1 files changed, 163 insertions, 0 deletions
diff --git a/src/charon/sa/states/delete_requested.c b/src/charon/sa/states/delete_requested.c
new file mode 100644
index 000000000..ff6ec1d48
--- /dev/null
+++ b/src/charon/sa/states/delete_requested.c
@@ -0,0 +1,163 @@
+/**
+ * @file delete_requested.c
+ *
+ * @brief Implementation of delete_requested_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2006 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "delete_requested.h"
+
+#include <daemon.h>
+
+
+typedef struct private_delete_requested_t private_delete_requested_t;
+
+/**
+ * Private data of a delete_requested_t object.
+ */
+struct private_delete_requested_t {
+	
+	/**
+	 * methods of the state_t interface
+	 */
+	delete_requested_t public;
+	
+	/** 
+	 * Assigned IKE_SA.
+	 */
+	protected_ike_sa_t *ike_sa;
+	
+	/** 
+	 * Assigned logger. Use logger of IKE_SA.
+	 */
+	logger_t *logger;
+};
+
+/**
+ * Implements state_t.get_state
+ */
+static status_t process_message(private_delete_requested_t *this, message_t *message)
+{
+	ike_sa_id_t *ike_sa_id;
+	crypter_t *crypter;
+	signer_t *signer;
+	status_t status;
+	
+	/* Notation as follows:
+	 * Mx{D} means: Message, with message ID "x", containing a Delete payload
+	 *
+	 * The clarifcation Document says in 5.8, that a IKE_SA delete should not
+	 * be acknowledged with the same delete. This only makes sense for CHILD_SAs,
+	 * as they are paired. IKE_SAs are not, there is only one for both ends.
+	 *
+	 * Normal case:
+	 * ----------------
+	 * Mx{D}  -->
+	 *       <--      Mx{}
+	 * Delete request is sent, and we wait for the acknowledge.
+	 *
+	 * Special case 1:
+	 * ---------------
+	 * Mx{D}  -->
+	 *       <--      My{D}
+	 * My{}   -->
+	 *       <--      Mx{}
+	 * Both initate a delete at the same time. We ack the delete, but wait for
+	 * our delete to be acknowledged.
+	 */
+	
+	if (message->get_exchange_type(message) != INFORMATIONAL)
+	{
+		/* anything other than information is ignored. We can an will not handle
+		 * messages such as CREATE_CHILD_SA */
+		this->logger->log(this->logger, ERROR | LEVEL1, 
+						  "%s messages not supported in state delete_requested. Ignored",
+						  mapping_find(exchange_type_m, message->get_exchange_type(message)));
+		return FAILED;
+	}
+	
+	if (message->get_request(message))
+	{
+		/* if it is a request, not a reply to our delete request, we 
+		 * just acknowledge this. We stay in our state, as the other peer
+		 * has to ACK our request.
+		 */
+		message_t *acknowledge;
+		this->ike_sa->build_message(this->ike_sa, INFORMATIONAL, FALSE, &acknowledge);
+		return this->ike_sa->send_response(this->ike_sa, acknowledge);
+	}
+	
+	/* get signer for verification and crypter for decryption */
+	ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public));
+	if (!ike_sa_id->is_initiator(ike_sa_id))
+	{
+		crypter = this->ike_sa->get_crypter_initiator(this->ike_sa);
+		signer = this->ike_sa->get_signer_initiator(this->ike_sa);
+	}
+	else
+	{
+		crypter = this->ike_sa->get_crypter_responder(this->ike_sa);
+		signer = this->ike_sa->get_signer_responder(this->ike_sa);
+	}
+	
+	/* parse incoming message, check if it's proper signed */
+	status = message->parse_body(message, crypter, signer);
+	if (status != SUCCESS)
+	{
+		this->logger->log(this->logger, AUDIT, "INFORMATIONAL message decryption failed. Ignoring message");
+		return status;
+	}
+	
+	/* ok, he knows about the deletion, destroy this IKE SA */
+	return DESTROY_ME;
+}
+
+/**
+ * Implementation of state_t.get_state.
+ */
+static ike_sa_state_t get_state(private_delete_requested_t *this)
+{
+	return DELETE_REQUESTED;
+}
+
+/**
+ * Implementation of state_t.get_state
+ */
+static void destroy(private_delete_requested_t *this)
+{
+	free(this);
+}
+
+/* 
+ * Described in header.
+ */
+delete_requested_t *delete_requested_create(protected_ike_sa_t *ike_sa)
+{
+	private_delete_requested_t *this = malloc_thing(private_delete_requested_t);
+
+	/* interface functions */
+	this->public.state_interface.process_message = (status_t (*) (state_t *,message_t *)) process_message;
+	this->public.state_interface.get_state = (ike_sa_state_t (*) (state_t *)) get_state;
+	this->public.state_interface.destroy  = (void (*) (state_t *)) destroy;
+	
+	/* private data */
+	this->ike_sa = ike_sa;
+	this->logger = logger_manager->get_logger(logger_manager, IKE_SA);
+	
+	return &(this->public);
+}