child-sa: Remove state to track installation of half the SA again
[strongswan.git] / src / libcharon / tests / suites / test_child_rekey.c
1 /*
2 * Copyright (C) 2016 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <daemon.h>
19 #include <tests/utils/exchange_test_helper.h>
20 #include <tests/utils/exchange_test_asserts.h>
21 #include <tests/utils/job_asserts.h>
22 #include <tests/utils/sa_asserts.h>
23
24 /**
25 * Initiate rekeying the CHILD_SA with the given SPI on the given IKE_SA.
26 */
27 #define initiate_rekey(sa, spi) ({ \
28 assert_hook_not_called(child_updown); \
29 assert_hook_not_called(child_rekey); \
30 call_ikesa(sa, rekey_child_sa, PROTO_ESP, spi); \
31 assert_child_sa_state(sa, spi, CHILD_REKEYING); \
32 assert_hook(); \
33 assert_hook(); \
34 })
35
36 /**
37 * Regular CHILD_SA rekey either initiated by the original initiator or
38 * responder of the IKE_SA.
39 */
40 START_TEST(test_regular)
41 {
42 ike_sa_t *a, *b;
43 uint32_t spi_a = _i+1, spi_b = 2-_i;
44
45 if (_i)
46 { /* responder rekeys the CHILD_SA (SPI 2) */
47 exchange_test_helper->establish_sa(exchange_test_helper,
48 &b, &a, NULL);
49 }
50 else
51 { /* initiator rekeys the CHILD_SA (SPI 1) */
52 exchange_test_helper->establish_sa(exchange_test_helper,
53 &a, &b, NULL);
54 }
55 initiate_rekey(a, spi_a);
56
57 /* this should never get called as this results in a successful rekeying */
58 assert_hook_not_called(child_updown);
59
60 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
61 assert_hook_called(child_rekey);
62 assert_notify(IN, REKEY_SA);
63 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
64 assert_child_sa_state(b, spi_b, CHILD_REKEYED);
65 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
66 assert_hook();
67
68 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
69 assert_hook_called(child_rekey);
70 assert_no_notify(IN, REKEY_SA);
71 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
72 assert_child_sa_state(a, spi_a, CHILD_DELETING);
73 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
74 assert_hook();
75
76 /* INFORMATIONAL { D } --> */
77 assert_hook_not_called(child_rekey);
78 assert_single_payload(IN, PLV2_DELETE);
79 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
80 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
81 assert_child_sa_count(b, 1);
82 assert_hook();
83 /* <-- INFORMATIONAL { D } */
84 assert_hook_not_called(child_rekey);
85 assert_single_payload(IN, PLV2_DELETE);
86 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
87 assert_child_sa_state(a, 3, CHILD_INSTALLED);
88 assert_child_sa_count(a, 1);
89 assert_hook();
90
91 /* child_updown */
92 assert_hook();
93
94 call_ikesa(a, destroy);
95 call_ikesa(b, destroy);
96 }
97 END_TEST
98
99 /**
100 * CHILD_SA rekey where the responder does not agree with the DH group selected
101 * by the initiator, either initiated by the original initiator or responder of
102 * the IKE_SA.
