child-delete: Delay the removal of the inbound SA of rekeyed CHILD_SAs
[strongswan.git] / src / libcharon / tests / suites / test_child_rekey.c
1 /*
2 * Copyright (C) 2016-2017 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <daemon.h>
19 #include <tests/utils/exchange_test_helper.h>
20 #include <tests/utils/exchange_test_asserts.h>
21 #include <tests/utils/job_asserts.h>
22 #include <tests/utils/sa_asserts.h>
23
24 /**
25 * Initiate rekeying the CHILD_SA with the given SPI on the given IKE_SA.
26 */
27 #define initiate_rekey(sa, spi) ({ \
28 assert_hook_not_called(child_updown); \
29 assert_hook_not_called(child_rekey); \
30 call_ikesa(sa, rekey_child_sa, PROTO_ESP, spi); \
31 assert_child_sa_state(sa, spi, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); \
32 assert_hook(); \
33 assert_hook(); \
34 })
35
36 /**
37 * Destroy a rekeyed CHILD_SA that was kept around to accept inbound traffic.
38 * Simulates the job that's scheduled to do this.
39 */
40 #define destroy_rekeyed(sa, spi) ({ \
41 assert_hook_not_called(child_updown); \
42 assert_hook_not_called(child_rekey); \
43 assert_no_jobs_scheduled(); \
44 assert_child_sa_state(sa, spi, CHILD_DELETING, CHILD_OUTBOUND_NONE); \
45 call_ikesa(sa, delete_child_sa, PROTO_ESP, spi, FALSE); \
46 assert_child_sa_not_exists(sa, spi); \
47 assert_scheduler(); \
48 assert_hook(); \
49 assert_hook(); \
50 })
51
52 /**
53 * Regular CHILD_SA rekey either initiated by the original initiator or
54 * responder of the IKE_SA.
55 */
56 START_TEST(test_regular)
57 {
58 ike_sa_t *a, *b;
59 uint32_t spi_a = _i+1, spi_b = 2-_i;
60
61 if (_i)
62 { /* responder rekeys the CHILD_SA (SPI 2) */
63 exchange_test_helper->establish_sa(exchange_test_helper,
64 &b, &a, NULL);
65 }
66 else
67 { /* initiator rekeys the CHILD_SA (SPI 1) */
68 exchange_test_helper->establish_sa(exchange_test_helper,
69 &a, &b, NULL);
70 }
71 initiate_rekey(a, spi_a);
72
73 /* this should never get called as this results in a successful rekeying */
74 assert_hook_not_called(child_updown);
75
76 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
77 assert_hook_called(child_rekey);
78 assert_notify(IN, REKEY_SA);
79 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
80 assert_child_sa_state(b, spi_b, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
81 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
82 assert_hook();
83
84 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
85 assert_hook_called(child_rekey);
86 assert_no_notify(IN, REKEY_SA);
87 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
88 assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
89 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
90 assert_hook();
91
92 /* INFORMATIONAL { D } --> */
93 assert_hook_not_called(child_rekey);
94 assert_jobs_scheduled(1);
95 assert_single_payload(IN, PLV2_DELETE);
96 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
97 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE);
98 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
99 assert_child_sa_count(b, 2);
100 assert_scheduler();
101 assert_hook();
102 /* <-- INFORMATIONAL { D } */
103 assert_hook_not_called(child_rekey);
104 assert_jobs_scheduled(1);
105 assert_single_payload(IN, PLV2_DELETE);
106 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
107 assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE);
108 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
109 assert_child_sa_count(a, 2);
110 assert_scheduler();
111 assert_hook();
112
113 /* simulate the execution of the scheduled jobs */
114 destroy_rekeyed(a, spi_a);
115 assert_child_sa_count(a, 1);
116 destroy_rekeyed(b, spi_b);
117 assert_child_sa_count(b, 1);
118
119 /* child_updown */
120 assert_hook();
121
122 call_ikesa(a, destroy);
123 call_ikesa(b, destroy);
124 }
125 END_TEST
126
127 /**
128 * CHILD_SA rekey where the responder does not agree with the DH group selected
129 * by the initiator, either initiated by the original initiator or responder of
130 * the IKE_SA.
131 */
132 START_TEST(test_regular_ke_invalid)
133 {
134 exchange_test_sa_conf_t conf = {
135 .initiator = {
136 .esp = "aes128-sha256-modp2048-modp3072",
137 },
138 .responder = {
139 .esp = "aes128-sha256-modp3072-modp2048",
140 },
141 };
142 ike_sa_t *a, *b;
143 uint32_t spi_a = _i+1, spi_b = 2-_i;
144
145 if (_i)
146 { /* responder rekeys the CHILD_SA (SPI 2) */
147 exchange_test_helper->establish_sa(exchange_test_helper,
148 &b, &a, &conf);
149 }
150 else
151 { /* initiator rekeys the CHILD_SA (SPI 1) */
152 exchange_test_helper->establish_sa(exchange_test_helper,
153 &a, &b, &conf);
154 }
155 initiate_rekey(a, spi_a);
156
157 /* this should never get called as this results in a successful rekeying */
158 assert_hook_not_called(child_updown);
159
160 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
161 assert_hook_not_called(child_rekey);
162 assert_notify(IN, REKEY_SA);
163 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
164 assert_child_sa_state(b, spi_b, CHILD_INSTALLED);
165 assert_child_sa_count(b, 1);
166 assert_hook();
167
168 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
169 assert_hook_not_called(child_rekey);
170 assert_single_notify(IN, INVALID_KE_PAYLOAD);
171 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
172 assert_child_sa_state(a, spi_a, CHILD_REKEYING);
173 assert_child_sa_count(a, 1);
174 assert_hook();
175
176 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
177 assert_hook_called(child_rekey);
178 assert_notify(IN, REKEY_SA);
179 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
180 assert_child_sa_state(b, spi_b, CHILD_REKEYED);
181 assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
182 assert_hook();
183
184 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
185 assert_hook_called(child_rekey);
186 assert_no_notify(IN, REKEY_SA);
187 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
188 assert_child_sa_state(a, spi_a, CHILD_DELETING);
189 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
190 assert_hook();
191
192 /* INFORMATIONAL { D } --> */
193 assert_hook_not_called(child_rekey);
194 assert_single_payload(IN, PLV2_DELETE);
195 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
196 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE);
197 assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
198 assert_child_sa_count(b, 2);
199 assert_hook();
200 /* <-- INFORMATIONAL { D } */
201 assert_hook_not_called(child_rekey);
202 assert_single_payload(IN, PLV2_DELETE);
203 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
204 assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE);
205 assert_child_sa_state(a, 5, CHILD_INSTALLED);
206 assert_child_sa_count(a, 2);
207 assert_hook();
208
209 /* simulate the execution of the scheduled jobs */
210 destroy_rekeyed(a, spi_a);
211 assert_child_sa_count(a, 1);
212 destroy_rekeyed(b, spi_b);
213 assert_child_sa_count(b, 1);
214
215 /* child_updown */
216 assert_hook();
217
218 call_ikesa(a, destroy);
219 call_ikesa(b, destroy);
220 }
221 END_TEST
222
223 /**
224 * Check that the responder ignores soft expires while waiting for the delete
225 * after a rekeying.
