]> git.ipfire.org Git - thirdparty/strongswan.git/blob - src/libcharon/tests/suites/test_child_rekey.c
projects / thirdparty / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright headers after acquisition by secunet
[thirdparty/strongswan.git] / src / libcharon / tests / suites / test_child_rekey.c
1 /*
2 * Copyright (C) 2016-2017 Tobias Brunner
3 *
4 * Copyright (C) secunet Security Networks AG
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2 of the License, or (at your
9 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * for more details.
15 */
16
17 #include "test_suite.h"
18
19 #include <daemon.h>
20 #include <tests/utils/exchange_test_helper.h>
21 #include <tests/utils/exchange_test_asserts.h>
22 #include <tests/utils/job_asserts.h>
23 #include <tests/utils/sa_asserts.h>
24
25 /**
26 * Initiate rekeying the CHILD_SA with the given SPI on the given IKE_SA.
27 */
28 #define initiate_rekey(sa, spi) ({ \
29 assert_hook_not_called(child_updown); \
30 assert_hook_not_called(child_rekey); \
31 call_ikesa(sa, rekey_child_sa, PROTO_ESP, spi); \
32 assert_child_sa_state(sa, spi, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); \
33 assert_hook(); \
34 assert_hook(); \
35 })
36
37 /**
38 * Destroy a rekeyed CHILD_SA that was kept around to accept inbound traffic.
39 * Simulates the job that's scheduled to do this.
40 */
41 #define destroy_rekeyed(sa, spi) ({ \
42 assert_hook_not_called(child_updown); \
43 assert_hook_not_called(child_rekey); \
44 assert_no_jobs_scheduled(); \
45 assert_child_sa_state(sa, spi, CHILD_DELETED, CHILD_OUTBOUND_NONE); \
46 call_ikesa(sa, delete_child_sa, PROTO_ESP, spi, FALSE); \
47 assert_child_sa_not_exists(sa, spi); \
48 assert_scheduler(); \
49 assert_hook(); \
50 assert_hook(); \
51 })
52
53 /**
54 * Regular CHILD_SA rekey either initiated by the original initiator or
55 * responder of the IKE_SA.
56 */
57 START_TEST(test_regular)
58 {
59 ike_sa_t *a, *b;
60 uint32_t spi_a = _i+1, spi_b = 2-_i;
61
62 if (_i)
63 { /* responder rekeys the CHILD_SA (SPI 2) */
64 exchange_test_helper->establish_sa(exchange_test_helper,
65 &b, &a, NULL);
66 }
67 else
68 { /* initiator rekeys the CHILD_SA (SPI 1) */
69 exchange_test_helper->establish_sa(exchange_test_helper,
70 &a, &b, NULL);
71 }
72 initiate_rekey(a, spi_a);
73 assert_ipsec_sas_installed(a, spi_a, spi_b);
74
75 /* this should never get called as this results in a successful rekeying */
76 assert_hook_not_called(child_updown);
77
78 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
79 assert_hook_called(child_rekey);
80 assert_notify(IN, REKEY_SA);
81 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
82 assert_child_sa_state(b, spi_b, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
83 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
84 assert_ipsec_sas_installed(b, spi_a, spi_b, 4);
85 assert_hook();
86
87 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
88 assert_hook_called(child_rekey);
89 assert_no_notify(IN, REKEY_SA);
90 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
91 assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE);
92 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
93 assert_ipsec_sas_installed(a, spi_a, 3, 4);
94 assert_hook();
95
96 /* INFORMATIONAL { D } --> */
97 assert_hook_not_called(child_rekey);
98 assert_jobs_scheduled(1);
99 assert_single_payload(IN, PLV2_DELETE);
100 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
101 assert_child_sa_state(b, spi_b, CHILD_DELETED, CHILD_OUTBOUND_NONE);
102 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
103 assert_child_sa_count(b, 2);
104 assert_ipsec_sas_installed(b, spi_b, 3, 4);
105 assert_scheduler();
106 assert_hook();
107 /* <-- INFORMATIONAL { D } */
108 assert_hook_not_called(child_rekey);
109 assert_jobs_scheduled(1);
110 assert_single_payload(IN, PLV2_DELETE);
111 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
112 assert_child_sa_state(a, spi_a, CHILD_DELETED, CHILD_OUTBOUND_NONE);
113 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
114 assert_child_sa_count(a, 2);
115 assert_ipsec_sas_installed(a, spi_a, 3, 4);
116 assert_scheduler();
117 assert_hook();
118
119 /* simulate the execution of the scheduled jobs */
120 destroy_rekeyed(a, spi_a);
121 assert_child_sa_count(a, 1);
122 assert_ipsec_sas_installed(a, 3, 4);
123 destroy_rekeyed(b, spi_b);
124 assert_child_sa_count(b, 1);
125 assert_ipsec_sas_installed(a, 3, 4);
126
127 /* child_updown */
128 assert_hook();
129
130 call_ikesa(a, destroy);
131 call_ikesa(b, destroy);
132 }
133 END_TEST
134
135 /**
136 * CHILD_SA rekey where the responder does not agree with the DH group selected
137 * by the initiator, either initiated by the original initiator or responder of
138 * the IKE_SA.
139 */
140 START_TEST(test_regular_ke_invalid)
141 {
142 exchange_test_sa_conf_t conf = {
143 .initiator = {
144 .esp = "aes128-sha256-modp2048-modp3072",
145 },
146 .responder = {
147 .esp = "aes128-sha256-modp3072-modp2048",
148 },
149 };
150 ike_sa_t *a, *b;
151 uint32_t spi_a = _i+1, spi_b = 2-_i;
152
153 if (_i)
154 { /* responder rekeys the CHILD_SA (SPI 2) */
155 exchange_test_helper->establish_sa(exchange_test_helper,
156 &b, &a, &conf);
157 }
158 else
159 { /* initiator rekeys the CHILD_SA (SPI 1) */
160 exchange_test_helper->establish_sa(exchange_test_helper,
161 &a, &b, &conf);
162 }
163 initiate_rekey(a, spi_a);
164 assert_ipsec_sas_installed(a, spi_a, spi_b);
165
166 /* this should never get called as this results in a successful rekeying */
167 assert_hook_not_called(child_updown);
168
169 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
170 assert_hook_not_called(child_rekey);
171 assert_notify(IN, REKEY_SA);
172 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
173 assert_child_sa_state(b, spi_b, CHILD_INSTALLED);
174 assert_child_sa_count(b, 1);
175 assert_ipsec_sas_installed(b, spi_a, spi_b);
176 assert_hook();
177
178 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
179 assert_hook_not_called(child_rekey);
180 assert_single_notify(IN, INVALID_KE_PAYLOAD);
181 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
182 assert_child_sa_state(a, spi_a, CHILD_REKEYING);
183 assert_child_sa_count(a, 1);
184 assert_ipsec_sas_installed(a, spi_a, spi_b);
185 assert_hook();
186
187 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
188 assert_hook_called(child_rekey);
189 assert_notify(IN, REKEY_SA);
190 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
191 assert_child_sa_state(b, spi_b, CHILD_REKEYED);
192 assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
193 assert_ipsec_sas_installed(b, spi_a, spi_b, 6);
194 assert_hook();
195
196 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
197 assert_hook_called(child_rekey);
198 assert_no_notify(IN, REKEY_SA);
199 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
200 assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE);
201 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
202 assert_ipsec_sas_installed(a, spi_a, 5, 6);
203 assert_hook();
204
205 /* INFORMATIONAL { D } --> */
206 assert_hook_not_called(child_rekey);
207 assert_single_payload(IN, PLV2_DELETE);
208 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
209 assert_child_sa_state(b, spi_b, CHILD_DELETED, CHILD_OUTBOUND_NONE);
210 assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
211 assert_child_sa_count(b, 2);
212 assert_ipsec_sas_installed(b, spi_b, 5, 6);
213 assert_hook();
214 /* <-- INFORMATIONAL { D } */
215 assert_hook_not_called(child_rekey);
216 assert_single_payload(IN, PLV2_DELETE);
217 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
218 assert_child_sa_state(a, spi_a, CHILD_DELETED, CHILD_OUTBOUND_NONE);
219 assert_child_sa_state(a, 5, CHILD_INSTALLED);
220 assert_child_sa_count(a, 2);
221 assert_ipsec_sas_installed(a, spi_a, 5, 6);
222 assert_hook();
223
224 /* simulate the execution of the scheduled jobs */
225 destroy_rekeyed(a, spi_a);
226 assert_child_sa_count(a, 1);
227 assert_ipsec_sas_installed(a, 5, 6);
228 destroy_rekeyed(b, spi_b);