103 */
104 START_TEST(test_regular_ke_invalid)
105 {
106 exchange_test_sa_conf_t conf = {
107 .initiator = {
108 .esp = "aes128-sha256-modp2048-modp3072",
109 },
110 .responder = {
111 .esp = "aes128-sha256-modp3072-modp2048",
112 },
113 };
114 ike_sa_t *a, *b;
115 uint32_t spi_a = _i+1, spi_b = 2-_i;
116
117 if (_i)
118 { /* responder rekeys the CHILD_SA (SPI 2) */
119 exchange_test_helper->establish_sa(exchange_test_helper,
120 &b, &a, &conf);
121 }
122 else
123 { /* initiator rekeys the CHILD_SA (SPI 1) */
124 exchange_test_helper->establish_sa(exchange_test_helper,
125 &a, &b, &conf);
126 }
127 initiate_rekey(a, spi_a);
128
129 /* this should never get called as this results in a successful rekeying */
130 assert_hook_not_called(child_updown);
131
132 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
133 assert_hook_not_called(child_rekey);
134 assert_notify(IN, REKEY_SA);
135 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
136 assert_child_sa_state(b, spi_b, CHILD_INSTALLED);
137 assert_child_sa_count(b, 1);
138 assert_hook();
139
140 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
141 assert_hook_not_called(child_rekey);
142 assert_single_notify(IN, INVALID_KE_PAYLOAD);
143 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
144 assert_child_sa_state(a, spi_a, CHILD_REKEYING);
145 assert_child_sa_count(a, 1);
146 assert_hook();
147
148 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
149 assert_hook_called(child_rekey);
150 assert_notify(IN, REKEY_SA);
151 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
152 assert_child_sa_state(b, spi_b, CHILD_REKEYED);
153 assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
154 assert_hook();
155
156 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
157 assert_hook_called(child_rekey);
158 assert_no_notify(IN, REKEY_SA);
159 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
160 assert_child_sa_state(a, spi_a, CHILD_DELETING);
161 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
162 assert_hook();
163
164 /* INFORMATIONAL { D } --> */
165 assert_hook_not_called(child_rekey);
166 assert_single_payload(IN, PLV2_DELETE);
167 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
168 assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
169 assert_child_sa_count(b, 1);
170 assert_hook();
171 /* <-- INFORMATIONAL { D } */
172 assert_hook_not_called(child_rekey);
173 assert_single_payload(IN, PLV2_DELETE);
174 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
175 assert_child_sa_state(a, 5, CHILD_INSTALLED);
176 assert_child_sa_count(a, 1);
177 assert_hook();
178
179 /* child_updown */
180 assert_hook();
181
182 call_ikesa(a, destroy);
183 call_ikesa(b, destroy);
184 }
185 END_TEST
186
187 /**
188 * Check that the responder ignores soft expires while waiting for the delete
189 * after a rekeying.
190 */
191 START_TEST(test_regular_responder_ignore_soft_expire)
192 {
193 ike_sa_t *a, *b;
194
195 exchange_test_helper->establish_sa(exchange_test_helper,
196 &a, &b, NULL);
197 initiate_rekey(a, 1);
198
199 /* this should never get called as this results in a successful rekeying */
200 assert_hook_not_called(child_updown);
201
202 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
203 assert_hook_called(child_rekey);
204 assert_notify(IN, REKEY_SA);
205 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
206 assert_child_sa_state(b, 2, CHILD_REKEYED);
207 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
208 assert_hook();
209
210 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
211 assert_hook_called(child_rekey);
212 assert_no_notify(IN, REKEY_SA);
213 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
214 assert_child_sa_state(a, 1, CHILD_DELETING);
215 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
216 assert_hook();
217
218 /* we don't expect this to get called anymore */
219 assert_hook_not_called(child_rekey);
220 /* this should not produce a message, if it does there won't be a delete
221 * payload below */
222 call_ikesa(b, rekey_child_sa, PROTO_ESP, 2);
223 assert_child_sa_state(b, 2, CHILD_REKEYED);
224
225 /* INFORMATIONAL { D } --> */
226 assert_single_payload(IN, PLV2_DELETE);
227 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
228 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
229 assert_child_sa_count(b, 1);
230 /* <-- INFORMATIONAL { D } */
231 assert_single_payload(IN, PLV2_DELETE);
232 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
233 assert_child_sa_state(a, 3, CHILD_INSTALLED);
234 assert_child_sa_count(a, 1);
235
236 /* child_rekey/child_updown */
237 assert_hook();
238 assert_hook();
239
240 call_ikesa(a, destroy);
241 call_ikesa(b, destroy);
242 }
243 END_TEST
244
245 /**
246 * Check that the responder handles hard expires properly while waiting for the
247 * delete after a rekeying (e.g. if the initiator of the rekeying fails to
248 * delete the CHILD_SA for some reason).