226 */
227 START_TEST(test_regular_responder_ignore_soft_expire)
228 {
229 ike_sa_t *a, *b;
230
231 exchange_test_helper->establish_sa(exchange_test_helper,
232 &a, &b, NULL);
233 initiate_rekey(a, 1);
234
235 /* this should never get called as this results in a successful rekeying */
236 assert_hook_not_called(child_updown);
237
238 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
239 assert_hook_called(child_rekey);
240 assert_notify(IN, REKEY_SA);
241 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
242 assert_child_sa_state(b, 2, CHILD_REKEYED);
243 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
244 assert_hook();
245
246 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
247 assert_hook_called(child_rekey);
248 assert_no_notify(IN, REKEY_SA);
249 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
250 assert_child_sa_state(a, 1, CHILD_DELETING);
251 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
252 assert_hook();
253
254 /* we don't expect this to get called anymore */
255 assert_hook_not_called(child_rekey);
256 /* this should not produce a message, if it does there won't be a delete
257 * payload below */
258 call_ikesa(b, rekey_child_sa, PROTO_ESP, 2);
259 assert_child_sa_state(b, 2, CHILD_REKEYED);
260
261 /* INFORMATIONAL { D } --> */
262 assert_jobs_scheduled(1);
263 assert_single_payload(IN, PLV2_DELETE);
264 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
265 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
266 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
267 assert_child_sa_count(b, 2);
268 assert_scheduler();
269 /* <-- INFORMATIONAL { D } */
270 assert_jobs_scheduled(1);
271 assert_single_payload(IN, PLV2_DELETE);
272 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
273 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
274 assert_child_sa_state(a, 3, CHILD_INSTALLED);
275 assert_child_sa_count(a, 2);
276 assert_scheduler();
277
278 /* simulate the execution of the scheduled jobs */
279 destroy_rekeyed(a, 1);
280 assert_child_sa_count(a, 1);
281 destroy_rekeyed(b, 2);
282 assert_child_sa_count(b, 1);
283
284 /* child_rekey/child_updown */
285 assert_hook();
286 assert_hook();
287
288 call_ikesa(a, destroy);
289 call_ikesa(b, destroy);
290 }
291 END_TEST
292
293 /**
294 * Check that the responder handles hard expires properly while waiting for the
295 * delete after a rekeying (e.g. if the initiator of the rekeying fails to
296 * delete the CHILD_SA for some reason).
297 */
298 START_TEST(test_regular_responder_handle_hard_expire)
299 {
300 ike_sa_t *a, *b;
301
302 exchange_test_helper->establish_sa(exchange_test_helper,
303 &a, &b, NULL);
304 initiate_rekey(a, 1);
305
306 /* this should never get called as this results in a successful rekeying */
307 assert_hook_not_called(child_updown);
308
309 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
310 assert_hook_called(child_rekey);
311 assert_notify(IN, REKEY_SA);
312 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
313 assert_child_sa_state(b, 2, CHILD_REKEYED);
314 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
315 assert_hook();
316
317 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
318 assert_hook_called(child_rekey);
319 assert_no_notify(IN, REKEY_SA);
320 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
321 assert_child_sa_state(a, 1, CHILD_DELETING);
322 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
323 assert_hook();
324
325 /* we don't expect this to get called anymore */
326 assert_hook_not_called(child_rekey);
327 /* this is similar to a regular delete collision */
328 assert_single_payload(OUT, PLV2_DELETE);
329 call_ikesa(b, delete_child_sa, PROTO_ESP, 2, TRUE);
330 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
331 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
332
333 /* INFORMATIONAL { D } --> */
334 assert_single_payload(IN, PLV2_DELETE);
335 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
336 assert_child_sa_state(a, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
337 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
338 /* <-- INFORMATIONAL { D } */
339 assert_single_payload(IN, PLV2_DELETE);
340 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
341 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
342 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
343 /* <-- INFORMATIONAL { } */
344 assert_jobs_scheduled(1);
345 assert_message_empty(IN);
346 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
347 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
348 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
349 assert_child_sa_count(a, 2);
350 assert_scheduler();
351 /* INFORMATIONAL { } --> */
352 assert_jobs_scheduled(1);
353 assert_message_empty(IN);
354 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
355 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
356 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
357 assert_child_sa_count(b, 2);
358 assert_scheduler();
359
360 /* simulate the execution of the scheduled jobs */
361 destroy_rekeyed(a, 1);
362 assert_child_sa_count(a, 1);
363 destroy_rekeyed(b, 2);
364 assert_child_sa_count(b, 1);
365
366 /* child_rekey/child_updown */
367 assert_hook();
368 assert_hook();
369
370 call_ikesa(a, destroy);
371 call_ikesa(b, destroy);
372 }
373 END_TEST
374
375 /**
376 * Both peers initiate the CHILD_SA reekying concurrently and should handle
377 * the collision properly depending on the nonces.
378 */
379 START_TEST(test_collision)
380 {
381 ike_sa_t *a, *b;
382
383 exchange_test_helper->establish_sa(exchange_test_helper,
384 &a, &b, NULL);
385
386 /* When rekeyings collide we get two CHILD_SAs with a total of four nonces.
387 * The CHILD_SA with the lowest nonce SHOULD be deleted by the peer that
388 * created that CHILD_SA. The replaced CHILD_SA is deleted by the peer that
389 * initiated the surviving SA.
390 * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
391 * CHILD_SA):
392 * N1/3 -----\ /----- N2/4
393 * \--/-----> N3/5
394 * N4/6 <-------/ /----- ...
395 * ... -----\
396 * We test this four times, each time a different nonce is the lowest.