229 assert_child_sa_count(b, 1);
230 assert_ipsec_sas_installed(b, 5, 6);
231
232 /* child_updown */
233 assert_hook();
234
235 /* because the DH group should get reused another rekeying should complete
236 * without additional exchange */
237 initiate_rekey(a, 5);
238 /* this should never get called as this results in a successful rekeying */
239 assert_hook_not_called(child_updown);
240
241 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
242 assert_hook_called(child_rekey);
243 assert_notify(IN, REKEY_SA);
244 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
245 assert_child_sa_state(b, 6, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
246 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
247 assert_ipsec_sas_installed(b, 5, 6, 8);
248 assert_hook();
249
250 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
251 assert_hook_called(child_rekey);
252 assert_no_notify(IN, REKEY_SA);
253 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
254 assert_child_sa_state(a, 5, CHILD_DELETING, CHILD_OUTBOUND_NONE);
255 assert_child_sa_state(a, 7, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
256 assert_ipsec_sas_installed(a, 5, 7, 8);
257 assert_hook();
258
259 /* INFORMATIONAL { D } --> */
260 assert_hook_not_called(child_rekey);
261 assert_single_payload(IN, PLV2_DELETE);
262 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
263 assert_child_sa_state(b, 6, CHILD_DELETED, CHILD_OUTBOUND_NONE);
264 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
265 assert_child_sa_count(b, 2);
266 assert_ipsec_sas_installed(b, 6, 7, 8);
267 assert_hook();
268
269 /* <-- INFORMATIONAL { D } */
270 assert_hook_not_called(child_rekey);
271 assert_single_payload(IN, PLV2_DELETE);
272 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
273 assert_child_sa_state(a, 5, CHILD_DELETED, CHILD_OUTBOUND_NONE);
274 assert_child_sa_state(a, 7, CHILD_INSTALLED);
275 assert_child_sa_count(a, 2);
276 assert_ipsec_sas_installed(a, 5, 7, 8);
277 assert_hook();
278
279 /* simulate the execution of the scheduled jobs */
280 destroy_rekeyed(a, 5);
281 assert_child_sa_count(a, 1);
282 assert_ipsec_sas_installed(a, 7, 8);
283 destroy_rekeyed(b, 6);
284 assert_child_sa_count(b, 1);
285 assert_ipsec_sas_installed(b, 7, 8);
286
287 /* child_updown */
288 assert_hook();
289
290 call_ikesa(a, destroy);
291 call_ikesa(b, destroy);
292 }
293 END_TEST
294
295 /**
296 * Check that the responder ignores soft expires while waiting for the delete
297 * after a rekeying.
298 */
299 START_TEST(test_regular_responder_ignore_soft_expire)
300 {
301 ike_sa_t *a, *b;
302
303 exchange_test_helper->establish_sa(exchange_test_helper,
304 &a, &b, NULL);
305 initiate_rekey(a, 1);
306 assert_ipsec_sas_installed(a, 1, 2);
307
308 /* this should never get called as this results in a successful rekeying */
309 assert_hook_not_called(child_updown);
310
311 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
312 assert_hook_called(child_rekey);
313 assert_notify(IN, REKEY_SA);
314 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
315 assert_child_sa_state(b, 2, CHILD_REKEYED);
316 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
317 assert_ipsec_sas_installed(b, 1, 2, 4);
318 assert_hook();
319
320 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
321 assert_hook_called(child_rekey);
322 assert_no_notify(IN, REKEY_SA);
323 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
324 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
325 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
326 assert_ipsec_sas_installed(a, 1, 3, 4);
327 assert_hook();
328
329 /* we don't expect this to get called anymore */
330 assert_hook_not_called(child_rekey);
331 /* this should not produce a message, if it does there won't be a delete
332 * payload below */
333 call_ikesa(b, rekey_child_sa, PROTO_ESP, 2);
334 assert_child_sa_state(b, 2, CHILD_REKEYED);
335
336 /* INFORMATIONAL { D } --> */
337 assert_jobs_scheduled(1);
338 assert_single_payload(IN, PLV2_DELETE);
339 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
340 assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
341 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
342 assert_child_sa_count(b, 2);
343 assert_ipsec_sas_installed(b, 2, 3, 4);
344 assert_scheduler();
345 /* <-- INFORMATIONAL { D } */
346 assert_jobs_scheduled(1);
347 assert_single_payload(IN, PLV2_DELETE);
348 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
349 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
350 assert_child_sa_state(a, 3, CHILD_INSTALLED);
351 assert_child_sa_count(a, 2);
352 assert_ipsec_sas_installed(a, 1, 3, 4);
353 assert_scheduler();
354
355 /* simulate the execution of the scheduled jobs */
356 destroy_rekeyed(a, 1);
357 assert_child_sa_count(a, 1);
358 assert_ipsec_sas_installed(a, 3, 4);
359 destroy_rekeyed(b, 2);
360 assert_child_sa_count(b, 1);
361 assert_ipsec_sas_installed(b, 3, 4);
362
363 /* child_rekey/child_updown */
364 assert_hook();
365 assert_hook();
366
367 call_ikesa(a, destroy);
368 call_ikesa(b, destroy);
369 }
370 END_TEST
371
372 /**
373 * Check that the responder handles hard expires properly while waiting for the
374 * delete after a rekeying (e.g. if the rekey settings are tight or the
375 * CREATE_CHILD_SA response is delayed).
376 */
377 START_TEST(test_regular_responder_handle_hard_expire)
378 {
379 ike_sa_t *a, *b;
380
381 exchange_test_helper->establish_sa(exchange_test_helper,
382 &a, &b, NULL);
383 initiate_rekey(a, 1);
384 assert_ipsec_sas_installed(a, 1, 2);
385
386 /* this should never get called as this results in a successful rekeying */
387 assert_hook_not_called(child_updown);
388
389 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
390 assert_hook_called(child_rekey);
391 assert_notify(IN, REKEY_SA);
392 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
393 assert_child_sa_state(b, 2, CHILD_REKEYED);
394 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
395 assert_ipsec_sas_installed(b, 1, 2, 4);
396 assert_hook();
397
398 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
399 assert_hook_called(child_rekey);
400 assert_no_notify(IN, REKEY_SA);
401 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
402 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
403 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
404 assert_ipsec_sas_installed(a, 1, 3, 4);
405 assert_hook();
406
407 /* we don't expect this to get called anymore */
408 assert_hook_not_called(child_rekey);
409 /* this is similar to a regular delete collision, but we don't actually
410 * want to send a delete back as that might conflict with a delayed
411 * CREATE_CHILD_SA response */
412 call_ikesa(b, delete_child_sa, PROTO_ESP, 2, TRUE);
413 assert_child_sa_count(b, 1);
414 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
415 /* the expire causes the outbound SA to get installed */
416 assert_ipsec_sas_installed(b, 3, 4);
417
418 /* INFORMATIONAL { D } --> */
419 assert_no_jobs_scheduled();
420 assert_single_payload(IN, PLV2_DELETE);
421 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
422 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
423 assert_ipsec_sas_installed(b, 3, 4);
424 assert_scheduler();
425 /* <-- INFORMATIONAL { } */
426 assert_jobs_scheduled(1);
427 assert_message_empty(IN);
428 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
429 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
430 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
431 assert_child_sa_count(a, 2);
432 assert_ipsec_sas_installed(a, 1, 3, 4);
433 assert_scheduler();
434
435 /* simulate the execution of the scheduled job */
436 destroy_rekeyed(a, 1);
437 assert_child_sa_count(a, 1);
438 assert_ipsec_sas_installed(a, 3, 4);
439
440 /* child_rekey/child_updown */
441 assert_hook();
442 assert_hook();
443
444 call_ikesa(a, destroy);
445 call_ikesa(b, destroy);
446 }
447 END_TEST
448
449 /**
450 * Both peers initiate the CHILD_SA rekeying concurrently and should handle
451 * the collision properly depending on the nonces.
