/*
- * Copyright (C) 2016 Tobias Brunner
+ * Copyright (C) 2016-2020 Tobias Brunner
*
* Copyright (C) secunet Security Networks AG
*
}
END_TEST
+/**
+ * Config for multiple KE exchange tests
+ */
+static exchange_test_sa_conf_t multi_ke_conf = {
+ .initiator = {
+ .ike = "aes256-sha256-modp3072-ke1_ecp256",
+ },
+ .responder = {
+ .ike = "aes256-sha256-modp3072-ke1_ecp256",
+ },
+};
+
+/**
+ * Regular IKE_SA rekeying with multiple key exchanges either initiated by the
+ * original initiator or responder of the IKE_SA.
+ */
+START_TEST(test_regular_multi_ke)
+{
+ ike_sa_t *a, *b, *new_sa;
+ status_t s;
+
+ if (_i)
+ { /* responder rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, &multi_ke_conf);
+ }
+ else
+ { /* initiator rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &multi_ke_conf);
+ }
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ initiate_rekey(a);
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ assert_hook_not_called(ike_rekey);
+ assert_no_notify(IN, REKEY_SA);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr, N(ADD_KE) } */
+ assert_hook_not_called(ike_rekey);
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* IKE_FOLLOWUP_KE { KEi, N(ADD_KE) } --> */
+ assert_hook_rekey(ike_rekey, 1, 3);
+ assert_payload(IN, PLV2_KEY_EXCHANGE);
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYED);
+ assert_child_sa_count(b, 0);
+ new_sa = assert_ike_sa_checkout(3, 4, FALSE);
+ assert_ike_sa_state(new_sa, IKE_ESTABLISHED);
+ assert_child_sa_count(new_sa, 1);
+ assert_ike_sa_count(1);
+ assert_hook();
+
+ /* <-- IKE_FOLLOWUP_KE { KEr } */
+ assert_hook_rekey(ike_rekey, 1, 3);
+ assert_payload(IN, PLV2_KEY_EXCHANGE);
+ assert_no_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_DELETING);
+ assert_child_sa_count(a, 0);
+ new_sa = assert_ike_sa_checkout(3, 4, TRUE);
+ assert_ike_sa_state(new_sa, IKE_ESTABLISHED);
+ assert_child_sa_count(new_sa, 1);
+ assert_ike_sa_count(2);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(ike_rekey);
+
+ /* INFORMATIONAL { D } --> */
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ /* <-- INFORMATIONAL { } */
+ assert_message_empty(IN);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+
+ /* ike_rekey/ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
/**
* IKE_SA rekeying where the responder does not agree with the DH group selected
* by the initiator, either initiated by the original initiator or responder of
}
END_TEST
+/**
+ * IKE_SA rekeying with multiple key exchanges where the responder does not
+ * agree with the first DH group selected by the initiator, either initiated by
+ * the original initiator or responder of the IKE_SA.
+ */
+START_TEST(test_regular_ke_invalid_multi_ke)
+{
+ exchange_test_sa_conf_t conf = {
+ .initiator = {
+ .ike = "aes128-sha256-modp2048-modp3072-ke1_ecp256",
+ },
+ .responder = {
+ .ike = "aes128-sha256-modp3072-modp2048-ke1_ecp256",
+ },
+ };
+ ike_sa_t *a, *b, *sa;
+ status_t s;
+
+ lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
+ FALSE, lib->ns);
+ if (_i)
+ { /* responder rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, &conf);
+ }
+ else
+ { /* initiator rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &conf);
+ }
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
+ TRUE, lib->ns);
+ lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group",
+ FALSE, lib->ns);
+
+ initiate_rekey(a);
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_ESTABLISHED);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+
+ /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
+ assert_single_notify(IN, INVALID_KE_PAYLOAD);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr, N(ADD_KE) } */
+ assert_hook_not_called(ike_rekey);
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* IKE_FOLLOWUP_KE { KEi, N(ADD_KE) } --> */
+ assert_hook_rekey(ike_rekey, 1, 3);
+ assert_payload(IN, PLV2_KEY_EXCHANGE);
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYED);
+ assert_child_sa_count(b, 0);
+ sa = assert_ike_sa_checkout(3, 5, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(1);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */
+ assert_hook_rekey(ike_rekey, 1, 3);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_DELETING);
+ assert_child_sa_count(a, 0);
+ sa = assert_ike_sa_checkout(3, 5, TRUE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(2);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(ike_rekey);
+
+ /* INFORMATIONAL { D } --> */
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ /* <-- INFORMATIONAL { } */
+ assert_message_empty(IN);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+
+ /* ike_rekey/ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
/**
* Both peers initiate the IKE_SA rekeying concurrently and should handle the
* collision properly depending on the nonces.