397 */
398 struct {
399 /* Nonces used at each point */
400 u_char nonces[4];
401 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
402 uint32_t spi_del_a, spi_del_b;
403 /* SPIs of the kept CHILD_SA */
404 uint32_t spi_a, spi_b;
405 } data[] = {
406 { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
407 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
408 { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
409 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
410 };
411
412 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
413 initiate_rekey(a, 1);
414 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
415 initiate_rekey(b, 2);
416
417 /* this should never get called as this results in a successful rekeying */
418 assert_hook_not_called(child_updown);
419
420 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
421 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
422 assert_hook_rekey(child_rekey, 2, 5);
423 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
424 assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
425 assert_child_sa_state(b, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
426 assert_hook();
427 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
428 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
429 assert_hook_rekey(child_rekey, 1, 6);
430 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
431 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
432 assert_child_sa_state(a, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
433 assert_hook();
434
435 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
436 if (data[_i].spi_del_a == 1)
437 { /* currently we call this again if we keep our own replacement as we
438 * already called it above */
439 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
440 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
441 assert_hook();
442 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
443 CHILD_OUTBOUND_REGISTERED);
444 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
445 CHILD_OUTBOUND_INSTALLED);
446 }
447 else
448 {
449 assert_hook_not_called(child_rekey);
450 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
451 assert_hook();
452 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
453 CHILD_OUTBOUND_INSTALLED);
454 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
455 CHILD_OUTBOUND_REGISTERED);
456 }
457 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
458 CHILD_OUTBOUND_INSTALLED);
459 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
460 if (data[_i].spi_del_b == 2)
461 {
462 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
463 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
464 assert_hook();
465 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
466 CHILD_OUTBOUND_REGISTERED);
467 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
468 CHILD_OUTBOUND_INSTALLED);
469 }
470 else
471 {
472 assert_hook_not_called(child_rekey);
473 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
474 assert_hook();
475 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
476 CHILD_OUTBOUND_INSTALLED);
477 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
478 CHILD_OUTBOUND_REGISTERED);
479 }
480 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
481 CHILD_OUTBOUND_INSTALLED);
482
483 /* we don't expect this hook to get called anymore */
484 assert_hook_not_called(child_rekey);
485 /* INFORMATIONAL { D } --> */
486 assert_jobs_scheduled(1);
487 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
488 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
489 CHILD_OUTBOUND_INSTALLED);
490 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
491 CHILD_OUTBOUND_NONE);
492 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
493 CHILD_OUTBOUND_INSTALLED);
494 assert_child_sa_count(b, 3);
495 assert_scheduler();
496 /* <-- INFORMATIONAL { D } */
497 assert_jobs_scheduled(1);
498 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
499 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
500 CHILD_OUTBOUND_INSTALLED);
501 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
502 CHILD_OUTBOUND_NONE);
503 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
504 CHILD_OUTBOUND_INSTALLED);
505 assert_child_sa_count(a, 3);
506 assert_scheduler();
507 /* <-- INFORMATIONAL { D } */
508 assert_jobs_scheduled(1);
509 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
510 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
511 CHILD_OUTBOUND_NONE);
512 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
513 CHILD_OUTBOUND_NONE);
514 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
515 CHILD_OUTBOUND_INSTALLED);
516 assert_child_sa_count(a, 3);
517 assert_scheduler();
518 /* INFORMATIONAL { D } --> */
519 assert_jobs_scheduled(1);
520 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
521 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
522 CHILD_OUTBOUND_NONE);
523 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
524 CHILD_OUTBOUND_NONE);
525 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
526 CHILD_OUTBOUND_INSTALLED);
527 assert_child_sa_count(b, 3);
528 assert_scheduler();
529
530 /* simulate the execution of the scheduled jobs */
531 destroy_rekeyed(a, data[_i].spi_del_a);
532 destroy_rekeyed(a, data[_i].spi_del_b);
533 assert_child_sa_count(a, 1);
534 destroy_rekeyed(b, data[_i].spi_del_a);
535 destroy_rekeyed(b, data[_i].spi_del_b);
536 assert_child_sa_count(b, 1);
537
538 /* child_rekey/child_updown */
539 assert_hook();
540 assert_hook();
541
542 call_ikesa(a, destroy);
543 call_ikesa(b, destroy);
544 }
545 END_TEST
546
547 /**
548 * This is like the rekey collision above, but one peer deletes the
549 * redundant/old SA before the other peer receives the CREATE_CHILD_SA
550 * response:
551 *
552 * rekey ----\ /---- rekey
553 * \-----/----> detect collision
554 * detect collision <---------/ /----
555 * ----\ /
556 * \----/----->
557 * handle delete <--------/------- delete SA
558 * --------/------->
559 * handle rekey <------/
560 * delete SA ---------------->
561 * <----------------
562 */
563 START_TEST(test_collision_delayed_response)
564 {
565 ike_sa_t *a, *b;
566 message_t *msg;
567
568 exchange_test_helper->establish_sa(exchange_test_helper,
569 &a, &b, NULL);
570
571 /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
572 * CHILD_SA):
573 * N1/3 -----\ /----- N2/4
574 * \--/-----> N3/5
575 * N4/6 <-------/ /----- ...
576 * ... -----\
577 * We test this four times, each time a different nonce is the lowest.
578 */
579 struct {
580 /* Nonces used at each point */
581 u_char nonces[4];
582 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
583 uint32_t spi_del_a, spi_del_b;
584 /* SPIs of the kept CHILD_SA */
585 uint32_t spi_a, spi_b;
586 } data[] = {
587 { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
588 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
589 { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
590 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
591 };
592
593 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
594 initiate_rekey(a, 1);
595 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
596 initiate_rekey(b, 2);
597
598 /* this should never get called as this results in a successful rekeying */
599 assert_hook_not_called(child_updown);
600
601 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
602 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
603 assert_hook_rekey(child_rekey, 2, 5);
604 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
605 assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
606 assert_child_sa_state(b, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
607 assert_hook();
608 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
609 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
610 assert_hook_rekey(child_rekey, 1, 6);
611 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
612 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
613 assert_child_sa_state(a, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
614 assert_hook();
615
616 /* delay the CREATE_CHILD_SA response from b to a */
617 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
618
619 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
620 if (data[_i].spi_del_b == 2)
621 {
622 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
623 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
624 assert_hook();
625 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
626 CHILD_OUTBOUND_REGISTERED);
627 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
628 CHILD_OUTBOUND_INSTALLED);
629 }
630 else
631 {
632 assert_hook_not_called(child_rekey);
633 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
634 assert_hook();
635 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
636 CHILD_OUTBOUND_INSTALLED);
637 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
638 CHILD_OUTBOUND_REGISTERED);
639 }
640 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
641 CHILD_OUTBOUND_INSTALLED);
642
643 /* <-- INFORMATIONAL { D } */
644 assert_hook_not_called(child_rekey);
645 assert_jobs_scheduled(1);
646 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
647 if (data[_i].spi_del_b == 2)
648 {
649 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
650 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
651 CHILD_OUTBOUND_INSTALLED);
652 assert_child_sa_count(a, 2);
653 }
654 else
655 {
656 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
657 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
658 CHILD_OUTBOUND_NONE);
659 assert_child_sa_count(a, 2);
660 }
661 assert_scheduler();
662 /* INFORMATIONAL { D } --> */
663 assert_jobs_scheduled(1);
664 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
665 if (data[_i].spi_del_b == 2)
666 {
667 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
668 CHILD_OUTBOUND_REGISTERED);
669 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
670 CHILD_OUTBOUND_INSTALLED);
671 }
672 else
673 {
674 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
675 CHILD_OUTBOUND_INSTALLED);
676 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
677 CHILD_OUTBOUND_REGISTERED);