452 */
453 START_TEST(test_collision)
454 {
455 ike_sa_t *a, *b;
456
457 exchange_test_helper->establish_sa(exchange_test_helper,
458 &a, &b, NULL);
459
460 /* When rekeyings collide we get two CHILD_SAs with a total of four nonces.
461 * The CHILD_SA with the lowest nonce SHOULD be deleted by the peer that
462 * created that CHILD_SA. The replaced CHILD_SA is deleted by the peer that
463 * initiated the surviving SA.
464 * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
465 * CHILD_SA):
466 * N1/3 -----\ /----- N2/4
467 * \--/-----> N3/5
468 * N4/6 <-------/ /----- ...
469 * ... -----\
470 * We test this four times, each time a different nonce is the lowest.
471 */
472 struct {
473 /* Nonces used at each point */
474 u_char nonces[4];
475 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
476 uint32_t spi_del_a, spi_del_b;
477 /* SPIs of the kept CHILD_SA */
478 uint32_t spi_a, spi_b;
479 } data[] = {
480 { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
481 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
482 { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
483 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
484 };
485
486 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
487 initiate_rekey(a, 1);
488 assert_ipsec_sas_installed(a, 1, 2);
489 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
490 initiate_rekey(b, 2);
491 assert_ipsec_sas_installed(b, 1, 2);
492
493 /* this should never get called as this results in a successful rekeying */
494 assert_hook_not_called(child_updown);
495
496 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
497 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
498 assert_hook_rekey(child_rekey, 2, 5);
499 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
500 assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
501 assert_child_sa_state(b, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
502 assert_ipsec_sas_installed(b, 1, 2, 5);
503 assert_hook();
504 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
505 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
506 assert_hook_rekey(child_rekey, 1, 6);
507 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
508 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
509 assert_child_sa_state(a, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
510 assert_ipsec_sas_installed(a, 1, 2, 6);
511 assert_hook();
512
513 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
514 if (data[_i].spi_del_a == 1)
515 { /* currently we call this again if we keep our own replacement as we
516 * already called it above */
517 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
518 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
519 assert_hook();
520 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
521 CHILD_OUTBOUND_REGISTERED);
522 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
523 CHILD_OUTBOUND_INSTALLED);
524 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
525 CHILD_OUTBOUND_NONE);
526 assert_ipsec_sas_installed(a, 1, 3, 5, 6);
527 }
528 else
529 {
530 assert_hook_not_called(child_rekey);
531 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
532 assert_hook();
533 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
534 CHILD_OUTBOUND_INSTALLED);
535 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
536 CHILD_OUTBOUND_REGISTERED);
537 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
538 CHILD_OUTBOUND_REGISTERED);
539 assert_ipsec_sas_installed(a, 1, 2, 3, 6);
540 }
541 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
542 if (data[_i].spi_del_b == 2)
543 {
544 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
545 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
546 assert_hook();
547 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
548 CHILD_OUTBOUND_REGISTERED);
549 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
550 CHILD_OUTBOUND_INSTALLED);
551 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
552 CHILD_OUTBOUND_NONE);
553 assert_ipsec_sas_installed(b, 2, 4, 5, 6);
554 }
555 else
556 {
557 assert_hook_not_called(child_rekey);
558 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
559 assert_hook();
560 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
561 CHILD_OUTBOUND_INSTALLED);
562 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
563 CHILD_OUTBOUND_REGISTERED);
564 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
565 CHILD_OUTBOUND_REGISTERED);
566 assert_ipsec_sas_installed(b, 1, 2, 4, 5);
567 }
568
569 /* we don't expect this hook to get called anymore */
570 assert_hook_not_called(child_rekey);
571 /* INFORMATIONAL { D } --> */
572 assert_jobs_scheduled(1);
573 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
574 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
575 data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_NONE
576 : CHILD_OUTBOUND_REGISTERED);
577 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
578 CHILD_OUTBOUND_NONE);
579 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
580 CHILD_OUTBOUND_INSTALLED);
581 assert_child_sa_count(b, 3);
582 if (data[_i].spi_del_b == 2)
583 {
584 assert_ipsec_sas_installed(b, 2, 4, 5, 6);
585 }
586 else
587 {
588 assert_ipsec_sas_installed(b, 2, 3, 4, 5);
589 }
590 assert_scheduler();
591 /* <-- INFORMATIONAL { D } */
592 assert_jobs_scheduled(1);
593 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
594 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
595 data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_NONE
596 : CHILD_OUTBOUND_REGISTERED);
597 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
598 CHILD_OUTBOUND_NONE);
599 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
600 CHILD_OUTBOUND_INSTALLED);
601 assert_child_sa_count(a, 3);
602 if (data[_i].spi_del_a == 1)
603 {
604 assert_ipsec_sas_installed(a, 1, 3, 5, 6);
605 }
606 else
607 {
608 assert_ipsec_sas_installed(a, 1, 3, 4, 6);
609 }
610 assert_scheduler();
611 /* <-- INFORMATIONAL { D } */
612 assert_jobs_scheduled(1);
613 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
614 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED,
615 CHILD_OUTBOUND_NONE);
616 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
617 CHILD_OUTBOUND_NONE);
618 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
619 CHILD_OUTBOUND_INSTALLED);
620 assert_child_sa_count(a, 3);
621 assert_ipsec_sas_installed(a, 1, 3, 6,
622 data[_i].spi_del_a == 1 ? 5 : 4);
623 assert_scheduler();
624 /* INFORMATIONAL { D } --> */
625 assert_jobs_scheduled(1);
626 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
627 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
628 CHILD_OUTBOUND_NONE);
629 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
630 CHILD_OUTBOUND_NONE);
631 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
632 CHILD_OUTBOUND_INSTALLED);
633 assert_child_sa_count(b, 3);
634 assert_ipsec_sas_installed(b, 2, 4, 5,
635 data[_i].spi_del_b == 2 ? 6 : 3);
636 assert_scheduler();
637
638 /* simulate the execution of the scheduled jobs */
639 destroy_rekeyed(a, data[_i].spi_del_a);
640 destroy_rekeyed(a, data[_i].spi_del_b);
641 assert_child_sa_count(a, 1);
642 assert_ipsec_sas_installed(a, data[_i].spi_a, data[_i].spi_b);
643 destroy_rekeyed(b, data[_i].spi_del_a);
644 destroy_rekeyed(b, data[_i].spi_del_b);
645 assert_child_sa_count(b, 1);
646 assert_ipsec_sas_installed(b, data[_i].spi_a, data[_i].spi_b);
647
648 /* child_rekey/child_updown */
649 assert_hook();
650 assert_hook();
651
652 call_ikesa(a, destroy);
653 call_ikesa(b, destroy);
654 }
655 END_TEST
656
657 /**
658 * This is like the rekey collision above, but one peer deletes the
659 * redundant/old SA before the other peer receives the CREATE_CHILD_SA
660 * response:
661 *
662 * rekey ----\ /---- rekey
663 * \-----/----> detect collision
664 * detect collision <---------/ /----
665 * ----\ /
666 * \----/----->
667 * handle delete <--------/------- delete SA
668 * --------/------->
669 * handle rekey <------/
670 * delete SA ---------------->
671 * <----------------
672 */
673 START_TEST(test_collision_delayed_response)
674 {
675 ike_sa_t *a, *b;
676 message_t *msg;
677
678 exchange_test_helper->establish_sa(exchange_test_helper,
679 &a, &b, NULL);
680
681 /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
682 * CHILD_SA):
683 * N1/3 -----\ /----- N2/4
684 * \--/-----> N3/5
685 * N4/6 <-------/ /----- ...
686 * ... -----\
687 * We test this four times, each time a different nonce is the lowest.