assert_ike_sa_count(0);
assert_hook();
- /* simplify next steps by checking in original IKE_SAs */
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, a);
- charon->ike_sa_manager->checkin(charon->ike_sa_manager, b);
- assert_ike_sa_count(2);
+ /* simplify next steps by checking in original IKE_SAs */
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, a);
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, b);
+ assert_ike_sa_count(2);
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ /* as original initiator, a is initiator of both SAs it could delete */
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
+ assert_ike_sa_state(sa, IKE_DELETING);
+ assert_child_sa_count(sa, 0);
+ /* if b won, it will delete the original SA a initiated */
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i == 1);
+ assert_ike_sa_state(sa, IKE_REKEYED);
+ assert_child_sa_count(sa, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
+ data[_i].del_a_i == 1);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(4);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Nr, KEr } --> */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ /* if b wins, it deletes the SA originally initiated by a */
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i != 1);
+ assert_ike_sa_state(sa, IKE_DELETING);
+ assert_child_sa_count(sa, 0);
+ /* a only deletes SAs for which b is responder */
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+ assert_ike_sa_state(sa, IKE_REKEYED);
+ assert_child_sa_count(sa, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
+ data[_i].del_b_i == 1);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(6);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(ike_rekey);
+
+ /* INFORMATIONAL { D } --> */
+ assert_single_payload(IN, PLV2_DELETE);
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(5);
+ /* <-- INFORMATIONAL { D } */
+ assert_single_payload(IN, PLV2_DELETE);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i == 1);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(4);
+ /* <-- INFORMATIONAL { } */
+ assert_message_empty(IN);
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(3);
+ /* INFORMATIONAL { } --> */
+ assert_message_empty(IN);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+ data[_i].del_b_i != 1);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(2);
+
+ /* ike_rekey/ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
+/**
+ * Both peers initiate the IKE_SA rekeying with multiple key exchanges
+ * concurrently and should handle the collision properly depending on the
+ * nonces.
+ */
+START_TEST(test_collision_multi_ke)
+{
+ ike_sa_t *a, *b, *sa;
+ status_t status;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &multi_ke_conf);
+
+ /* When rekeyings collide we get two IKE_SAs with a total of four nonces.
+ * The IKE_SA with the lowest nonce SHOULD be deleted by the peer that
+ * created that IKE_SA. However, with multiple key exchanges, no IKE_SA
+ * has yet been established, so the losing peer just doesn't continue with
+ * IKE_FOLLOWUP_KE exchanges (i.e. that SA is not explicitly deleted later).
+ * The replaced IKE_SA is deleted by the peer that initiated the
+ * surviving SA. Four nonces and SPIs are needed (SPI 1 and 2 are used for
+ * the initial IKE_SA):
+ * N1/3 -----\ /----- N2/4
+ * \--/-----> N3/5
+ * N4/6 <-------/ /----- ...