678 }
679 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
680 CHILD_OUTBOUND_NONE);
681 assert_child_sa_count(b, 3);
682 assert_scheduler();
683 assert_hook();
684
685 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } (delayed) */
686 if (data[_i].spi_del_a == 1)
687 {
688 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
689 exchange_test_helper->process_message(exchange_test_helper, a, msg);
690 assert_hook();
691 }
692 else
693 {
694 assert_hook_not_called(child_rekey);
695 exchange_test_helper->process_message(exchange_test_helper, a, msg);
696 assert_hook();
697 }
698 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
699 CHILD_OUTBOUND_INSTALLED);
700 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
701 CHILD_OUTBOUND_NONE);
702 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
703 CHILD_OUTBOUND_INSTALLED);
704 assert_child_sa_count(a, 3);
705
706 /* we don't expect this hook to get called anymore */
707 assert_hook_not_called(child_rekey);
708 /* INFORMATIONAL { D } --> */
709 assert_jobs_scheduled(1);
710 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
711 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
712 CHILD_OUTBOUND_NONE);
713 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
714 CHILD_OUTBOUND_NONE);
715 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
716 CHILD_OUTBOUND_INSTALLED);
717 assert_child_sa_count(b, 3);
718 assert_scheduler();
719 /* <-- INFORMATIONAL { D } */
720 assert_jobs_scheduled(1);
721 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
722 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
723 CHILD_OUTBOUND_NONE);
724 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
725 CHILD_OUTBOUND_NONE);
726 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
727 CHILD_OUTBOUND_INSTALLED);
728 assert_child_sa_count(a, 3);
729 assert_scheduler();
730
731 /* simulate the execution of the scheduled jobs */
732 destroy_rekeyed(a, data[_i].spi_del_a);
733 destroy_rekeyed(a, data[_i].spi_del_b);
734 assert_child_sa_count(a, 1);
735 destroy_rekeyed(b, data[_i].spi_del_a);
736 destroy_rekeyed(b, data[_i].spi_del_b);
737 assert_child_sa_count(b, 1);
738
739 /* child_rekey/child_updown */
740 assert_hook();
741 assert_hook();
742
743 call_ikesa(a, destroy);
744 call_ikesa(b, destroy);
745 }
746 END_TEST
747
748 /**
749 * In this scenario one of the peers does not notice that there is a
750 * rekey collision:
751 *
752 * rekey ----\ /---- rekey
753 * \ /
754 * detect collision <-----\---/
755 * -------\-------->
756 * \ /---- delete old SA
757 * \-/----> detect collision
758 * detect collision <---------/ /---- TEMP_FAIL
759 * delete -----------/---->
760 * aborts rekeying <---------/
761 */
762 START_TEST(test_collision_delayed_request)
763 {
764 ike_sa_t *a, *b;
765 message_t *msg;
766
767 exchange_test_helper->establish_sa(exchange_test_helper,
768 &a, &b, NULL);
769
770 /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
771 * CHILD_SA):
772 * N1/3 -----\ /----- N2/4
773 * N3/5 <-----\--/
774 * ... -----\ \-------> ...
775 * We test this three times, each time a different nonce is the lowest.
776 */
777 struct {
778 /* Nonces used at each point */
779 u_char nonces[3];
780 } data[] = {
781 { { 0x00, 0xFF, 0xFF } },
782 { { 0xFF, 0x00, 0xFF } },
783 { { 0xFF, 0xFF, 0x00 } },
784 };
785
786 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
787 initiate_rekey(a, 1);
788 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
789 initiate_rekey(b, 2);
790
791 /* delay the CREATE_CHILD_SA request from a to b */
792 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
793
794 /* this should never get called as this results in a successful rekeying */
795 assert_hook_not_called(child_updown);
796
797 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
798 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
799 assert_hook_rekey(child_rekey, 1, 5);
800 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
801 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
802 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
803 assert_hook();
804 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
805 assert_hook_rekey(child_rekey, 2, 4);
806 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
807 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
808 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
809 assert_hook();
810
811 /* we don't expect this hook to get called anymore */
812 assert_hook_not_called(child_rekey);
813
814 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
815 assert_single_notify(OUT, TEMPORARY_FAILURE);
816 exchange_test_helper->process_message(exchange_test_helper, b, msg);
817 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
818 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
819
820 /* <-- INFORMATIONAL { D } */
821 assert_jobs_scheduled(1);
822 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
823 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
824 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
825 assert_child_sa_count(a, 2);
826 assert_scheduler();
827
828 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
829 assert_no_jobs_scheduled();
830 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
831 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
832 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
833 assert_child_sa_count(a, 2);
834 assert_scheduler();
835
836 /* INFORMATIONAL { D } --> */
837 assert_jobs_scheduled(1);
838 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
839 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
840 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
841 assert_child_sa_count(b, 2);
842 assert_scheduler();
843
844 /* simulate the execution of the scheduled jobs */
845 destroy_rekeyed(a, 1);
846 assert_child_sa_count(a, 1);
847 destroy_rekeyed(b, 2);
848 assert_child_sa_count(b, 1);
849
850 /* child_rekey/child_updown */
851 assert_hook();
852 assert_hook();
853
854 assert_sa_idle(a);
855 assert_sa_idle(b);
856
857 call_ikesa(a, destroy);
858 call_ikesa(b, destroy);
859 }
860 END_TEST
861
862 /**
863 * Similar to above one peer fails to notice the collision but the
864 * CREATE_CHILD_SA request is even more delayed:
865 *
866 * rekey ----\ /---- rekey
867 * \ /
868 * detect collision <-----\---/
869 * -------\-------->
870 * detect collision <-------\-------- delete old SA
871 * delete ---------\------>
872 * \----->
873 * /---- CHILD_SA_NOT_FOUND
874 * aborts rekeying <----------/
875 */
876 START_TEST(test_collision_delayed_request_more)
877 {
878 ike_sa_t *a, *b;
879 message_t *msg;
880
881 exchange_test_helper->establish_sa(exchange_test_helper,
882 &a, &b, NULL);
883
884 /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
885 * CHILD_SA):
886 * N1/3 -----\ /----- N2/4
887 * N3/5 <-----\--/
888 * ... -----\ \-------> ...
889 * We test this three times, each time a different nonce is the lowest.
890 */
891 struct {
892 /* Nonces used at each point */
893 u_char nonces[3];
894 } data[] = {
895 { { 0x00, 0xFF, 0xFF } },
896 { { 0xFF, 0x00, 0xFF } },
897 { { 0xFF, 0xFF, 0x00 } },
898 };
899
900 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
901 initiate_rekey(a, 1);
902 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
903 initiate_rekey(b, 2);
904
905 /* delay the CREATE_CHILD_SA request from a to b */
906 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
907
908 /* this should never get called as this results in a successful rekeying */
909 assert_hook_not_called(child_updown);
910
911 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
912 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
913 assert_hook_rekey(child_rekey, 1, 5);
914 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
915 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
916 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
917 assert_hook();
918 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
919 assert_hook_rekey(child_rekey, 2, 4);
920 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
921 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
922 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
923 assert_hook();
924
925 /* we don't expect this hook to get called anymore */
926 assert_hook_not_called(child_rekey);
927
928 /* <-- INFORMATIONAL { D } */
929 assert_jobs_scheduled(1);
930 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
931 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
932 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
933 assert_child_sa_count(a, 2);
934 assert_scheduler();
935 /* INFORMATIONAL { D } --> */
936 assert_jobs_scheduled(1);
937 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
938 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
939 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
940 assert_child_sa_count(b, 2);
941 assert_scheduler();
942
943 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
944 assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
945 exchange_test_helper->process_message(exchange_test_helper, b, msg);
946 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
947 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
948 assert_child_sa_count(b, 2);
949 /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
950 assert_no_jobs_scheduled();
951 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
952 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
953 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
954 assert_child_sa_count(a, 2);
955 assert_scheduler();
956
957 /* simulate the execution of the scheduled jobs */
958 destroy_rekeyed(a, 1);
959 assert_child_sa_count(a, 1);
960 destroy_rekeyed(b, 2);
961 assert_child_sa_count(b, 1);
962
963 /* child_rekey/child_updown */
964 assert_hook();
965 assert_hook();
966
967 assert_sa_idle(a);
968 assert_sa_idle(b);
969
970 call_ikesa(a, destroy);
971 call_ikesa(b, destroy);
972 }
973 END_TEST
974
975 /**
976 * Both peers initiate the CHILD_SA reekying concurrently but the proposed DH
977 * groups are not the same after handling the INVALID_KE_PAYLOAD they should
978 * still handle the collision properly depending on the nonces.