688 */
689 struct {
690 /* Nonces used at each point */
691 u_char nonces[4];
692 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
693 uint32_t spi_del_a, spi_del_b;
694 /* SPIs of the kept CHILD_SA */
695 uint32_t spi_a, spi_b;
696 } data[] = {
697 { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
698 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
699 { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
700 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
701 };
702
703 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
704 initiate_rekey(a, 1);
705 assert_ipsec_sas_installed(a, 1, 2);
706 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
707 initiate_rekey(b, 2);
708 assert_ipsec_sas_installed(b, 1, 2);
709
710 /* this should never get called as this results in a successful rekeying */
711 assert_hook_not_called(child_updown);
712
713 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
714 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
715 assert_hook_rekey(child_rekey, 2, 5);
716 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
717 assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
718 assert_child_sa_state(b, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
719 assert_ipsec_sas_installed(b, 1, 2, 5);
720 assert_hook();
721 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
722 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
723 assert_hook_rekey(child_rekey, 1, 6);
724 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
725 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
726 assert_child_sa_state(a, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
727 assert_ipsec_sas_installed(a, 1, 2, 6);
728 assert_hook();
729
730 /* delay the CREATE_CHILD_SA response from b to a */
731 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
732
733 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
734 if (data[_i].spi_del_b == 2)
735 {
736 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
737 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
738 assert_hook();
739 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
740 CHILD_OUTBOUND_REGISTERED);
741 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
742 CHILD_OUTBOUND_INSTALLED);
743 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
744 CHILD_OUTBOUND_NONE);
745 assert_ipsec_sas_installed(b, 2, 4, 5, 6);
746 }
747 else
748 {
749 assert_hook_not_called(child_rekey);
750 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
751 assert_hook();
752 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
753 CHILD_OUTBOUND_INSTALLED);
754 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
755 CHILD_OUTBOUND_REGISTERED);
756 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
757 CHILD_OUTBOUND_REGISTERED);
758 assert_ipsec_sas_installed(b, 1, 2, 4, 5);
759 }
760
761 /* <-- INFORMATIONAL { D } */
762 assert_hook_not_called(child_rekey);
763 assert_jobs_scheduled(1);
764 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
765 if (data[_i].spi_del_b == 2)
766 {
767 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
768 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
769 CHILD_OUTBOUND_INSTALLED);
770 assert_ipsec_sas_installed(a, 1, 4, 6);
771 }
772 else
773 {
774 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
775 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
776 CHILD_OUTBOUND_NONE);
777 assert_ipsec_sas_installed(a, 1, 2, 6);
778 }
779 assert_child_sa_count(a, 2);
780 assert_scheduler();
781 /* INFORMATIONAL { D } --> */
782 assert_jobs_scheduled(1);
783 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
784 if (data[_i].spi_del_b == 2)
785 {
786 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
787 CHILD_OUTBOUND_REGISTERED);
788 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
789 CHILD_OUTBOUND_INSTALLED);
790 assert_ipsec_sas_installed(b, 2, 4, 5, 6);
791 }
792 else
793 {
794 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
795 CHILD_OUTBOUND_INSTALLED);
796 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
797 CHILD_OUTBOUND_REGISTERED);
798 assert_ipsec_sas_installed(b, 1, 2, 4, 5);
799 }
800 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
801 CHILD_OUTBOUND_NONE);
802 assert_child_sa_count(b, 3);
803 assert_scheduler();
804 assert_hook();
805
806 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } (delayed) */
807 if (data[_i].spi_del_a == 1)
808 {
809 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
810 exchange_test_helper->process_message(exchange_test_helper, a, msg);
811 assert_hook();
812 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
813 CHILD_OUTBOUND_NONE);
814 assert_ipsec_sas_installed(a, 1, 3, 5, 6);
815 }
816 else
817 {
818 assert_hook_not_called(child_rekey);
819 exchange_test_helper->process_message(exchange_test_helper, a, msg);
820 assert_hook();
821 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
822 CHILD_OUTBOUND_REGISTERED);
823 assert_ipsec_sas_installed(a, 1, 3, 4, 6);
824 }
825 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
826 CHILD_OUTBOUND_NONE);
827 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
828 CHILD_OUTBOUND_INSTALLED);
829 assert_child_sa_count(a, 3);
830
831 /* we don't expect this hook to get called anymore */
832 assert_hook_not_called(child_rekey);
833 /* INFORMATIONAL { D } --> */
834 assert_jobs_scheduled(1);
835 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
836 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
837 CHILD_OUTBOUND_NONE);
838 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
839 CHILD_OUTBOUND_NONE);
840 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
841 CHILD_OUTBOUND_INSTALLED);
842 assert_ipsec_sas_installed(b, 2, 4, 5,
843 data[_i].spi_del_b == 2 ? 6 : 3);
844 assert_child_sa_count(b, 3);
845 assert_scheduler();
846 /* <-- INFORMATIONAL { D } */
847 assert_jobs_scheduled(1);
848 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
849 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED,
850 CHILD_OUTBOUND_NONE);
851 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
852 CHILD_OUTBOUND_NONE);
853 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
854 CHILD_OUTBOUND_INSTALLED);
855 assert_child_sa_count(a, 3);
856 assert_ipsec_sas_installed(a, 1, 3, 6,
857 data[_i].spi_del_a == 1 ? 5 : 4);
858 assert_scheduler();
859
860 /* simulate the execution of the scheduled jobs */
861 destroy_rekeyed(a, data[_i].spi_del_a);
862 destroy_rekeyed(a, data[_i].spi_del_b);
863 assert_child_sa_count(a, 1);
864 assert_ipsec_sas_installed(a, data[_i].spi_a, data[_i].spi_b);
865 destroy_rekeyed(b, data[_i].spi_del_a);
866 destroy_rekeyed(b, data[_i].spi_del_b);
867 assert_child_sa_count(b, 1);
868 assert_ipsec_sas_installed(b, data[_i].spi_a, data[_i].spi_b);
869
870 /* child_rekey/child_updown */
871 assert_hook();
872 assert_hook();
873
874 call_ikesa(a, destroy);
875 call_ikesa(b, destroy);
876 }
877 END_TEST
878
879 /**
880 * In this scenario one of the peers does not notice that there is a
881 * rekey collision:
882 *
883 * rekey ----\ /---- rekey
884 * \ /
885 * detect collision <-----\---/
886 * -------\-------->
887 * \ /---- delete old SA
888 * \-/----> detect collision
889 * detect collision <---------/ /---- TEMP_FAIL
890 * delete -----------/---->
891 * aborts rekeying <---------/
892 */
893 START_TEST(test_collision_delayed_request)
894 {
895 ike_sa_t *a, *b;
896 message_t *msg;
897
898 exchange_test_helper->establish_sa(exchange_test_helper,
899 &a, &b, NULL);
900
901 /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
902 * CHILD_SA):
903 * N1/3 -----\ /----- N2/4
904 * N3/5 <-----\--/
905 * ... -----\ \-------> ...
906 * We test this three times, each time a different nonce is the lowest.