+ * ... -----\
+ * We test this four times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[4];
+ /* SPIs of the "deleted" IKE_SAs (either redundant or replaced) */
+ uint32_t del_a_i, del_a_r;
+ uint32_t del_b_i, del_b_r;
+ /* SPIs of the kept IKE_SA */
+ uint32_t spi_i, spi_r;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
+ { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 },
+ };
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b);
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* simplify next steps by checking in original IKE_SAs */
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, a);
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, b);
+ assert_ike_sa_count(2);
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr, N(ADD_KE) } */
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ /* if a won, it must remove the passive task, otherwise the active task,
+ * no new SA is yet created */
+ assert_num_tasks(a, data[_i].del_a_i == 1 ? 0 : 1, TASK_QUEUE_PASSIVE);
+ assert_num_tasks(a, data[_i].del_a_i == 1 ? 1 : 0, TASK_QUEUE_ACTIVE);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_ike_sa_count(2);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Nr, KEr, N(ADD_KE) } --> */
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_num_tasks(b, data[_i].del_b_i == 1 ? 0 : 1, TASK_QUEUE_PASSIVE);
+ assert_num_tasks(b, data[_i].del_b_i == 1 ? 1 : 0, TASK_QUEUE_ACTIVE);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_ike_sa_count(2);
+ assert_hook();
+
+ /* IKE_FOLLOWUP_KE { KEi, N(ADD_KE) } --> (direction depends on who won) */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ assert_payload(IN, PLV2_KEY_EXCHANGE);
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ /* if a won, this message is sent to b */
+ sa = assert_ike_sa_checkout(1, 2, data[_i].del_a_i != 1);
+ exchange_test_helper->process_message(exchange_test_helper, sa, NULL);
+ assert_ike_sa_state(sa, IKE_REKEYED);
+ assert_child_sa_count(sa, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(3);
+ assert_hook();
+
+ /* <-- IKE_FOLLOWUP_KE { KEr } */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ assert_payload(IN, PLV2_KEY_EXCHANGE);
+ assert_no_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ sa = assert_ike_sa_checkout(1, 2, data[_i].del_a_i == 1);
+ exchange_test_helper->process_message(exchange_test_helper, sa, NULL);
+ assert_ike_sa_state(sa, IKE_DELETING);
+ assert_child_sa_count(sa, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, TRUE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(4);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(ike_rekey);
+
+ /* INFORMATIONAL { D } --> */
+ assert_single_payload(IN, PLV2_DELETE);
+ sa = assert_ike_sa_checkout(1, 2, data[_i].del_a_i != 1);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(3);
+ /* <-- INFORMATIONAL { } */
+ assert_message_empty(IN);
+ sa = assert_ike_sa_checkout(1, 2, data[_i].del_a_i == 1);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(2);
+
+ /* ike_rekey/ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
+/**
+ * Both peers initiate an IKE_SA rekeying concurrently, but only one of them
+ * proposes multiple key exchanges, they should still handle the collision
+ * properly.
+ */
+START_TEST(test_collision_mixed)
+{
+ exchange_test_sa_conf_t conf = {
+ .initiator = {
+ .ike = "aes256-sha256-modp3072-ke1_ecp256,aes256-sha256-modp3072",
+ },
+ .responder = {
+ .ike = "aes256-sha256-modp3072,aes256-sha256-modp3072-ke1_ecp256",
+ },
+ };
+ ike_sa_t *a, *b, *sa;
+ status_t status;
+
+ /* let's accept what the peer proposes first */
+ lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
+ FALSE, lib->ns);
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &conf);
+
+ /* When rekeyings collide, we get two IKE_SAs with a total of four nonces.
+ * The IKE_SA with the lowest nonce SHOULD be deleted by the peer that
+ * created that IKE_SA. In this mixed scenario, there might already be
+ * a complete IKE_SA depending on who initiates the rekeying. This has then
+ * to be deleted properly (like with regular collisions).
+ * The replaced IKE_SA is deleted by the peer that initiated the
+ * surviving SA. Four nonces and SPIs are needed (SPI 1 and 2 are used for
+ * the initial IKE_SA):
+ * N1/3 -----\ /----- N2/4
+ * \--/-----> N3/5
+ * N4/6 <-------/ /----- ...