979 */
980 START_TEST(test_collision_ke_invalid)
981 {
982 exchange_test_sa_conf_t conf = {
983 .initiator = {
984 .esp = "aes128-sha256-modp2048-modp3072",
985 },
986 .responder = {
987 .esp = "aes128-sha256-modp3072-modp2048",
988 },
989 };
990 ike_sa_t *a, *b;
991
992 exchange_test_helper->establish_sa(exchange_test_helper,
993 &a, &b, &conf);
994
995 /* Eight nonces and SPIs are needed (SPI 1 and 2 are used for the initial
996 * CHILD_SA):
997 * N1/3 -----\ /----- N2/4
998 * \--/-----> N3/5
999 * N4/6 <-------/ /---- INVAL_KE
1000 * INVAL_KE -----\ /
1001 * <-----\--/
1002 * N5/7 -----\ \------->
1003 * \ /---- N6/8
1004 * \--/----> N7/9
1005 * N8/10 <--------/ /---- ...
1006 * ... ------\
1007 *
1008 * We test this four times, each time a different nonce is the lowest.
1009 */
1010 struct {
1011 /* Nonces used at each point */
1012 u_char nonces[4];
1013 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
1014 uint32_t spi_del_a, spi_del_b;
1015 /* SPIs of the kept CHILD_SA */
1016 uint32_t spi_a, spi_b;
1017 } data[] = {
1018 { { 0x00, 0xFF, 0xFF, 0xFF }, 7, 2,10, 8 },
1019 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 8, 7, 9 },
1020 { { 0xFF, 0xFF, 0x00, 0xFF }, 7, 2,10, 8 },
1021 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 8, 7, 9 },
1022 };
1023
1024 /* make sure the nonces of the first try don't affect the retries */
1025 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1026 initiate_rekey(a, 1);
1027 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1028 initiate_rekey(b, 2);
1029
1030 /* this should never get called as this results in a successful rekeying */
1031 assert_hook_not_called(child_updown);
1032
1033 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1034 assert_hook_not_called(child_rekey);
1035 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1036 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1037 assert_child_sa_count(b, 1);
1038 assert_hook();
1039 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1040 assert_hook_not_called(child_rekey);
1041 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1042 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1043 assert_child_sa_count(a, 1);
1044 assert_hook();
1045
1046 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
1047 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1048 assert_hook_not_called(child_rekey);
1049 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1050 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1051 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1052 assert_child_sa_count(a, 1);
1053 assert_hook();
1054 /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
1055 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1056 assert_hook_not_called(child_rekey);
1057 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1058 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1059 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1060 assert_child_sa_count(b, 1);
1061 assert_hook();
1062
1063 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1064 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1065 assert_hook_rekey(child_rekey, 2, 9);
1066 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1067 assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1068 assert_child_sa_state(b, 9, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1069 assert_hook();
1070 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1071 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
1072 assert_hook_rekey(child_rekey, 1, 10);
1073 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1074 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1075 assert_child_sa_state(a,10, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1076 assert_hook();
1077
1078 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
1079 if (data[_i].spi_del_a == 1)
1080 { /* currently we call this again if we keep our own replacement as we
1081 * already called it above */
1082 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
1083 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1084 assert_hook();
1085 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
1086 CHILD_OUTBOUND_REGISTERED);
1087 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1088 CHILD_OUTBOUND_INSTALLED);
1089 }
1090 else
1091 {
1092 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1093 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
1094 CHILD_OUTBOUND_INSTALLED);
1095 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1096 CHILD_OUTBOUND_REGISTERED);
1097 }
1098 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
1099 CHILD_OUTBOUND_INSTALLED);
1100 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
1101 if (data[_i].spi_del_b == 2)
1102 {
1103 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
1104 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1105 assert_hook();
1106 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
1107 CHILD_OUTBOUND_REGISTERED);
1108 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1109 CHILD_OUTBOUND_INSTALLED);
1110 }
1111 else
1112 {
1113 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1114 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
1115 CHILD_OUTBOUND_INSTALLED);
1116 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1117 CHILD_OUTBOUND_REGISTERED);
1118 }
1119 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
1120 CHILD_OUTBOUND_INSTALLED);
1121
1122 /* we don't expect this hook to get called anymore */
1123 assert_hook_not_called(child_rekey);
1124 /* INFORMATIONAL { D } --> */
1125 assert_jobs_scheduled(1);
1126 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1127 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
1128 CHILD_OUTBOUND_INSTALLED);
1129 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
1130 CHILD_OUTBOUND_NONE);
1131 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1132 CHILD_OUTBOUND_INSTALLED);
1133 assert_child_sa_count(b, 3);
1134 assert_scheduler();
1135 /* <-- INFORMATIONAL { D } */
1136 assert_jobs_scheduled(1);
1137 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1138 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
1139 CHILD_OUTBOUND_INSTALLED);
1140 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
1141 CHILD_OUTBOUND_NONE);
1142 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1143 CHILD_OUTBOUND_INSTALLED);
1144 assert_child_sa_count(a, 3);
1145 assert_scheduler();
1146 /* <-- INFORMATIONAL { D } */
1147 assert_jobs_scheduled(1);
1148 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1149 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
1150 CHILD_OUTBOUND_NONE);
1151 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
1152 CHILD_OUTBOUND_NONE);
1153 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1154 CHILD_OUTBOUND_INSTALLED);
1155 assert_child_sa_count(a, 3);
1156 assert_scheduler();
1157 /* INFORMATIONAL { D } --> */
1158 assert_jobs_scheduled(1);
1159 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1160 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
1161 CHILD_OUTBOUND_NONE);
1162 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
1163 CHILD_OUTBOUND_NONE);
1164 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1165 CHILD_OUTBOUND_INSTALLED);
1166 assert_child_sa_count(b, 3);
1167 assert_scheduler();
1168
1169 /* simulate the execution of the scheduled jobs */
1170 destroy_rekeyed(a, data[_i].spi_del_a);
1171 destroy_rekeyed(a, data[_i].spi_del_b);
1172 assert_child_sa_count(a, 1);
1173 destroy_rekeyed(b, data[_i].spi_del_a);
1174 destroy_rekeyed(b, data[_i].spi_del_b);
1175 assert_child_sa_count(b, 1);
1176
1177 /* child_rekey/child_updown */
1178 assert_hook();
1179 assert_hook();
1180
1181 assert_sa_idle(a);
1182 assert_sa_idle(b);
1183
1184 call_ikesa(a, destroy);
1185 call_ikesa(b, destroy);
1186 }
1187 END_TEST
1188
1189 /**
1190 * This is a variation of the above but with the retry by one peer delayed so
1191 * that to the other peer it looks like there is no collision.