907 */
908 struct {
909 /* Nonces used at each point */
910 u_char nonces[3];
911 } data[] = {
912 { { 0x00, 0xFF, 0xFF } },
913 { { 0xFF, 0x00, 0xFF } },
914 { { 0xFF, 0xFF, 0x00 } },
915 };
916
917 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
918 initiate_rekey(a, 1);
919 assert_ipsec_sas_installed(a, 1, 2);
920 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
921 initiate_rekey(b, 2);
922 assert_ipsec_sas_installed(b, 1, 2);
923
924 /* delay the CREATE_CHILD_SA request from a to b */
925 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
926
927 /* this should never get called as this results in a successful rekeying */
928 assert_hook_not_called(child_updown);
929
930 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
931 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
932 assert_hook_rekey(child_rekey, 1, 5);
933 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
934 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
935 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
936 assert_ipsec_sas_installed(a, 1, 2, 5);
937 assert_hook();
938 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
939 assert_hook_rekey(child_rekey, 2, 4);
940 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
941 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
942 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
943 assert_ipsec_sas_installed(b, 2, 4, 5);
944 assert_hook();
945
946 /* we don't expect this hook to get called anymore */
947 assert_hook_not_called(child_rekey);
948
949 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
950 assert_single_notify(OUT, TEMPORARY_FAILURE);
951 exchange_test_helper->process_message(exchange_test_helper, b, msg);
952 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
953 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
954
955 /* <-- INFORMATIONAL { D } */
956 assert_jobs_scheduled(1);
957 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
958 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
959 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
960 assert_child_sa_count(a, 2);
961 assert_ipsec_sas_installed(a, 1, 4, 5);
962 assert_scheduler();
963
964 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
965 assert_no_jobs_scheduled();
966 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
967 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
968 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
969 assert_child_sa_count(a, 2);
970 assert_ipsec_sas_installed(a, 1, 4, 5);
971 assert_scheduler();
972
973 /* INFORMATIONAL { D } --> */
974 assert_jobs_scheduled(1);
975 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
976 assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
977 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
978 assert_child_sa_count(b, 2);
979 assert_ipsec_sas_installed(b, 2, 4, 5);
980 assert_scheduler();
981
982 /* simulate the execution of the scheduled jobs */
983 destroy_rekeyed(a, 1);
984 assert_child_sa_count(a, 1);
985 assert_ipsec_sas_installed(a, 4, 5);
986 destroy_rekeyed(b, 2);
987 assert_child_sa_count(b, 1);
988 assert_ipsec_sas_installed(b, 4, 5);
989
990 /* child_rekey/child_updown */
991 assert_hook();
992 assert_hook();
993
994 assert_sa_idle(a);
995 assert_sa_idle(b);
996
997 call_ikesa(a, destroy);
998 call_ikesa(b, destroy);
999 }
1000 END_TEST
1001
1002 /**
1003 * Similar to above one peer fails to notice the collision but the
1004 * CREATE_CHILD_SA request is even more delayed:
1005 *
1006 * rekey ----\ /---- rekey
1007 * \ /
1008 * detect collision <-----\---/
1009 * -------\-------->
1010 * detect collision <-------\-------- delete old SA
1011 * delete ---------\------>
1012 * \----->
1013 * /---- CHILD_SA_NOT_FOUND
1014 * aborts rekeying <----------/
1015 */
1016 START_TEST(test_collision_delayed_request_more)
1017 {
1018 ike_sa_t *a, *b;
1019 message_t *msg;
1020
1021 exchange_test_helper->establish_sa(exchange_test_helper,
1022 &a, &b, NULL);
1023
1024 /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
1025 * CHILD_SA):
1026 * N1/3 -----\ /----- N2/4
1027 * N3/5 <-----\--/
1028 * ... -----\ \-------> ...
1029 * We test this three times, each time a different nonce is the lowest.
1030 */
1031 struct {
1032 /* Nonces used at each point */
1033 u_char nonces[3];
1034 } data[] = {
1035 { { 0x00, 0xFF, 0xFF } },
1036 { { 0xFF, 0x00, 0xFF } },
1037 { { 0xFF, 0xFF, 0x00 } },
1038 };
1039
1040 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1041 initiate_rekey(a, 1);
1042 assert_ipsec_sas_installed(a, 1, 2);
1043 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1044 initiate_rekey(b, 2);
1045 assert_ipsec_sas_installed(b, 1, 2);
1046
1047 /* delay the CREATE_CHILD_SA request from a to b */
1048 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1049
1050 /* this should never get called as this results in a successful rekeying */
1051 assert_hook_not_called(child_updown);
1052
1053 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1054 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1055 assert_hook_rekey(child_rekey, 1, 5);
1056 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1057 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1058 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1059 assert_ipsec_sas_installed(a, 1, 2, 5);
1060 assert_hook();
1061 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
1062 assert_hook_rekey(child_rekey, 2, 4);
1063 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1064 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1065 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1066 assert_ipsec_sas_installed(b, 2, 4, 5);
1067 assert_hook();
1068
1069 /* we don't expect this hook to get called anymore */
1070 assert_hook_not_called(child_rekey);
1071
1072 /* <-- INFORMATIONAL { D } */
1073 assert_jobs_scheduled(1);
1074 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1075 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1076 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1077 assert_child_sa_count(a, 2);
1078 assert_ipsec_sas_installed(a, 1, 4, 5);
1079 assert_scheduler();
1080 /* INFORMATIONAL { D } --> */
1081 assert_jobs_scheduled(1);
1082 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1083 assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1084 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1085 assert_child_sa_count(b, 2);
1086 assert_ipsec_sas_installed(b, 2, 4, 5);
1087 assert_scheduler();
1088
1089 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1090 assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
1091 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1092 assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1093 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1094 assert_child_sa_count(b, 2);
1095 assert_ipsec_sas_installed(b, 2, 4, 5);
1096 /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
1097 assert_no_jobs_scheduled();
1098 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1099 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1100 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1101 assert_child_sa_count(a, 2);
1102 assert_ipsec_sas_installed(a, 1, 4, 5);
1103 assert_scheduler();
1104
1105 /* simulate the execution of the scheduled jobs */
1106 destroy_rekeyed(a, 1);
1107 assert_child_sa_count(a, 1);
1108 assert_ipsec_sas_installed(a, 4, 5);
1109 destroy_rekeyed(b, 2);
1110 assert_child_sa_count(b, 1);
1111 assert_ipsec_sas_installed(b, 4, 5);
1112
1113 /* child_rekey/child_updown */
1114 assert_hook();
1115 assert_hook();
1116
1117 assert_sa_idle(a);
1118 assert_sa_idle(b);
1119
1120 call_ikesa(a, destroy);
1121 call_ikesa(b, destroy);
1122 }
1123 END_TEST
1124
1125 /**
1126 * Both peers initiate the CHILD_SA reekying concurrently but the proposed DH
1127 * groups are not the same after handling the INVALID_KE_PAYLOAD they should
1128 * still handle the collision properly depending on the nonces.
1129 */
1130 START_TEST(test_collision_ke_invalid)
1131 {
1132 exchange_test_sa_conf_t conf = {
1133 .initiator = {
1134 .esp = "aes128-sha256-modp2048-modp3072",
1135 },
1136 .responder = {
1137 .esp = "aes128-sha256-modp3072-modp2048",
1138 },
1139 };
1140 ike_sa_t *a, *b;
1141
1142 exchange_test_helper->establish_sa(exchange_test_helper,
1143 &a, &b, &conf);
1144
1145 /* Eight nonces and SPIs are needed (SPI 1 and 2 are used for the initial
1146 * CHILD_SA):
1147 * N1/3 -----\ /----- N2/4
1148 * \--/-----> N3/5
1149 * N4/6 <-------/ /---- INVAL_KE
1150 * INVAL_KE -----\ /
1151 * <-----\--/
1152 * N5/7 -----\ \------->
1153 * \ /---- N6/8
1154 * \--/----> N7/9
1155 * N8/10 <--------/ /---- ...
1156 * ... ------\
1157 *
1158 * We test this four times, each time a different nonce is the lowest.