249 */
250 START_TEST(test_regular_responder_handle_hard_expire)
251 {
252 ike_sa_t *a, *b;
253
254 exchange_test_helper->establish_sa(exchange_test_helper,
255 &a, &b, NULL);
256 initiate_rekey(a, 1);
257
258 /* this should never get called as this results in a successful rekeying */
259 assert_hook_not_called(child_updown);
260
261 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
262 assert_hook_called(child_rekey);
263 assert_notify(IN, REKEY_SA);
264 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
265 assert_child_sa_state(b, 2, CHILD_REKEYED);
266 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
267 assert_hook();
268
269 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
270 assert_hook_called(child_rekey);
271 assert_no_notify(IN, REKEY_SA);
272 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
273 assert_child_sa_state(a, 1, CHILD_DELETING);
274 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
275 assert_hook();
276
277 /* we don't expect this to get called anymore */
278 assert_hook_not_called(child_rekey);
279 /* this is similar to a regular delete collision */
280 assert_single_payload(OUT, PLV2_DELETE);
281 call_ikesa(b, delete_child_sa, PROTO_ESP, 2, TRUE);
282 assert_child_sa_state(b, 2, CHILD_DELETING);
283
284 /* INFORMATIONAL { D } --> */
285 assert_single_payload(IN, PLV2_DELETE);
286 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
287 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
288 assert_child_sa_state(a, 2, CHILD_DELETING);
289 /* <-- INFORMATIONAL { D } */
290 assert_single_payload(IN, PLV2_DELETE);
291 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
292 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
293 assert_child_sa_state(a, 1, CHILD_DELETING);
294 /* <-- INFORMATIONAL { } */
295 assert_message_empty(IN);
296 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
297 assert_child_sa_state(a, 3, CHILD_INSTALLED);
298 assert_child_sa_count(a, 1);
299 /* INFORMATIONAL { } --> */
300 assert_message_empty(IN);
301 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
302 assert_child_sa_state(b, 4, CHILD_INSTALLED);
303 assert_child_sa_count(b, 1);
304
305 /* child_rekey/child_updown */
306 assert_hook();
307 assert_hook();
308
309 call_ikesa(a, destroy);
310 call_ikesa(b, destroy);
311 }
312 END_TEST
313
314 /**
315 * Both peers initiate the CHILD_SA reekying concurrently and should handle
316 * the collision properly depending on the nonces.
317 */
318 START_TEST(test_collision)
319 {
320 ike_sa_t *a, *b;
321
322 exchange_test_helper->establish_sa(exchange_test_helper,
323 &a, &b, NULL);
324
325 /* When rekeyings collide we get two CHILD_SAs with a total of four nonces.
326 * The CHILD_SA with the lowest nonce SHOULD be deleted by the peer that
327 * created that CHILD_SA. The replaced CHILD_SA is deleted by the peer that
328 * initiated the surviving SA.
329 * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
330 * CHILD_SA):
331 * N1/3 -----\ /----- N2/4
332 * \--/-----> N3/5
333 * N4/6 <-------/ /----- ...
334 * ... -----\
335 * We test this four times, each time a different nonce is the lowest.