1192 */
1193 START_TEST(test_collision_ke_invalid_delayed_retry)
1194 {
1195 exchange_test_sa_conf_t conf = {
1196 .initiator = {
1197 .esp = "aes128-sha256-modp2048-modp3072",
1198 },
1199 .responder = {
1200 .esp = "aes128-sha256-modp3072-modp2048",
1201 },
1202 };
1203 ike_sa_t *a, *b;
1204 message_t *msg;
1205
1206 exchange_test_helper->establish_sa(exchange_test_helper,
1207 &a, &b, &conf);
1208
1209 /* Seven nonces and SPIs are needed (SPI 1 and 2 are used for the initial
1210 * CHILD_SA):
1211 * N1/3 -----\ /----- N2/4
1212 * \--/-----> N3/5
1213 * N4/6 <-------/ /---- INVAL_KE
1214 * INVAL_KE -----\ /
1215 * <-----\--/
1216 * N5/7 -----\ \------->
1217 * <-----\--------- N6/8
1218 * N7/9 -------\------->
1219 * <-------\------- DELETE
1220 * ... ------\ \----->
1221 * /---- TEMP_FAIL
1222 *
1223 * We test this three times, each time a different nonce is the lowest.
1224 */
1225 struct {
1226 /* Nonces used at each point */
1227 u_char nonces[3];
1228 } data[] = {
1229 { { 0x00, 0xFF, 0xFF } },
1230 { { 0xFF, 0x00, 0xFF } },
1231 { { 0xFF, 0xFF, 0x00 } },
1232 };
1233
1234 /* make sure the nonces of the first try don't affect the retries */
1235 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1236 initiate_rekey(a, 1);
1237 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1238 initiate_rekey(b, 2);
1239
1240 /* this should never get called as this results in a successful rekeying */
1241 assert_hook_not_called(child_updown);
1242
1243 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1244 assert_hook_not_called(child_rekey);
1245 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1246 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1247 assert_child_sa_count(b, 1);
1248 assert_hook();
1249 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1250 assert_hook_not_called(child_rekey);
1251 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1252 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1253 assert_child_sa_count(a, 1);
1254 assert_hook();
1255
1256 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
1257 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1258 assert_hook_not_called(child_rekey);
1259 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1260 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1261 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1262 assert_child_sa_count(a, 1);
1263 assert_hook();
1264 /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
1265 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1266 assert_hook_not_called(child_rekey);
1267 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1268 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1269 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1270 assert_child_sa_count(b, 1);
1271 assert_hook();
1272
1273 /* delay the CREATE_CHILD_SA request from a to b */
1274 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1275
1276 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1277 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1278 assert_hook_rekey(child_rekey, 1, 9);
1279 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1280 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1281 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1282 assert_hook();
1283 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
1284 assert_hook_rekey(child_rekey, 2, 8);
1285 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1286 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1287 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1288 assert_hook();
1289
1290 /* we don't expect this hook to get called anymore */
1291 assert_hook_not_called(child_rekey);
1292
1293 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
1294 assert_single_notify(OUT, TEMPORARY_FAILURE);
1295 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1296 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1297 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1298
1299 /* <-- INFORMATIONAL { D } */
1300 assert_jobs_scheduled(1);
1301 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1302 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1303 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1304 assert_child_sa_count(a, 2);
1305 assert_scheduler();
1306
1307 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1308 assert_no_jobs_scheduled();
1309 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1310 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1311 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1312 assert_child_sa_count(a, 2);
1313 assert_scheduler();
1314
1315 /* INFORMATIONAL { D } --> */
1316 assert_jobs_scheduled(1);
1317 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1318 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1319 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1320 assert_child_sa_count(b, 2);
1321 assert_scheduler();
1322
1323 /* simulate the execution of the scheduled jobs */
1324 destroy_rekeyed(a, 1);
1325 assert_child_sa_count(a, 1);
1326 destroy_rekeyed(b, 2);
1327 assert_child_sa_count(b, 1);
1328
1329 /* child_rekey/child_updown */
1330 assert_hook();
1331 assert_hook();
1332
1333 assert_sa_idle(a);
1334 assert_sa_idle(b);
1335
1336 call_ikesa(a, destroy);
1337 call_ikesa(b, destroy);
1338 }
1339 END_TEST
1340
1341 /**
1342 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1343 * concurrently trying to rekey.
1344 *
1345 * rekey ----\ /---- delete
1346 * \-----/----> detect collision
1347 * detect collision <---------/ /---- TEMP_FAIL
1348 * delete ----\ /
1349 * \----/----->
1350 * aborts rekeying <--------/
1351 */
1352 START_TEST(test_collision_delete)
1353 {
1354 ike_sa_t *a, *b;
1355 uint32_t spi_a = _i+1, spi_b = 2-_i;
1356
1357 if (_i)
1358 { /* responder rekeys the CHILD_SA (SPI 2) */
1359 exchange_test_helper->establish_sa(exchange_test_helper,
1360 &b, &a, NULL);
1361 }
1362 else
1363 { /* initiator rekeys the CHILD_SA (SPI 1) */
1364 exchange_test_helper->establish_sa(exchange_test_helper,
1365 &a, &b, NULL);
1366 }
1367 initiate_rekey(a, spi_a);
1368 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1369 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1370
1371 /* this should never get called as there is no successful rekeying on
1372 * either side */
1373 assert_hook_not_called(child_rekey);
1374
1375 /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
1376 * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1377 */
1378
1379 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1380 assert_hook_not_called(child_updown);
1381 assert_notify(IN, REKEY_SA);
1382 assert_single_notify(OUT, TEMPORARY_FAILURE);
1383 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1384 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1385 assert_hook();
1386
1387 /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
1388 * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
1389 * payload.
1390 */
1391
1392 /* <-- INFORMATIONAL { D } */
1393 assert_hook_updown(child_updown, FALSE);
1394 assert_single_payload(IN, PLV2_DELETE);
1395 assert_single_payload(OUT, PLV2_DELETE);
1396 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1397 assert_child_sa_count(a, 0);
1398 assert_hook();
1399
1400 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1401 assert_hook_not_called(child_updown);
1402 /* we don't expect a job to retry the rekeying */
1403 assert_no_jobs_scheduled();
1404 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1405 assert_scheduler();
1406 assert_hook();
1407
1408 /* INFORMATIONAL { D } --> */
1409 assert_hook_updown(child_updown, FALSE);
1410 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1411 assert_child_sa_count(b, 0);
1412 assert_hook();
1413
1414 /* child_rekey */
1415 assert_hook();
1416
1417 assert_sa_idle(a);
1418 assert_sa_idle(b);
1419
1420 call_ikesa(a, destroy);
1421 call_ikesa(b, destroy);
1422 }
1423 END_TEST
1424
1425 /**
1426 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1427 * concurrently trying to rekey. However, the delete request is delayed or
1428 * dropped, so the peer doing the rekeying is unaware of the collision.