+ * ... -----\
+ * We test this four times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[4];
+ /* SPIs of the "deleted" IKE_SAs (either redundant or replaced) */
+ uint32_t del_a_i, del_a_r;
+ uint32_t del_b_i, del_b_r;
+ /* SPIs of the kept IKE_SA */
+ uint32_t spi_i, spi_r;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
+ { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 },
+ };
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b);
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* simplify next steps by checking in original IKE_SAs */
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, a);
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, b);
+ assert_ike_sa_count(2);
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr, N(ADD_KE) } */
+ if (data[_i].del_a_i == 1)
+ { /* if A won, it will continue with the multi-KE rekeying, while B has to
+ * delete the redundant SA it created */
+ assert_hook_not_called(ike_rekey);
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ /* B's rekeying is single KE, so we never expect a passive task */
+ assert_num_tasks(a, 0, TASK_QUEUE_PASSIVE);
+ assert_num_tasks(a, 1, TASK_QUEUE_ACTIVE);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ /* B is expected to delete this redundant SA */
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE);
+ assert_ike_sa_state(sa, IKE_REKEYED);
+ assert_child_sa_count(sa, 0);
+ assert_ike_sa_count(3);
+
+ /* CREATE_CHILD_SA { SA, Nr, KEr } --> */
+ assert_no_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_num_tasks(b, 1, TASK_QUEUE_PASSIVE);
+ assert_num_tasks(b, 0, TASK_QUEUE_ACTIVE);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, TRUE);
+ assert_ike_sa_state(sa, IKE_DELETING);
+ assert_child_sa_count(sa, 0);
+ assert_ike_sa_count(4);
+ /* ike_rekey */
+ assert_hook();
+
+ /* IKE_FOLLOWUP_KE { KEi, N(ADD_KE) } --> */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ assert_payload(IN, PLV2_KEY_EXCHANGE);
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYED);
+ assert_child_sa_count(b, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(5);
+ assert_hook();
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_not_called(ike_rekey);
+ assert_single_payload(IN, PLV2_DELETE);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(4);
+ assert_hook();
- /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */
- assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
- exchange_test_helper->process_message(exchange_test_helper, a, NULL);
- /* as original initiator a is initiator of both SAs it could delete */
- sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
- assert_ike_sa_state(sa, IKE_DELETING);
- assert_child_sa_count(sa, 0);
- /* if b won it will delete the original SA a initiated */
- sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
- data[_i].del_b_i == 1);
- assert_ike_sa_state(sa, IKE_REKEYED);
- assert_child_sa_count(sa, 0);
- sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
- data[_i].del_a_i == 1);
- assert_ike_sa_state(sa, IKE_ESTABLISHED);
- assert_child_sa_count(sa, 1);
- assert_ike_sa_count(4);
- assert_hook();
+ /* <-- IKE_FOLLOWUP_KE { KEr } */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ assert_payload(IN, PLV2_KEY_EXCHANGE);
+ assert_no_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_DELETING);
+ assert_child_sa_count(a, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, TRUE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(5);
+ assert_hook();
- /* CREATE_CHILD_SA { SA, Nr, KEr } --> */
- assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
- exchange_test_helper->process_message(exchange_test_helper, b, NULL);
- /* if b wins it deletes the SA originally initiated by a */
- sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
- data[_i].del_b_i != 1);
- assert_ike_sa_state(sa, IKE_DELETING);
- assert_child_sa_count(sa, 0);
- /* a only deletes SAs for which b is responder */
- sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
- assert_ike_sa_state(sa, IKE_REKEYED);
- assert_child_sa_count(sa, 0);
- sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
- data[_i].del_b_i == 1);
- assert_ike_sa_state(sa, IKE_ESTABLISHED);
- assert_child_sa_count(sa, 1);
- assert_ike_sa_count(6);
- assert_hook();
+ /* INFORMATIONAL { } --> */
+ assert_hook_not_called(ike_rekey);
+ assert_message_empty(IN);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, TRUE);
+ status = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, status);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(4);
+ assert_hook();
+ }
+ else
+ { /* if lost, the active rekeying is aborted and the passive completed,
+ * there is nothing to delete */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_num_tasks(a, 0, TASK_QUEUE_PASSIVE);
+ assert_num_tasks(a, 0, TASK_QUEUE_ACTIVE);
+ assert_ike_sa_state(a, IKE_REKEYED);