336 */
337 struct {
338 /* Nonces used at each point */
339 u_char nonces[4];
340 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
341 uint32_t spi_del_a, spi_del_b;
342 /* SPIs of the kept CHILD_SA */
343 uint32_t spi_a, spi_b;
344 } data[] = {
345 { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
346 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
347 { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
348 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
349 };
350
351 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
352 initiate_rekey(a, 1);
353 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
354 initiate_rekey(b, 2);
355
356 /* this should never get called as this results in a successful rekeying */
357 assert_hook_not_called(child_updown);
358
359 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
360 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
361 assert_hook_rekey(child_rekey, 2, 5);
362 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
363 assert_child_sa_state(b, 2, CHILD_REKEYED);
364 assert_child_sa_state(b, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
365 assert_hook();
366 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
367 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
368 assert_hook_rekey(child_rekey, 1, 6);
369 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
370 assert_child_sa_state(a, 1, CHILD_REKEYED);
371 assert_child_sa_state(a, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
372 assert_hook();
373
374 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
375 if (data[_i].spi_del_a == 1)
376 { /* currently we call this again if we keep our own replacement as we
377 * already called it above */
378 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
379 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
380 assert_hook();
381 }
382 else
383 {
384 assert_hook_not_called(child_rekey);
385 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
386 assert_hook();
387 }
388 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
389 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED);
390 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
391 data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED
392 : CHILD_OUTBOUND_REGISTERED);
393 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
394 if (data[_i].spi_del_b == 2)
395 {
396 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
397 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
398 assert_hook();
399 }
400 else
401 {
402 assert_hook_not_called(child_rekey);
403 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
404 assert_hook();
405 }
406 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
407 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED);
408 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
409 data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED
410 : CHILD_OUTBOUND_REGISTERED);
411
412 /* we don't expect this hook to get called anymore */
413 assert_hook_not_called(child_rekey);
414 /* INFORMATIONAL { D } --> */
415 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
416 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
417 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
418 assert_child_sa_count(b, 2);
419 /* <-- INFORMATIONAL { D } */
420 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
421 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
422 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
423 assert_child_sa_count(a, 2);
424 /* <-- INFORMATIONAL { D } */
425 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
426 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
427 assert_child_sa_count(a, 1);
428 /* INFORMATIONAL { D } --> */
429 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
430 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
431 assert_child_sa_count(b, 1);
432
433 /* child_rekey/child_updown */
434 assert_hook();
435 assert_hook();
436
437 call_ikesa(a, destroy);
438 call_ikesa(b, destroy);
439 }
440 END_TEST
441
442 /**
443 * This is like the rekey collision above, but one peer deletes the
444 * redundant/old SA before the other peer receives the CREATE_CHILD_SA
445 * response:
446 *
447 * rekey ----\ /---- rekey
448 * \-----/----> detect collision
449 * detect collision <---------/ /----
450 * ----\ /
451 * \----/----->
452 * handle delete <--------/------- delete SA
453 * --------/------->
454 * handle rekey <------/
455 * delete SA ---------------->
456 * <----------------
457 */
458 START_TEST(test_collision_delayed_response)
459 {
460 ike_sa_t *a, *b;
461 message_t *msg;
462
463 exchange_test_helper->establish_sa(exchange_test_helper,
464 &a, &b, NULL);
465
466 /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
467 * CHILD_SA):
468 * N1/3 -----\ /----- N2/4
469 * \--/-----> N3/5
470 * N4/6 <-------/ /----- ...
471 * ... -----\
472 * We test this four times, each time a different nonce is the lowest.