1159 */
1160 struct {
1161 /* Nonces used at each point */
1162 u_char nonces[4];
1163 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
1164 uint32_t spi_del_a, spi_del_b;
1165 /* SPIs of the kept CHILD_SA */
1166 uint32_t spi_a, spi_b;
1167 } data[] = {
1168 { { 0x00, 0xFF, 0xFF, 0xFF }, 7, 2,10, 8 },
1169 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 8, 7, 9 },
1170 { { 0xFF, 0xFF, 0x00, 0xFF }, 7, 2,10, 8 },
1171 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 8, 7, 9 },
1172 };
1173
1174 /* make sure the nonces of the first try don't affect the retries */
1175 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1176 initiate_rekey(a, 1);
1177 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1178 initiate_rekey(b, 2);
1179
1180 /* this should never get called as this results in a successful rekeying */
1181 assert_hook_not_called(child_updown);
1182
1183 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1184 assert_hook_not_called(child_rekey);
1185 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1186 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1187 assert_child_sa_count(b, 1);
1188 assert_hook();
1189 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1190 assert_hook_not_called(child_rekey);
1191 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1192 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1193 assert_child_sa_count(a, 1);
1194 assert_hook();
1195
1196 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
1197 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1198 assert_hook_not_called(child_rekey);
1199 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1200 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1201 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1202 assert_child_sa_count(a, 1);
1203 assert_hook();
1204 /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
1205 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1206 assert_hook_not_called(child_rekey);
1207 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1208 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1209 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1210 assert_child_sa_count(b, 1);
1211 assert_hook();
1212
1213 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1214 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1215 assert_hook_rekey(child_rekey, 2, 9);
1216 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1217 assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1218 assert_child_sa_state(b, 9, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1219 assert_hook();
1220 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1221 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
1222 assert_hook_rekey(child_rekey, 1, 10);
1223 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1224 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1225 assert_child_sa_state(a,10, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1226 assert_hook();
1227
1228 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
1229 if (data[_i].spi_del_a == 1)
1230 { /* currently we call this again if we keep our own replacement as we
1231 * already called it above */
1232 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
1233 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1234 assert_hook();
1235 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
1236 CHILD_OUTBOUND_REGISTERED);
1237 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1238 CHILD_OUTBOUND_INSTALLED);
1239 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
1240 CHILD_OUTBOUND_NONE);
1241 }
1242 else
1243 {
1244 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1245 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
1246 CHILD_OUTBOUND_INSTALLED);
1247 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1248 CHILD_OUTBOUND_REGISTERED);
1249 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
1250 CHILD_OUTBOUND_REGISTERED);
1251 }
1252 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
1253 if (data[_i].spi_del_b == 2)
1254 {
1255 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
1256 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1257 assert_hook();
1258 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
1259 CHILD_OUTBOUND_REGISTERED);
1260 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1261 CHILD_OUTBOUND_INSTALLED);
1262 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
1263 CHILD_OUTBOUND_NONE);
1264 }
1265 else
1266 {
1267 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1268 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
1269 CHILD_OUTBOUND_INSTALLED);
1270 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1271 CHILD_OUTBOUND_REGISTERED);
1272 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
1273 CHILD_OUTBOUND_REGISTERED);
1274 }
1275
1276
1277 /* we don't expect this hook to get called anymore */
1278 assert_hook_not_called(child_rekey);
1279 /* INFORMATIONAL { D } --> */
1280 assert_jobs_scheduled(1);
1281 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1282 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
1283 data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_NONE
1284 : CHILD_OUTBOUND_REGISTERED);
1285 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
1286 CHILD_OUTBOUND_NONE);
1287 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1288 CHILD_OUTBOUND_INSTALLED);
1289 assert_child_sa_count(b, 3);
1290 assert_scheduler();
1291 /* <-- INFORMATIONAL { D } */
1292 assert_jobs_scheduled(1);
1293 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1294 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
1295 data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_NONE
1296 : CHILD_OUTBOUND_REGISTERED);
1297 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
1298 CHILD_OUTBOUND_NONE);
1299 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1300 CHILD_OUTBOUND_INSTALLED);
1301 assert_child_sa_count(a, 3);
1302 assert_scheduler();
1303 /* <-- INFORMATIONAL { D } */
1304 assert_jobs_scheduled(1);
1305 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1306 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED,
1307 CHILD_OUTBOUND_NONE);
1308 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
1309 CHILD_OUTBOUND_NONE);
1310 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1311 CHILD_OUTBOUND_INSTALLED);
1312 assert_child_sa_count(a, 3);
1313 assert_scheduler();
1314 /* INFORMATIONAL { D } --> */
1315 assert_jobs_scheduled(1);
1316 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1317 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
1318 CHILD_OUTBOUND_NONE);
1319 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
1320 CHILD_OUTBOUND_NONE);
1321 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1322 CHILD_OUTBOUND_INSTALLED);
1323 assert_child_sa_count(b, 3);
1324 assert_scheduler();
1325
1326 /* simulate the execution of the scheduled jobs */
1327 destroy_rekeyed(a, data[_i].spi_del_a);
1328 destroy_rekeyed(a, data[_i].spi_del_b);
1329 assert_child_sa_count(a, 1);
1330 assert_ipsec_sas_installed(a, data[_i].spi_a, data[_i].spi_b);
1331 destroy_rekeyed(b, data[_i].spi_del_a);
1332 destroy_rekeyed(b, data[_i].spi_del_b);
1333 assert_child_sa_count(b, 1);
1334 assert_ipsec_sas_installed(b, data[_i].spi_a, data[_i].spi_b);
1335
1336 /* child_rekey/child_updown */
1337 assert_hook();
1338 assert_hook();
1339
1340 assert_sa_idle(a);
1341 assert_sa_idle(b);
1342
1343 call_ikesa(a, destroy);
1344 call_ikesa(b, destroy);
1345 }
1346 END_TEST
1347
1348 /**
1349 * This is a variation of the above but with the retry by one peer delayed so
1350 * that to the other peer it looks like there is no collision.
1351 */
1352 START_TEST(test_collision_ke_invalid_delayed_retry)
1353 {
1354 exchange_test_sa_conf_t conf = {
1355 .initiator = {
1356 .esp = "aes128-sha256-modp2048-modp3072",
1357 },
1358 .responder = {
1359 .esp = "aes128-sha256-modp3072-modp2048",
1360 },
1361 };
1362 ike_sa_t *a, *b;
1363 message_t *msg;
1364
1365 exchange_test_helper->establish_sa(exchange_test_helper,
1366 &a, &b, &conf);
1367
1368 /* Seven nonces and SPIs are needed (SPI 1 and 2 are used for the initial
1369 * CHILD_SA):
1370 * N1/3 -----\ /----- N2/4
1371 * \--/-----> N3/5
1372 * N4/6 <-------/ /---- INVAL_KE
1373 * INVAL_KE -----\ /
1374 * <-----\--/
1375 * N5/7 -----\ \------->
1376 * <-----\--------- N6/8
1377 * N7/9 -------\------->
1378 * <-------\------- DELETE
1379 * ... ------\ \----->
1380 * /---- TEMP_FAIL
1381 *
1382 * We test this three times, each time a different nonce is the lowest.
1383 */
1384 struct {
1385 /* Nonces used at each point */
1386 u_char nonces[3];
1387 } data[] = {
1388 { { 0x00, 0xFF, 0xFF } },
1389 { { 0xFF, 0x00, 0xFF } },
1390 { { 0xFF, 0xFF, 0x00 } },
1391 };
1392
1393 /* make sure the nonces of the first try don't affect the retries */
1394 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1395 initiate_rekey(a, 1);
1396 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1397 initiate_rekey(b, 2);
1398
1399 /* this should never get called as this results in a successful rekeying */
1400 assert_hook_not_called(child_updown);
1401
1402 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1403 assert_hook_not_called(child_rekey);
1404 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1405 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1406 assert_child_sa_count(b, 1);
1407 assert_hook();
1408 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1409 assert_hook_not_called(child_rekey);
1410 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1411 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1412 assert_child_sa_count(a, 1);
1413 assert_hook();
1414
1415 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
1416 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1417 assert_hook_not_called(child_rekey);
1418 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1419 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1420 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1421 assert_child_sa_count(a, 1);
1422 assert_hook();
1423 /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
1424 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1425 assert_hook_not_called(child_rekey);
1426 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1427 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1428 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1429 assert_child_sa_count(b, 1);
1430 assert_hook();
1431
1432 /* delay the CREATE_CHILD_SA request from a to b */
1433 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1434
1435 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1436 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1437 assert_hook_rekey(child_rekey, 1, 9);
1438 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1439 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1440 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1441 assert_hook();
1442 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
1443 assert_hook_rekey(child_rekey, 2, 8);
1444 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1445 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1446 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1447 assert_hook();
1448
1449 /* we don't expect this hook to get called anymore */
1450 assert_hook_not_called(child_rekey);
1451
1452 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
1453 assert_single_notify(OUT, TEMPORARY_FAILURE);
1454 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1455 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1456 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1457
1458 /* <-- INFORMATIONAL { D } */
1459 assert_jobs_scheduled(1);
1460 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1461 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1462 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1463 assert_child_sa_count(a, 2);
1464 assert_scheduler();
1465
1466 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1467 assert_no_jobs_scheduled();
1468 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1469 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1470 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1471 assert_child_sa_count(a, 2);
1472 assert_scheduler();
1473
1474 /* INFORMATIONAL { D } --> */
1475 assert_jobs_scheduled(1);
1476 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1477 assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1478 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1479 assert_child_sa_count(b, 2);
1480 assert_scheduler();
1481
1482 /* simulate the execution of the scheduled jobs */
1483 destroy_rekeyed(a, 1);
1484 assert_child_sa_count(a, 1);
1485 assert_ipsec_sas_installed(a, 8, 9);
1486 destroy_rekeyed(b, 2);
1487 assert_child_sa_count(b, 1);
1488 assert_ipsec_sas_installed(b, 8, 9);
1489
1490 /* child_rekey/child_updown */
1491 assert_hook();
1492 assert_hook();
1493
1494 assert_sa_idle(a);
1495 assert_sa_idle(b);
1496
1497 call_ikesa(a, destroy);
1498 call_ikesa(b, destroy);
1499 }
1500 END_TEST
1501
1502 /**
1503 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1504 * concurrently trying to rekey.