1429 *
1430 * rekey ----\ /---- delete
1431 * \-----/----> detect collision
1432 * reschedule <---------/------ TEMP_FAIL
1433 * <--------/
1434 * delete ---------------->
1435 *
1436 * The job will not find the SA to retry rekeying.
1437 */
1438 START_TEST(test_collision_delete_drop_delete)
1439 {
1440 ike_sa_t *a, *b;
1441 message_t *msg;
1442 uint32_t spi_a = _i+1, spi_b = 2-_i;
1443
1444 if (_i)
1445 { /* responder rekeys the CHILD_SA (SPI 2) */
1446 exchange_test_helper->establish_sa(exchange_test_helper,
1447 &b, &a, NULL);
1448 }
1449 else
1450 { /* initiator rekeys the CHILD_SA (SPI 1) */
1451 exchange_test_helper->establish_sa(exchange_test_helper,
1452 &a, &b, NULL);
1453 }
1454 initiate_rekey(a, spi_a);
1455 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1456 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1457
1458 /* this should never get called as there is no successful rekeying on
1459 * either side */
1460 assert_hook_not_called(child_rekey);
1461
1462 /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
1463 * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1464 */
1465
1466 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1467 assert_hook_not_called(child_updown);
1468 assert_notify(IN, REKEY_SA);
1469 assert_single_notify(OUT, TEMPORARY_FAILURE);
1470 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1471 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1472 assert_hook();
1473
1474 /* delay the DELETE request */
1475 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1476
1477 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1478 assert_hook_not_called(child_updown);
1479 /* we expect a job to retry the rekeying is scheduled */
1480 assert_jobs_scheduled(1);
1481 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1482 assert_child_sa_state(a, spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1483 assert_scheduler();
1484 assert_hook();
1485
1486 /* <-- INFORMATIONAL { D } (delayed) */
1487 assert_hook_updown(child_updown, FALSE);
1488 assert_single_payload(IN, PLV2_DELETE);
1489 assert_single_payload(OUT, PLV2_DELETE);
1490 exchange_test_helper->process_message(exchange_test_helper, a, msg);
1491 assert_child_sa_count(a, 0);
1492 assert_hook();
1493
1494 /* INFORMATIONAL { D } --> */
1495 assert_hook_updown(child_updown, FALSE);
1496 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1497 assert_child_sa_count(b, 0);
1498 assert_hook();
1499
1500 /* child_rekey */
1501 assert_hook();
1502
1503 assert_sa_idle(a);
1504 assert_sa_idle(b);
1505
1506 call_ikesa(a, destroy);
1507 call_ikesa(b, destroy);
1508 }
1509 END_TEST
1510
1511 /**
1512 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1513 * concurrently trying to rekey. However, the rekey request is delayed or
1514 * dropped, so the peer doing the deleting is unaware of the collision.
1515 *
1516 * rekey ----\ /---- delete
1517 * detect collision <----\-----/
1518 * delete ------\--------->
1519 * \-------->
1520 * /---- CHILD_SA_NOT_FOUND
1521 * aborts rekeying <----------/
1522 */
1523 START_TEST(test_collision_delete_drop_rekey)
1524 {
1525 ike_sa_t *a, *b;
1526 message_t *msg;
1527 uint32_t spi_a = _i+1, spi_b = 2-_i;
1528
1529 if (_i)
1530 { /* responder rekeys the CHILD_SA (SPI 2) */
1531 exchange_test_helper->establish_sa(exchange_test_helper,
1532 &b, &a, NULL);
1533 }
1534 else
1535 { /* initiator rekeys the CHILD_SA (SPI 1) */
1536 exchange_test_helper->establish_sa(exchange_test_helper,
1537 &a, &b, NULL);
1538 }
1539 initiate_rekey(a, spi_a);
1540 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1541 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1542
1543 /* this should never get called as there is no successful rekeying on
1544 * either side */
1545 assert_hook_not_called(child_rekey);
1546
1547 /* delay the CREATE_CHILD_SA request */
1548 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1549
1550 /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
1551 * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
1552 * payload.
1553 */
1554
1555 /* <-- INFORMATIONAL { D } */
1556 assert_hook_updown(child_updown, FALSE);
1557 assert_single_payload(IN, PLV2_DELETE);
1558 assert_single_payload(OUT, PLV2_DELETE);
1559 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1560 assert_child_sa_count(a, 0);
1561 assert_hook();
1562
1563 /* INFORMATIONAL { D } --> */
1564 assert_hook_updown(child_updown, FALSE);
1565 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1566 assert_child_sa_count(b, 0);
1567 assert_hook();
1568
1569 /* RFC 7296, 2.25.1: If a peer receives a to rekey a Child SA that does not
1570 * exist, it SHOULD reply with CHILD_SA_NOT_FOUND.
1571 */
1572
1573 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
1574 assert_hook_not_called(child_updown);
1575 assert_notify(IN, REKEY_SA);
1576 assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
1577 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1578 assert_hook();
1579
1580 /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
1581 assert_hook_not_called(child_updown);
1582 /* no jobs or tasks should get scheduled/queued */
1583 assert_no_jobs_scheduled();
1584 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1585 assert_scheduler();
1586 assert_hook();
1587
1588 /* child_rekey */
1589 assert_hook();
1590
1591 assert_sa_idle(a);
1592 assert_sa_idle(b);
1593
1594 call_ikesa(a, destroy);
1595 call_ikesa(b, destroy);
1596 }
1597 END_TEST
1598
1599 /**
1600 * FIXME: Not sure what we can do about the following:
1601 *
1602 * One of the hosts initiates a rekeying of a CHILD_SA and after responding to
1603 * it the other peer deletes the new SA. However, the rekey response is
1604 * delayed or dropped, so the peer doing the rekeying receives a delete for an
1605 * unknown CHILD_SA and then has a rekeyed CHILD_SA that should not exist.
1606 *
1607 * rekey ---------------->
1608 * /---- rekey
1609 * unknown SA <----------/----- delete new SA
1610 * ----------/----->
1611 * <--------/
1612 *
1613 * The peers' states are now out of sync.
1614 *
1615 * Perhaps the rekey initiator could keep track of deletes for non-existing SAs
1616 * while rekeying and then check against the SPIs when handling the
1617 * CREATE_CHILD_SA response.
1618 */
1619
1620
1621 /**
1622 * One of the hosts initiates a rekey of the IKE_SA of the CHILD_SA the other
1623 * peer is concurrently trying to rekey.