473 */
474 struct {
475 /* Nonces used at each point */
476 u_char nonces[4];
477 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
478 uint32_t spi_del_a, spi_del_b;
479 /* SPIs of the kept CHILD_SA */
480 uint32_t spi_a, spi_b;
481 } data[] = {
482 { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
483 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
484 { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
485 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
486 };
487
488 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
489 initiate_rekey(a, 1);
490 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
491 initiate_rekey(b, 2);
492
493 /* this should never get called as this results in a successful rekeying */
494 assert_hook_not_called(child_updown);
495
496 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
497 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
498 assert_hook_rekey(child_rekey, 2, 5);
499 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
500 assert_child_sa_state(b, 2, CHILD_REKEYED);
501 assert_child_sa_state(b, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
502 assert_hook();
503 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
504 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
505 assert_hook_rekey(child_rekey, 1, 6);
506 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
507 assert_child_sa_state(a, 1, CHILD_REKEYED);
508 assert_child_sa_state(a, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
509 assert_hook();
510
511 /* delay the CREATE_CHILD_SA response from b to a */
512 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
513
514 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
515 if (data[_i].spi_del_b == 2)
516 {
517 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
518 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
519 assert_hook();
520 }
521 else
522 {
523 assert_hook_not_called(child_rekey);
524 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
525 assert_hook();
526 }
527 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
528 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED);
529 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
530 data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED
531 : CHILD_OUTBOUND_REGISTERED);
532
533 /* <-- INFORMATIONAL { D } */
534 assert_hook_not_called(child_rekey);
535 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
536 if (data[_i].spi_del_b == 2)
537 {
538 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
539 assert_child_sa_count(a, 1);
540 }
541 else
542 {
543 assert_child_sa_state(a, 1, CHILD_REKEYED);
544 assert_child_sa_count(a, 1);
545 }
546 /* INFORMATIONAL { D } --> */
547 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
548 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED);
549 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
550 data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED
551 : CHILD_OUTBOUND_REGISTERED);
552 assert_child_sa_count(b, 2);
553 assert_hook();
554
555 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } (delayed) */
556 if (data[_i].spi_del_a == 1)
557 {
558 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
559 exchange_test_helper->process_message(exchange_test_helper, a, msg);
560 assert_hook();
561 }
562 else
563 {
564 assert_hook_not_called(child_rekey);
565 exchange_test_helper->process_message(exchange_test_helper, a, msg);
566 assert_hook();
567 }
568 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
569 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
570 assert_child_sa_count(a, 2);
571
572 /* we don't expect this hook to get called anymore */
573 assert_hook_not_called(child_rekey);
574 /* INFORMATIONAL { D } --> */
575 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
576 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
577 assert_child_sa_count(b, 1);
578 /* <-- INFORMATIONAL { D } */
579 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
580 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
581 assert_child_sa_count(a, 1);
582
583 /* child_rekey/child_updown */
584 assert_hook();
585 assert_hook();
586
587 call_ikesa(a, destroy);
588 call_ikesa(b, destroy);
589 }
590 END_TEST
591
592 /**
593 * In this scenario one of the peers does not notice that there is a
594 * rekey collision:
595 *
596 * rekey ----\ /---- rekey
597 * \ /
598 * detect collision <-----\---/
599 * -------\-------->
600 * \ /---- delete old SA
601 * \-/----> detect collision
602 * detect collision <---------/ /---- TEMP_FAIL
603 * delete -----------/---->
604 * aborts rekeying <---------/
605 */
606 START_TEST(test_collision_delayed_request)
607 {
608 ike_sa_t *a, *b;
609 message_t *msg;
610
611 exchange_test_helper->establish_sa(exchange_test_helper,
612 &a, &b, NULL);
613
614 /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
615 * CHILD_SA):
616 * N1/3 -----\ /----- N2/4
617 * N3/5 <-----\--/
618 * ... -----\ \-------> ...
619 * We test this three times, each time a different nonce is the lowest.
