, public keys the PUBKEY_* and
|
||||
* private keys the PRIVKEY_* prefix.
|
||||
*/
|
||||
enum cred_encoding_type_t {
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ struct credential_factory_t {
|
|||
* The variable argument list takes builder_part_t types followed
|
||||
* by the type specific value. The list must be terminated using BUILD_END.
|
||||
* All passed parts get cloned/refcounted by the builder functions,
|
||||
* so free up allocated ressources after successful and unsuccessful
|
||||
* so free up allocated resources after successful and unsuccessful
|
||||
* invocations.
|
||||
*
|
||||
* @param type credential type to build
|
||||
|
|
|
|||
|
|
@ -866,7 +866,7 @@ METHOD(credential_manager_t, create_public_enumerator, enumerator_t*,
|
|||
}
|
||||
|
||||
/**
|
||||
* Check if an helper contains a certificate as trust anchor
|
||||
* Check if a helper contains a certificate as trust anchor
|
||||
*/
|
||||
static bool auth_contains_cacert(auth_cfg_t *auth, certificate_t *cert)
|
||||
{
|
||||
|
|
@ -949,7 +949,7 @@ static auth_cfg_t *build_trustchain(private_credential_manager_t *this,
|
|||
}
|
||||
|
||||
/**
|
||||
* find a private key of a give certificate
|
||||
* find a private key of a given certificate
|
||||
*/
|
||||
static private_key_t *get_private_by_cert(private_credential_manager_t *this,
|
||||
certificate_t *cert, key_type_t type)
|
||||
|
|
|
|||
|
|
@ -36,11 +36,11 @@ typedef struct credential_manager_t credential_manager_t;
|
|||
* Manages credentials using credential_sets.
|
||||
*
|
||||
* The credential manager is the entry point of the credential framework. It
|
||||
* uses so called "sets" to access credentials in a modular fashion, these
|
||||
* uses so called "sets" to access credentials in a modular fashion. These
|
||||
* are implemented through the credential_set_t interface.
|
||||
* The manager additionally does trust chain verification and trust status
|
||||
* chaching. A set may call the managers methods if it needs credentials itself,
|
||||
* the manager uses recursive locking.
|
||||
* caching. A set may call the managers methods if it needs credentials itself.
|
||||
* The manager uses recursive locking.
|
||||
*
|
||||
* @verbatim
|
||||
|
||||
|
|
@ -62,8 +62,8 @@ typedef struct credential_manager_t credential_manager_t;
|
|||
|
||||
@endverbatim
|
||||
*
|
||||
* The credential manager uses rwlocks for performance reasons, credential
|
||||
* sets must be fully thread save.
|
||||
* The credential manager uses rwlocks for performance reasons. Credential
|
||||
* sets must be fully thread-safe.
|
||||
*/
|
||||
struct credential_manager_t {
|
||||
|
||||
|
|
@ -84,7 +84,7 @@ struct credential_manager_t {
|
|||
*
|
||||
* The enumerator enumerates over:
|
||||
* shared_key_t*, id_match_t me, id_match_t other
|
||||
* But must accepts values for the id_matches.
|
||||
* But must accept values for the id_matches.
|
||||
*
|
||||
* @param type kind of requested shared key
|
||||
* @param first first subject between key is shared
|
||||
|
|
@ -120,7 +120,7 @@ struct credential_manager_t {
|
|||
*
|
||||
* @param type kind of requested shared key
|
||||
* @param me own identity
|
||||
* @param other peers identity
|
||||
* @param other peer identity
|
||||
* @return shared_key_t, NULL if none found
|
||||
*/
|
||||
shared_key_t *(*get_shared)(credential_manager_t *this, shared_key_type_t type,
|
||||
|
|
@ -130,7 +130,7 @@ struct credential_manager_t {
|
|||
*
|
||||
* The get_private() method gets a secret private key identified by either
|
||||
* the keyid itself or an id the key belongs to.
|
||||
* The auth parameter contains additional information, such as receipients
|
||||
* The auth parameter contains additional information, such as recipients
|
||||
* trusted CA certs. Auth gets filled with subject and CA certificates
|
||||
* needed to validate a created signature.
|
||||
*
|
||||
|
|
@ -163,7 +163,7 @@ struct credential_manager_t {
|
|||
/**
|
||||
* Create an enumerator over trusted public keys.
|
||||
*
|
||||
* This method gets a an enumerator over trusted public keys to verify a
|
||||
* This method creates an enumerator over trusted public keys to verify a
|
||||
* signature created by id. The auth parameter contains additional
|
||||
* authentication infos, e.g. peer and intermediate certificates.
|
||||
* The resulting enumerator enumerates over public_key_t *, auth_cfg_t *,
|
||||
|
|
@ -180,7 +180,7 @@ struct credential_manager_t {
|
|||
key_type_t type, identification_t *id, auth_cfg_t *auth);
|
||||
|
||||
/**
|
||||
* Cache a certificate by invoking cache_cert() on all registerd sets.
|
||||
* Cache a certificate by invoking cache_cert() on all registered sets.
|
||||
*
|
||||
* @param cert certificate to cache
|
||||
*/
|
||||
|
|
@ -199,8 +199,8 @@ struct credential_manager_t {
|
|||
/**
|
||||
* Check if a given subject certificate is issued by an issuer certificate.
|
||||
*
|
||||
* This operation does signature verification, but uses the credential
|
||||
* managers cache for to speed up the operation.
|
||||
* This operation does signature verification using the credential
|
||||
* manager's cache to speed up the operation.
|
||||
*
|
||||
* @param subject subject certificate to check
|
||||
* @param issuer issuer certificate that potentially has signed subject
|
||||
|
|
@ -228,7 +228,7 @@ struct credential_manager_t {
|
|||
*
|
||||
* To add a credential set for the current trustchain verification
|
||||
* operation, sets may be added for the calling thread only. This
|
||||
* does not require a write lock and is therefore a much less expensive
|
||||
* does not require a write lock and is therefore a much cheaper
|
||||
* operation.
|
||||
*
|
||||
* @param set set to register
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ typedef struct credential_set_t credential_set_t;
|
|||
* A credential set enumerator may not block the credential set, i.e. multiple
|
||||
* threads must be able to hold multiple enumerators, as the credential manager
|
||||
* is higly parallelized. The best way to achieve this is by using shared
|
||||
* read locks for the enumerators only. Otherwiese deadlocks will occur.
|
||||
* read locks for the enumerators only. Otherwise deadlocks will occur.
|
||||
* The writing cache_cert() routine is called by the manager only if no
|
||||
* enumerator is alive, so it is save to use a write lock there.
|
||||
*/
|
||||
|
|
@ -97,7 +97,7 @@ struct credential_set_t {
|
|||
/**
|
||||
* Cache a certificate in the credential set.
|
||||
*
|
||||
* The caching policy is implementation dependent, the sets may cache the
|
||||
* The caching policy is implementation dependent. The sets may cache the
|
||||
* certificate in-memory, persistent on disk or not at all.
|
||||
*
|
||||
* @param cert certificate to cache
|
||||
|
|
|
|||
Loading…
Reference in New Issue