+ assert_child_sa_count(a, 0);
+ /* the passively created SA is completed */
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(3);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Nr, KEr } --> */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ assert_no_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_num_tasks(b, 0, TASK_QUEUE_PASSIVE);
+ assert_num_tasks(b, 1, TASK_QUEUE_ACTIVE);
+ assert_ike_sa_state(b, IKE_DELETING);
+ assert_child_sa_count(b, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, TRUE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(4);
+ assert_hook();
+ }
/* we don't expect this hook to get called anymore */
assert_hook_not_called(ike_rekey);
/* INFORMATIONAL { D } --> */
assert_single_payload(IN, PLV2_DELETE);
- sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
- status = exchange_test_helper->process_message(exchange_test_helper, sa,
- NULL);
- ck_assert_int_eq(DESTROY_ME, status);
- charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
- assert_ike_sa_count(5);
- /* <-- INFORMATIONAL { D } */
- assert_single_payload(IN, PLV2_DELETE);
- sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
- data[_i].del_b_i == 1);
- status = exchange_test_helper->process_message(exchange_test_helper, sa,
- NULL);
- ck_assert_int_eq(DESTROY_ME, status);
- charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
- assert_ike_sa_count(4);
- /* <-- INFORMATIONAL { } */
- assert_message_empty(IN);
- sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
+ sa = assert_ike_sa_checkout(1, 2, data[_i].del_a_i != 1);
status = exchange_test_helper->process_message(exchange_test_helper, sa,
NULL);
ck_assert_int_eq(DESTROY_ME, status);
charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
assert_ike_sa_count(3);
- /* INFORMATIONAL { } --> */
+ /* <-- INFORMATIONAL { } */
assert_message_empty(IN);
- sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
- data[_i].del_b_i != 1);
+ sa = assert_ike_sa_checkout(1, 2, data[_i].del_a_i == 1);
status = exchange_test_helper->process_message(exchange_test_helper, sa,
NULL);
ck_assert_int_eq(DESTROY_ME, status);
data[_i].del_a_i == 1);
assert_ike_sa_state(sa, IKE_ESTABLISHED);
assert_child_sa_count(sa, 1);
- assert_ike_sa_count(6);
+ assert_ike_sa_count(6);
+ assert_hook();
+
+ /* we don't expect this hook to get called anymore */
+ assert_hook_not_called(ike_rekey);
+
+ /* INFORMATIONAL { D } --> */
+ assert_single_payload(IN, PLV2_DELETE);
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+ s = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(5);
+ /* <-- INFORMATIONAL { } */
+ assert_message_empty(IN);
+ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
+ s = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(4);
+
+ /* <-- INFORMATIONAL { D } (retransmit/delayed) */
+ assert_single_payload(IN, PLV2_DELETE);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE);
+ s = exchange_test_helper->process_message(exchange_test_helper, sa, d);
+ ck_assert_int_eq(DESTROY_ME, s);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(3);
+ /* INFORMATIONAL { } --> */
+ assert_message_empty(IN);
+ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, TRUE);
+ s = exchange_test_helper->process_message(exchange_test_helper, sa,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ assert_ike_sa_count(2);
+ /* ike_rekey */
+ assert_hook();
+ }
+
+ /* ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
+/**
+ * This is like a regular rekey collision, but one CREATE_CHILD_SA response
+ * is delayed:
+ * Peer A Peer B
+ * rekey ----\ /---- rekey
+ * \-----/----> detect collision
+ * detect collision <---------/ /----
+ * -----------/---->
+ * handle KE <---------/------ send additional KE (if won)
+ * ---------/------>
+ * handle rekey <-------/
+ * additional KE ----------------> handle KE (if lost)
+ * <----------------
+ * ... the winner deletes the old SA
+ *
+ * If A wins the collision, this is just a regular collision as B will simply
+ * wait until A receives the response and continues with its IKE_FOLLOWUP_KE
+ * request. So we only look at the cases in which B wins.
+ *
+ * Besides the scenario depicted above, i.e. where the response arrives after
+ * handling B's IKE_FOLLOwUP_KE request, we also test when it arrives after
+ * handling the delete (A assumes that B didn't notice the collision, so it just
+ * completes the passive rekeying and the response will eventually be dropped
+ * because the SA is gone).
+ */
+START_TEST(test_collision_delayed_response_multi_ke)
+{
+ ike_sa_t *a, *b, *sa;
+ message_t *msg;
+ status_t s;
+ bool after_delete = _i >= 2;
+
+ _i %= 2;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &multi_ke_conf);
+
+ /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * IKE_SA):
+ * N1/3 -----\ /----- N2/4
+ * \--/-----> N3/5
+ * N4/6 <-------/ /----- ...