1505 *
1506 * rekey ----\ /---- delete
1507 * \-----/----> detect collision
1508 * detect collision <---------/ /---- TEMP_FAIL
1509 * delete ----\ /
1510 * \----/----->
1511 * aborts rekeying <--------/
1512 */
1513 START_TEST(test_collision_delete)
1514 {
1515 ike_sa_t *a, *b;
1516 uint32_t spi_a = _i+1, spi_b = 2-_i;
1517
1518 if (_i)
1519 { /* responder rekeys the CHILD_SA (SPI 2) */
1520 exchange_test_helper->establish_sa(exchange_test_helper,
1521 &b, &a, NULL);
1522 }
1523 else
1524 { /* initiator rekeys the CHILD_SA (SPI 1) */
1525 exchange_test_helper->establish_sa(exchange_test_helper,
1526 &a, &b, NULL);
1527 }
1528 initiate_rekey(a, spi_a);
1529 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1530 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1531
1532 /* this should never get called as there is no successful rekeying on
1533 * either side */
1534 assert_hook_not_called(child_rekey);
1535
1536 /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
1537 * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1538 */
1539
1540 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1541 assert_hook_not_called(child_updown);
1542 assert_notify(IN, REKEY_SA);
1543 assert_single_notify(OUT, TEMPORARY_FAILURE);
1544 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1545 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1546 assert_hook();
1547
1548 /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
1549 * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
1550 * payload.
1551 */
1552
1553 /* <-- INFORMATIONAL { D } */
1554 assert_hook_updown(child_updown, FALSE);
1555 assert_single_payload(IN, PLV2_DELETE);
1556 assert_single_payload(OUT, PLV2_DELETE);
1557 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1558 assert_child_sa_count(a, 0);
1559 assert_hook();
1560
1561 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1562 assert_hook_not_called(child_updown);
1563 /* we don't expect a job to retry the rekeying */
1564 assert_no_jobs_scheduled();
1565 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1566 assert_scheduler();
1567 assert_hook();
1568
1569 /* INFORMATIONAL { D } --> */
1570 assert_hook_updown(child_updown, FALSE);
1571 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1572 assert_child_sa_count(b, 0);
1573 assert_hook();
1574
1575 /* child_rekey */
1576 assert_hook();
1577
1578 assert_sa_idle(a);
1579 assert_sa_idle(b);
1580
1581 call_ikesa(a, destroy);
1582 call_ikesa(b, destroy);
1583 }
1584 END_TEST
1585
1586 /**
1587 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1588 * concurrently trying to rekey. However, the delete request is delayed or
1589 * dropped, so the peer doing the rekeying is unaware of the collision.
1590 *
1591 * rekey ----\ /---- delete
1592 * \-----/----> detect collision
1593 * reschedule <---------/------ TEMP_FAIL
1594 * <--------/
1595 * delete ---------------->
1596 *
1597 * The job will not find the SA to retry rekeying.
1598 */
1599 START_TEST(test_collision_delete_drop_delete)
1600 {
1601 ike_sa_t *a, *b;
1602 message_t *msg;
1603 uint32_t spi_a = _i+1, spi_b = 2-_i;
1604
1605 if (_i)
1606 { /* responder rekeys the CHILD_SA (SPI 2) */
1607 exchange_test_helper->establish_sa(exchange_test_helper,
1608 &b, &a, NULL);
1609 }
1610 else
1611 { /* initiator rekeys the CHILD_SA (SPI 1) */
1612 exchange_test_helper->establish_sa(exchange_test_helper,
1613 &a, &b, NULL);
1614 }
1615 initiate_rekey(a, spi_a);
1616 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1617 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1618
1619 /* this should never get called as there is no successful rekeying on
1620 * either side */
1621 assert_hook_not_called(child_rekey);
1622
1623 /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
1624 * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1625 */
1626
1627 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1628 assert_hook_not_called(child_updown);
1629 assert_notify(IN, REKEY_SA);
1630 assert_single_notify(OUT, TEMPORARY_FAILURE);
1631 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1632 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1633 assert_hook();
1634
1635 /* delay the DELETE request */
1636 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1637
1638 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1639 assert_hook_not_called(child_updown);
1640 /* we expect a job to retry the rekeying is scheduled */
1641 assert_jobs_scheduled(1);
1642 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1643 assert_child_sa_state(a, spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1644 assert_scheduler();
1645 assert_hook();
1646
1647 /* <-- INFORMATIONAL { D } (delayed) */
1648 assert_hook_updown(child_updown, FALSE);
1649 assert_single_payload(IN, PLV2_DELETE);
1650 assert_single_payload(OUT, PLV2_DELETE);
1651 exchange_test_helper->process_message(exchange_test_helper, a, msg);
1652 assert_child_sa_count(a, 0);
1653 assert_hook();
1654
1655 /* INFORMATIONAL { D } --> */
1656 assert_hook_updown(child_updown, FALSE);
1657 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1658 assert_child_sa_count(b, 0);
1659 assert_hook();
1660
1661 /* child_rekey */
1662 assert_hook();
1663
1664 assert_sa_idle(a);
1665 assert_sa_idle(b);
1666
1667 call_ikesa(a, destroy);
1668 call_ikesa(b, destroy);
1669 }
1670 END_TEST
1671
1672 /**
1673 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1674 * concurrently trying to rekey. However, the rekey request is delayed or
1675 * dropped, so the peer doing the deleting is unaware of the collision.
1676 *
1677 * rekey ----\ /---- delete
1678 * detect collision <----\-----/
1679 * delete ------\--------->
1680 * \-------->
1681 * /---- CHILD_SA_NOT_FOUND
1682 * aborts rekeying <----------/
1683 */
1684 START_TEST(test_collision_delete_drop_rekey)
1685 {
1686 ike_sa_t *a, *b;
1687 message_t *msg;
1688 uint32_t spi_a = _i+1, spi_b = 2-_i;
1689
1690 if (_i)
1691 { /* responder rekeys the CHILD_SA (SPI 2) */
1692 exchange_test_helper->establish_sa(exchange_test_helper,
1693 &b, &a, NULL);
1694 }
1695 else
1696 { /* initiator rekeys the CHILD_SA (SPI 1) */
1697 exchange_test_helper->establish_sa(exchange_test_helper,
1698 &a, &b, NULL);
1699 }
1700 initiate_rekey(a, spi_a);
1701 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1702 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1703
1704 /* this should never get called as there is no successful rekeying on
1705 * either side */
1706 assert_hook_not_called(child_rekey);
1707
1708 /* delay the CREATE_CHILD_SA request */
1709 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1710
1711 /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
1712 * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
1713 * payload.
1714 */
1715
1716 /* <-- INFORMATIONAL { D } */
1717 assert_hook_updown(child_updown, FALSE);
1718 assert_single_payload(IN, PLV2_DELETE);
1719 assert_single_payload(OUT, PLV2_DELETE);
1720 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1721 assert_child_sa_count(a, 0);
1722 assert_hook();
1723
1724 /* INFORMATIONAL { D } --> */
1725 assert_hook_updown(child_updown, FALSE);
1726 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1727 assert_child_sa_count(b, 0);
1728 assert_hook();
1729
1730 /* RFC 7296, 2.25.1: If a peer receives a to rekey a Child SA that does not
1731 * exist, it SHOULD reply with CHILD_SA_NOT_FOUND.
1732 */
1733
1734 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
1735 assert_hook_not_called(child_updown);
1736 assert_notify(IN, REKEY_SA);
1737 assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
1738 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1739 assert_hook();
1740
1741 /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
1742 assert_hook_not_called(child_updown);
1743 /* no jobs or tasks should get scheduled/queued */
1744 assert_no_jobs_scheduled();
1745 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1746 assert_scheduler();
1747 assert_hook();
1748
1749 /* child_rekey */
1750 assert_hook();
1751
1752 assert_sa_idle(a);
1753 assert_sa_idle(b);
1754
1755 call_ikesa(a, destroy);
1756 call_ikesa(b, destroy);
1757 }
1758 END_TEST
1759
1760 /**
1761 * FIXME: Not sure what we can do about the following:
1762 *
1763 * One of the hosts initiates a rekeying of a CHILD_SA and after responding to
1764 * it the other peer deletes the new SA. However, the rekey response is
1765 * delayed or dropped, so the peer doing the rekeying receives a delete for an
1766 * unknown CHILD_SA and then has a rekeyed CHILD_SA that should not exist.