1624 *
1625 * rekey ----\ /---- rekey IKE
1626 * \-----/----> detect collision
1627 * detect collision <---------/ /---- TEMP_FAIL
1628 * TEMP_FAIL ----\ /
1629 * \----/----->
1630 * <--------/
1631 */
1632 START_TEST(test_collision_ike_rekey)
1633 {
1634 ike_sa_t *a, *b;
1635 uint32_t spi_a = _i+1;
1636
1637 if (_i)
1638 { /* responder rekeys the CHILD_SA (SPI 2) */
1639 exchange_test_helper->establish_sa(exchange_test_helper,
1640 &b, &a, NULL);
1641 }
1642 else
1643 { /* initiator rekeys the CHILD_SA (SPI 1) */
1644 exchange_test_helper->establish_sa(exchange_test_helper,
1645 &a, &b, NULL);
1646 }
1647 initiate_rekey(a, spi_a);
1648 call_ikesa(b, rekey);
1649 assert_ike_sa_state(b, IKE_REKEYING);
1650
1651 /* these should never get called as there is no successful rekeying on
1652 * either side */
1653 assert_hook_not_called(ike_rekey);
1654 assert_hook_not_called(child_rekey);
1655
1656 /* RFC 7296, 2.25.2: If a peer receives a request to rekey a CHILD_SA when
1657 * it is currently rekeying the IKE SA, it SHOULD reply with
1658 * TEMPORARY_FAILURE.
1659 */
1660
1661 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1662 assert_single_notify(OUT, TEMPORARY_FAILURE);
1663 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1664 assert_ike_sa_state(b, IKE_REKEYING);
1665
1666 /* RFC 7296, 2.25.1: If a peer receives a request to rekey the IKE SA, and
1667 * it is currently, rekeying, or closing a Child SA of that IKE SA, it
1668 * SHOULD reply with TEMPORARY_FAILURE.
1669 */
1670
1671 /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
1672 assert_single_notify(OUT, TEMPORARY_FAILURE);
1673 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1674 assert_child_sa_state(a, spi_a, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1675
1676 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1677 /* we expect a job to retry the rekeying is scheduled */
1678 assert_jobs_scheduled(1);
1679 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1680 assert_child_sa_state(a, spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1681 assert_scheduler();
1682
1683 /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */
1684 /* we expect a job to retry the rekeying is scheduled */
1685 assert_jobs_scheduled(1);
1686 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1687 assert_ike_sa_state(b, IKE_ESTABLISHED);
1688 assert_scheduler();
1689
1690 /* ike_rekey/child_rekey */
1691 assert_hook();
1692 assert_hook();
1693
1694 assert_sa_idle(a);
1695 assert_sa_idle(b);
1696
1697 call_ikesa(a, destroy);
1698 call_ikesa(b, destroy);
1699 }
1700 END_TEST
1701
1702 /**
1703 * One of the hosts initiates a delete of the IKE_SA of the CHILD_SA the other
1704 * peer is concurrently trying to rekey.
1705 *
1706 * rekey ----\ /---- delete IKE
1707 * \-----/----> detect collision
1708 * <---------/ /---- TEMP_FAIL
1709 * delete ----\ /
1710 * \----/----->
1711 * sa already gone <--------/
1712 */
1713 START_TEST(test_collision_ike_delete)
1714 {
1715 ike_sa_t *a, *b;
1716 uint32_t spi_a = _i+1;
1717 message_t *msg;
1718 status_t s;
1719
1720 if (_i)
1721 { /* responder rekeys the CHILD_SA (SPI 2) */
1722 exchange_test_helper->establish_sa(exchange_test_helper,
1723 &b, &a, NULL);
1724 }
1725 else
1726 { /* initiator rekeys the CHILD_SA (SPI 1) */
1727 exchange_test_helper->establish_sa(exchange_test_helper,
1728 &a, &b, NULL);
1729 }
1730 initiate_rekey(a, spi_a);
1731 call_ikesa(b, delete);
1732 assert_ike_sa_state(b, IKE_DELETING);
1733
1734 /* this should never get called as there is no successful rekeying on
1735 * either side */
1736 assert_hook_not_called(child_rekey);
1737
1738 /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if
1739 * a peer receives a request to rekey a CHILD_SA when it is currently
1740 * closing the IKE SA. We expect a TEMPORARY_FAILURE notify.
1741 */
1742
1743 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1744 assert_single_notify(OUT, TEMPORARY_FAILURE);
1745 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1746 assert_ike_sa_state(b, IKE_DELETING);
1747
1748 /* RFC 7296, 2.25.1 does not explicitly state what the behavior SHOULD be if
1749 * a peer receives a request to close the IKE SA if it is currently rekeying
1750 * a Child SA of that IKE SA. Let's just close the IKE_SA and forget the
1751 * rekeying.
1752 */
1753
1754 /* <-- INFORMATIONAL { D } */
1755 assert_hook_updown(ike_updown, FALSE);
1756 assert_hook_updown(child_updown, FALSE);
1757 assert_message_empty(OUT);
1758 s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1759 ck_assert_int_eq(DESTROY_ME, s);
1760 call_ikesa(a, destroy);
1761 assert_hook();
1762 assert_hook();
1763
1764 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1765 /* the SA is already gone */
1766 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1767 msg->destroy(msg);
1768
1769 /* INFORMATIONAL { } --> */
1770 assert_hook_updown(ike_updown, FALSE);
1771 assert_hook_updown(child_updown, FALSE);
1772 s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1773 ck_assert_int_eq(DESTROY_ME, s);
1774 call_ikesa(b, destroy);
1775 assert_hook();
1776 assert_hook();
1777
1778 /* child_rekey */
1779 assert_hook();
1780 }
1781 END_TEST
1782
1783 Suite *child_rekey_suite_create()
1784 {
1785 Suite *s;
1786 TCase *tc;
1787
1788 s = suite_create("child rekey");
1789
1790 tc = tcase_create("regular");
1791 tcase_add_loop_test(tc, test_regular, 0, 2);
1792 tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2);
1793 tcase_add_test(tc, test_regular_responder_ignore_soft_expire);
1794 tcase_add_test(tc, test_regular_responder_handle_hard_expire);
1795 suite_add_tcase(s, tc);
1796
1797 tc = tcase_create("collisions rekey");
1798 tcase_add_loop_test(tc, test_collision, 0, 4);
1799 tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4);
1800 tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3);
1801 tcase_add_loop_test(tc, test_collision_delayed_request_more, 0, 3);
1802 tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4);
1803 tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3);
1804 suite_add_tcase(s, tc);
1805
1806 tc = tcase_create("collisions delete");
1807 tcase_add_loop_test(tc, test_collision_delete, 0, 2);
1808 tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2);
1809 tcase_add_loop_test(tc, test_collision_delete_drop_rekey, 0, 2);
1810 suite_add_tcase(s, tc);
1811
1812 tc = tcase_create("collisions ike rekey");
1813 tcase_add_loop_test(tc, test_collision_ike_rekey, 0, 2);
1814 suite_add_tcase(s, tc);
1815
1816 tc = tcase_create("collisions ike delete");
1817 tcase_add_loop_test(tc, test_collision_ike_delete, 0, 2);
1818 suite_add_tcase(s, tc);
1819
1820 return s;
1821 }