+ * ... -----\
+ * We test this four times, B wins each time (with either of its nonces),
+ * but the response arrives at different times.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[4];
+ /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
+ uint32_t del_a_i, del_a_r;
+ uint32_t del_b_i, del_b_r;
+ /* SPIs of the kept IKE_SA */
+ uint32_t spi_i, spi_r;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ };
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b);
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* delay the CREATE_CHILD_SA response from b to a */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* simplify next steps by checking in original IKE_SAs */
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, a);
+ charon->ike_sa_manager->checkin(charon->ike_sa_manager, b);
+ assert_ike_sa_count(2);
+
+ /* CREATE_CHILD_SA { SA, Nr, KEr, N(ADD_KE) } --> */
+ assert_hook_not_called(ike_rekey);
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_num_tasks(b, 0, TASK_QUEUE_PASSIVE);
+ assert_num_tasks(b, 1, TASK_QUEUE_ACTIVE);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_ike_sa_count(2);
+ assert_hook();
+
+ /* <-- IKE_FOLLOWUP_KE { KEi, N(ADD_KE) } */
+ assert_hook_not_called(ike_rekey);
+ assert_payload(IN, PLV2_KEY_EXCHANGE);
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ /* a waits until it receives the CREATE_CHILD_SA response */
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(2);
+ assert_hook();
+
+ if (!after_delete)
+ { /* a receives the response right after the IKE_FOLLOWUP_KE, the passive
+ * rekeying is completed and the active aborted */
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ exchange_test_helper->process_message(exchange_test_helper, a, msg);
+ assert_num_tasks(a, 0, TASK_QUEUE_PASSIVE);
+ assert_num_tasks(a, 0, TASK_QUEUE_ACTIVE);
+ assert_ike_sa_state(a, IKE_REKEYED);
+ assert_child_sa_count(a, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(3);
+ assert_hook();
+ }
+
+ /* IKE_FOLLOWUP_KE { KEr } --> */
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ assert_payload(IN, PLV2_KEY_EXCHANGE);
+ assert_no_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_DELETING);
+ assert_child_sa_count(b, 0);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, TRUE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(after_delete ? 3 : 4);
+ assert_hook();
+
+ /* <-- INFORMATIONAL { D } */
+ if (after_delete)
+ {
+ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, a,
+ NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, a);
+ sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(3);
assert_hook();
- /* we don't expect this hook to get called anymore */
- assert_hook_not_called(ike_rekey);
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */
+ /* the IKE_SA (a) does not exist anymore */
+ msg->destroy(msg);
- /* INFORMATIONAL { D } --> */
- assert_single_payload(IN, PLV2_DELETE);
- sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
- s = exchange_test_helper->process_message(exchange_test_helper, sa,
- NULL);
- ck_assert_int_eq(DESTROY_ME, s);
- charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
- assert_ike_sa_count(5);
- /* <-- INFORMATIONAL { } */
+ /* INFORMATIONAL { } --> */
+ assert_hook_not_called(ike_rekey);
assert_message_empty(IN);
- sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
- s = exchange_test_helper->process_message(exchange_test_helper, sa,
+ s = exchange_test_helper->process_message(exchange_test_helper, b,
NULL);
ck_assert_int_eq(DESTROY_ME, s);
- charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
- assert_ike_sa_count(4);
-
- /* <-- INFORMATIONAL { D } (retransmit/delayed) */
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, b);
+ assert_ike_sa_count(2);
+ assert_hook();
+ }
+ else
+ {
+ assert_hook_not_called(ike_rekey);
assert_single_payload(IN, PLV2_DELETE);
- sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE);
- s = exchange_test_helper->process_message(exchange_test_helper, sa, d);
+ s = exchange_test_helper->process_message(exchange_test_helper, a,
+ NULL);
ck_assert_int_eq(DESTROY_ME, s);
- charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
- assert_ike_sa_count(3);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, a);
+
/* INFORMATIONAL { } --> */
assert_message_empty(IN);
- sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, TRUE);
- s = exchange_test_helper->process_message(exchange_test_helper, sa,
+ s = exchange_test_helper->process_message(exchange_test_helper, b,
NULL);
ck_assert_int_eq(DESTROY_ME, s);
- charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+ charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, b);
assert_ike_sa_count(2);
/* ike_rekey */
assert_hook();
}
END_TEST
+/**
+ * In this scenario one of the peers does not notice that there is a rekey
+ * collision because the other request is delayed:
+ *
+ * rekey ----\ /---- rekey
+ * \ /
+ * detect collision <-----\---/
+ * -------\-------->
+ * \ /---- send additional KE
+ * \-/----> detect collision
+ * handle KE <---------/ /---- TEMP_FAIL
+ * -----------/---->
+ * <---------/------ delete old SA
+ * delete ---------/------>
+ * rekey done /
+ * sa already gone <------/
+ *
+ * In a variation of this scenario, the TEMP_FAIL notify arrives before
+ * the delete does.