620 */
621 struct {
622 /* Nonces used at each point */
623 u_char nonces[3];
624 } data[] = {
625 { { 0x00, 0xFF, 0xFF } },
626 { { 0xFF, 0x00, 0xFF } },
627 { { 0xFF, 0xFF, 0x00 } },
628 };
629
630 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
631 initiate_rekey(a, 1);
632 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
633 initiate_rekey(b, 2);
634
635 /* delay the CREATE_CHILD_SA request from a to b */
636 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
637
638 /* this should never get called as this results in a successful rekeying */
639 assert_hook_not_called(child_updown);
640
641 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
642 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
643 assert_hook_rekey(child_rekey, 1, 5);
644 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
645 assert_child_sa_state(a, 1, CHILD_REKEYED);
646 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
647 assert_hook();
648 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
649 assert_hook_rekey(child_rekey, 2, 4);
650 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
651 assert_child_sa_state(b, 2, CHILD_DELETING);
652 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
653 assert_hook();
654
655 /* we don't expect this hook to get called anymore */
656 assert_hook_not_called(child_rekey);
657
658 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
659 assert_single_notify(OUT, TEMPORARY_FAILURE);
660 exchange_test_helper->process_message(exchange_test_helper, b, msg);
661 assert_child_sa_state(b, 2, CHILD_DELETING);
662 assert_child_sa_state(b, 4, CHILD_INSTALLED);
663
664 /* <-- INFORMATIONAL { D } */
665 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
666 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
667 assert_child_sa_count(a, 1);
668
669 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
670 assert_no_jobs_scheduled();
671 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
672 assert_child_sa_state(a, 5, CHILD_INSTALLED);
673 assert_child_sa_count(a, 1);
674 assert_scheduler();
675
676 /* INFORMATIONAL { D } --> */
677 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
678 assert_child_sa_state(b, 4, CHILD_INSTALLED);
679 assert_child_sa_count(b, 1);
680
681 /* child_rekey/child_updown */
682 assert_hook();
683 assert_hook();
684
685 assert_sa_idle(a);
686 assert_sa_idle(b);
687
688 call_ikesa(a, destroy);
689 call_ikesa(b, destroy);
690 }
691 END_TEST
692
693 /**
694 * Similar to above one peer fails to notice the collision but the
695 * CREATE_CHILD_SA request is even more delayed:
696 *
697 * rekey ----\ /---- rekey
698 * \ /
699 * detect collision <-----\---/
700 * -------\-------->
701 * detect collision <-------\-------- delete old SA
702 * delete ---------\------>
703 * \----->
704 * /---- CHILD_SA_NOT_FOUND
705 * aborts rekeying <----------/
706 */
707 START_TEST(test_collision_delayed_request_more)
708 {
709 ike_sa_t *a, *b;
710 message_t *msg;
711
712 exchange_test_helper->establish_sa(exchange_test_helper,
713 &a, &b, NULL);
714
715 /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
716 * CHILD_SA):
717 * N1/3 -----\ /----- N2/4
718 * N3/5 <-----\--/
719 * ... -----\ \-------> ...
720 * We test this three times, each time a different nonce is the lowest.
721 */
722 struct {
723 /* Nonces used at each point */
724 u_char nonces[3];
725 } data[] = {
726 { { 0x00, 0xFF, 0xFF } },
727 { { 0xFF, 0x00, 0xFF } },
728 { { 0xFF, 0xFF, 0x00 } },
729 };
730
731 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
732 initiate_rekey(a, 1);
733 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
734 initiate_rekey(b, 2);
735
736 /* delay the CREATE_CHILD_SA request from a to b */
737 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
738
739 /* this should never get called as this results in a successful rekeying */
740 assert_hook_not_called(child_updown);
741
742 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
743 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
744 assert_hook_rekey(child_rekey, 1, 5);
745 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
746 assert_child_sa_state(a, 1, CHILD_REKEYED);
747 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
748 assert_hook();
749 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
750 assert_hook_rekey(child_rekey, 2, 4);
751 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
752 assert_child_sa_state(b, 2, CHILD_DELETING);
753 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
754 assert_hook();
755
756 /* we don't expect this hook to get called anymore */
757 assert_hook_not_called(child_rekey);
758
759 /* <-- INFORMATIONAL { D } */
760 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
761 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
762 assert_child_sa_count(a, 1);
763 /* INFORMATIONAL { D } --> */
764 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
765 assert_child_sa_state(b, 4, CHILD_INSTALLED);
766 assert_child_sa_count(b, 1);
767
768 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
769 assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
770 exchange_test_helper->process_message(exchange_test_helper, b, msg);
771 assert_child_sa_state(b, 4, CHILD_INSTALLED);
772 assert_child_sa_count(b, 1);
773 /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
774 assert_no_jobs_scheduled();
775 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
776 assert_child_sa_state(a, 5, CHILD_INSTALLED);
777 assert_child_sa_count(a, 1);
778 assert_scheduler();
779
780 /* child_rekey/child_updown */
781 assert_hook();
782 assert_hook();
783
784 assert_sa_idle(a);
785 assert_sa_idle(b);
786
787 call_ikesa(a, destroy);
788 call_ikesa(b, destroy);
789 }
790 END_TEST
791
792 /**
793 * Both peers initiate the CHILD_SA reekying concurrently but the proposed DH
794 * groups are not the same after handling the INVALID_KE_PAYLOAD they should
795 * still handle the collision properly depending on the nonces.