1767 *
1768 * rekey ---------------->
1769 * /---- rekey
1770 * unknown SA <----------/----- delete new SA
1771 * ----------/----->
1772 * <--------/
1773 *
1774 * The peers' states are now out of sync.
1775 *
1776 * Perhaps the rekey initiator could keep track of deletes for non-existing SAs
1777 * while rekeying and then check against the SPIs when handling the
1778 * CREATE_CHILD_SA response.
1779 */
1780
1781
1782 /**
1783 * One of the hosts initiates a rekey of the IKE_SA of the CHILD_SA the other
1784 * peer is concurrently trying to rekey.
1785 *
1786 * rekey ----\ /---- rekey IKE
1787 * \-----/----> detect collision
1788 * detect collision <---------/ /---- TEMP_FAIL
1789 * TEMP_FAIL ----\ /
1790 * \----/----->
1791 * <--------/
1792 */
1793 START_TEST(test_collision_ike_rekey)
1794 {
1795 ike_sa_t *a, *b;
1796 uint32_t spi_a = _i+1;
1797
1798 if (_i)
1799 { /* responder rekeys the CHILD_SA (SPI 2) */
1800 exchange_test_helper->establish_sa(exchange_test_helper,
1801 &b, &a, NULL);
1802 }
1803 else
1804 { /* initiator rekeys the CHILD_SA (SPI 1) */
1805 exchange_test_helper->establish_sa(exchange_test_helper,
1806 &a, &b, NULL);
1807 }
1808 initiate_rekey(a, spi_a);
1809 call_ikesa(b, rekey);
1810 assert_ike_sa_state(b, IKE_REKEYING);
1811
1812 /* these should never get called as there is no successful rekeying on
1813 * either side */
1814 assert_hook_not_called(ike_rekey);
1815 assert_hook_not_called(child_rekey);
1816
1817 /* RFC 7296, 2.25.2: If a peer receives a request to rekey a CHILD_SA when
1818 * it is currently rekeying the IKE SA, it SHOULD reply with
1819 * TEMPORARY_FAILURE.
1820 */
1821
1822 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1823 assert_single_notify(OUT, TEMPORARY_FAILURE);
1824 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1825 assert_ike_sa_state(b, IKE_REKEYING);
1826
1827 /* RFC 7296, 2.25.1: If a peer receives a request to rekey the IKE SA, and
1828 * it is currently, rekeying, or closing a Child SA of that IKE SA, it
1829 * SHOULD reply with TEMPORARY_FAILURE.
1830 */
1831
1832 /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
1833 assert_single_notify(OUT, TEMPORARY_FAILURE);
1834 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1835 assert_child_sa_state(a, spi_a, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1836
1837 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1838 /* we expect a job to retry the rekeying is scheduled */
1839 assert_jobs_scheduled(1);
1840 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1841 assert_child_sa_state(a, spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1842 assert_scheduler();
1843
1844 /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */
1845 /* we expect a job to retry the rekeying is scheduled */
1846 assert_jobs_scheduled(1);
1847 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1848 assert_ike_sa_state(b, IKE_ESTABLISHED);
1849 assert_scheduler();
1850
1851 /* ike_rekey/child_rekey */
1852 assert_hook();
1853 assert_hook();
1854
1855 assert_sa_idle(a);
1856 assert_sa_idle(b);
1857
1858 call_ikesa(a, destroy);
1859 call_ikesa(b, destroy);
1860 }
1861 END_TEST
1862
1863 /**
1864 * One of the hosts initiates a delete of the IKE_SA of the CHILD_SA the other
1865 * peer is concurrently trying to rekey.
1866 *
1867 * rekey ----\ /---- delete IKE
1868 * \-----/----> detect collision
1869 * <---------/ /---- TEMP_FAIL
1870 * delete ----\ /
1871 * \----/----->
1872 * sa already gone <--------/
1873 */
1874 START_TEST(test_collision_ike_delete)
1875 {
1876 ike_sa_t *a, *b;
1877 uint32_t spi_a = _i+1;
1878 message_t *msg;
1879 status_t s;
1880
1881 if (_i)
1882 { /* responder rekeys the CHILD_SA (SPI 2) */
1883 exchange_test_helper->establish_sa(exchange_test_helper,
1884 &b, &a, NULL);
1885 }
1886 else
1887 { /* initiator rekeys the CHILD_SA (SPI 1) */
1888 exchange_test_helper->establish_sa(exchange_test_helper,
1889 &a, &b, NULL);
1890 }
1891 initiate_rekey(a, spi_a);
1892 call_ikesa(b, delete, FALSE);
1893 assert_ike_sa_state(b, IKE_DELETING);
1894
1895 /* this should never get called as there is no successful rekeying on
1896 * either side */
1897 assert_hook_not_called(child_rekey);
1898
1899 /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if
1900 * a peer receives a request to rekey a CHILD_SA when it is currently
1901 * closing the IKE SA. We expect a TEMPORARY_FAILURE notify.
1902 */
1903
1904 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1905 assert_single_notify(OUT, TEMPORARY_FAILURE);
1906 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1907 assert_ike_sa_state(b, IKE_DELETING);
1908
1909 /* RFC 7296, 2.25.1 does not explicitly state what the behavior SHOULD be if
1910 * a peer receives a request to close the IKE SA if it is currently rekeying
1911 * a Child SA of that IKE SA. Let's just close the IKE_SA and forget the
1912 * rekeying.
1913 */
1914
1915 /* <-- INFORMATIONAL { D } */
1916 assert_hook_updown(ike_updown, FALSE);
1917 assert_hook_updown(child_updown, FALSE);
1918 assert_message_empty(OUT);
1919 s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1920 ck_assert_int_eq(DESTROY_ME, s);
1921 call_ikesa(a, destroy);
1922 assert_hook();
1923 assert_hook();
1924
1925 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1926 /* the SA is already gone */
1927 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1928 msg->destroy(msg);
1929
1930 /* INFORMATIONAL { } --> */
1931 assert_hook_updown(ike_updown, FALSE);
1932 assert_hook_updown(child_updown, FALSE);
1933 s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1934 ck_assert_int_eq(DESTROY_ME, s);
1935 call_ikesa(b, destroy);
1936 assert_hook();
1937 assert_hook();
1938
1939 /* child_rekey */
1940 assert_hook();
1941 }
1942 END_TEST
1943
1944 Suite *child_rekey_suite_create()
1945 {
1946 Suite *s;
1947 TCase *tc;
1948
1949 s = suite_create("child rekey");
1950
1951 tc = tcase_create("regular");
1952 tcase_add_loop_test(tc, test_regular, 0, 2);
1953 tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2);
1954 tcase_add_test(tc, test_regular_responder_ignore_soft_expire);
1955 tcase_add_test(tc, test_regular_responder_handle_hard_expire);
1956 suite_add_tcase(s, tc);
1957
1958 tc = tcase_create("collisions rekey");
1959 tcase_add_loop_test(tc, test_collision, 0, 4);
1960 tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4);
1961 tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3);
1962 tcase_add_loop_test(tc, test_collision_delayed_request_more, 0, 3);
1963 tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4);
1964 tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3);
1965 suite_add_tcase(s, tc);
1966
1967 tc = tcase_create("collisions delete");
1968 tcase_add_loop_test(tc, test_collision_delete, 0, 2);
1969 tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2);
1970 tcase_add_loop_test(tc, test_collision_delete_drop_rekey, 0, 2);
1971 suite_add_tcase(s, tc);
1972
1973 tc = tcase_create("collisions ike rekey");
1974 tcase_add_loop_test(tc, test_collision_ike_rekey, 0, 2);
1975 suite_add_tcase(s, tc);
1976
1977 tc = tcase_create("collisions ike delete");
1978 tcase_add_loop_test(tc, test_collision_ike_delete, 0, 2);
1979 suite_add_tcase(s, tc);
1980
1981 return s;
1982 }
Unnamed repository; edit this file 'description' to name the repository.