+ */
+START_TEST(test_collision_delayed_request_multi_ke)
+{
+ ike_sa_t *a, *b, *sa;
+ message_t *msg;
+ status_t s;
+ bool after_delete = _i >= 3;
+
+ _i %= 3;
+
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &multi_ke_conf);
+
+ /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+ * CHILD_SA):
+ * N1/3 -----\ /----- N2/4
+ * N3/5 <-----\--/
+ * ... -----\ \-------> ...
+ * We test this three times, each time a different nonce is the lowest.
+ */
+ struct {
+ /* Nonces used at each point */
+ u_char nonces[3];
+ /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
+ uint32_t del_a_i, del_a_r;
+ uint32_t del_b_i, del_b_r;
+ /* SPIs of the kept IKE_SA */
+ uint32_t spi_i, spi_r;
+ } data[] = {
+ { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 },
+ { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 },
+ { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
+ };
+ /* these should never get called as this results in a successful rekeying */
+ assert_hook_not_called(ike_updown);
+ assert_hook_not_called(child_updown);
+
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+ initiate_rekey(a);
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+ initiate_rekey(b);
+
+ /* delay the CREATE_CHILD_SA request from a to b */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+ /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+ exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+ assert_hook_not_called(ike_rekey);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Ni, KEr, N(ADD_KE) } --> */
+ assert_hook_not_called(ike_rekey);
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, msg);
+ assert_ike_sa_state(b, IKE_REKEYING);
+
+ /* <-- IKE_FOLLOWUP_KE { KEi, N(ADD_KE) } */
+ assert_hook_not_called(ike_rekey);
+ assert_payload(IN, PLV2_KEY_EXCHANGE);
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ /* a waits until it receives the CREATE_CHILD_SA response or a delete */
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_child_sa_count(a, 1);
+ assert_ike_sa_count(0);
+ assert_hook();
+
+ /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
+ if (!after_delete)
+ {
+ assert_hook_rekey(ike_rekey, 1, 4);
+ assert_no_jobs_scheduled();
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYED);
+ assert_child_sa_count(a, 0);
+ sa = assert_ike_sa_checkout(4, 5, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(1);
+ assert_scheduler();
+ assert_hook();
+ }
+ else
+ {
+ /* the SA will already be gone later */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+ msg->destroy(msg);
+ }
+
+ /* IKE_FOLLOWUP_KE { KEr } --> */
+ assert_hook_rekey(ike_rekey, 1, 4);
+ assert_payload(IN, PLV2_KEY_EXCHANGE);
+ assert_no_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_DELETING);
+ assert_child_sa_count(b, 0);
+ sa = assert_ike_sa_checkout(4, 5, TRUE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(after_delete ? 1 : 2);
+ assert_hook();
+
+ /* <-- INFORMATIONAL { D } */
+ if (after_delete)
+ {
+ assert_hook_rekey(ike_rekey, 1, 4);
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+ sa = assert_ike_sa_checkout(4, 5, FALSE);
+ assert_ike_sa_state(sa, IKE_ESTABLISHED);
+ assert_child_sa_count(sa, 1);
+ assert_ike_sa_count(2);
+ assert_hook();
+ }
+ else
+ {
+ assert_hook_not_called(ike_rekey);
+ assert_single_payload(IN, PLV2_DELETE);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+ assert_hook();
+ }
+
+ /* INFORMATIONAL { } --> */
+ assert_hook_not_called(ike_rekey);
+ assert_message_empty(IN);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ assert_hook();
+
+ /* ike_updown/child_updown */
+ assert_hook();
+ assert_hook();
+
+ charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
/**
* One of the hosts initiates a DELETE of the IKE_SA the other peer is
* concurrently trying to rekey.
}
END_TEST
+/**
+ * One of the hosts initiates a DELETE of the IKE_SA the other peer is
+ * concurrently attempting to rekey with multiple key exchanges.
+ *
+ * rekey ---------------->
+ * <----------------
+ * additional ke ----\ /---- delete
+ * \-----/----> detect collision
+ * detect collision <---------/ /---- TEMP_FAIL
+ * delete -----------/---->
+ * sa already gone <---------/
+ */
+START_TEST(test_collision_delete_multi_ke)
+{
+ ike_sa_t *a, *b;
+ message_t *msg;
+ status_t s;
+
+ if (_i)
+ { /* responder rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &b, &a, &multi_ke_conf);
+ }
+ else
+ { /* initiator rekeys the IKE_SA */
+ exchange_test_helper->establish_sa(exchange_test_helper,
+ &a, &b, &multi_ke_conf);
+ }
+ /* this should never get called as this does not result in a successful
+ * rekeying on either side */
+ assert_hook_not_called(ike_rekey);
+
+ initiate_rekey(a);
+
+ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_REKEYING);
+ assert_child_sa_count(b, 1);
+ assert_ike_sa_count(0);
+
+ /* <-- CREATE_CHILD_SA { SA, Nr, KEr, N(ADD_KE) } */
+ assert_notify(IN, ADDITIONAL_KEY_EXCHANGE);
+ exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ assert_ike_sa_state(a, IKE_REKEYING);
+ assert_ike_sa_count(0);
+
+ call_ikesa(b, delete, FALSE);
+ assert_ike_sa_state(b, IKE_DELETING);
+
+ /* IKE_FOLLOWUP_KE { KEi, N(ADD_KE) } --> */
+ assert_single_notify(OUT, TEMPORARY_FAILURE);
+ exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ assert_ike_sa_state(b, IKE_DELETING);
+ assert_ike_sa_count(0);
+
+ /* <-- INFORMATIONAL { D } */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ assert_single_payload(IN, PLV2_DELETE);
+ assert_message_empty(OUT);
+ s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(a, destroy);
+ assert_hook();
+ assert_hook();
+
+ /* <-- IKE_FOLLOWUP_KE { N(TEMP_FAIL) } */
+ /* the SA is already gone */
+ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+ msg->destroy(msg);
+
+ /* INFORMATIONAL { } --> */
+ assert_hook_updown(ike_updown, FALSE);
+ assert_hook_updown(child_updown, FALSE);
+ s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+ ck_assert_int_eq(DESTROY_ME, s);
+ call_ikesa(b, destroy);
+ assert_hook();
+ assert_hook();
+
+ /* ike_rekey */
+ assert_hook();
+}
+END_TEST
+
/**
* One of the hosts initiates a DELETE of the IKE_SA the other peer is
* concurrently trying to rekey. However, the delete request is delayed or
tc = tcase_create("regular");
tcase_add_loop_test(tc, test_regular, 0, 2);
+ tcase_add_loop_test(tc, test_regular_multi_ke, 0, 2);
tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2);
+ tcase_add_loop_test(tc, test_regular_ke_invalid_multi_ke, 0, 2);
suite_add_tcase(s, tc);
tc = tcase_create("collisions rekey");
tcase_add_loop_test(tc, test_collision, 0, 4);
+ tcase_add_loop_test(tc, test_collision_multi_ke, 0, 4);
+ tcase_add_loop_test(tc, test_collision_mixed, 0, 4);
tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4);
tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3);
tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4);
+ tcase_add_loop_test(tc, test_collision_delayed_response_multi_ke, 0, 4);
tcase_add_loop_test(tc, test_collision_dropped_request, 0, 3);
tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3);
tcase_add_loop_test(tc, test_collision_delayed_request_and_delete, 0, 3);
+ tcase_add_loop_test(tc, test_collision_delayed_request_multi_ke, 0, 6);
suite_add_tcase(s, tc);
tc = tcase_create("collisions delete");
tcase_add_loop_test(tc, test_collision_delete, 0, 2);
+ tcase_add_loop_test(tc, test_collision_delete_multi_ke, 0, 2);
tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2);
suite_add_tcase(s, tc);
projects / thirdparty / strongswan.git / commitdiff