796 */
797 START_TEST(test_collision_ke_invalid)
798 {
799 exchange_test_sa_conf_t conf = {
800 .initiator = {
801 .esp = "aes128-sha256-modp2048-modp3072",
802 },
803 .responder = {
804 .esp = "aes128-sha256-modp3072-modp2048",
805 },
806 };
807 ike_sa_t *a, *b;
808
809 exchange_test_helper->establish_sa(exchange_test_helper,
810 &a, &b, &conf);
811
812 /* Eight nonces and SPIs are needed (SPI 1 and 2 are used for the initial
813 * CHILD_SA):
814 * N1/3 -----\ /----- N2/4
815 * \--/-----> N3/5
816 * N4/6 <-------/ /---- INVAL_KE
817 * INVAL_KE -----\ /
818 * <-----\--/
819 * N5/7 -----\ \------->
820 * \ /---- N6/8
821 * \--/----> N7/9
822 * N8/10 <--------/ /---- ...
823 * ... ------\
824 *
825 * We test this four times, each time a different nonce is the lowest.
826 */
827 struct {
828 /* Nonces used at each point */
829 u_char nonces[4];
830 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
831 uint32_t spi_del_a, spi_del_b;
832 /* SPIs of the kept CHILD_SA */
833 uint32_t spi_a, spi_b;
834 } data[] = {
835 { { 0x00, 0xFF, 0xFF, 0xFF }, 7, 2,10, 8 },
836 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 8, 7, 9 },
837 { { 0xFF, 0xFF, 0x00, 0xFF }, 7, 2,10, 8 },
838 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 8, 7, 9 },
839 };
840
841 /* make sure the nonces of the first try don't affect the retries */
842 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
843 initiate_rekey(a, 1);
844 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
845 initiate_rekey(b, 2);
846
847 /* this should never get called as this results in a successful rekeying */
848 assert_hook_not_called(child_updown);
849
850 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
851 assert_hook_not_called(child_rekey);
852 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
853 assert_child_sa_state(b, 2, CHILD_REKEYING);
854 assert_child_sa_count(b, 1);
855 assert_hook();
856 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
857 assert_hook_not_called(child_rekey);
858 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
859 assert_child_sa_state(a, 1, CHILD_REKEYING);
860 assert_child_sa_count(a, 1);
861 assert_hook();
862
863 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
864 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
865 assert_hook_not_called(child_rekey);
866 assert_single_notify(IN, INVALID_KE_PAYLOAD);
867 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
868 assert_child_sa_state(a, 1, CHILD_REKEYING);
869 assert_child_sa_count(a, 1);
870 assert_hook();
871 /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
872 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
873 assert_hook_not_called(child_rekey);
874 assert_single_notify(IN, INVALID_KE_PAYLOAD);
875 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
876 assert_child_sa_state(b, 2, CHILD_REKEYING);
877 assert_child_sa_count(b, 1);
878 assert_hook();
879
880 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
881 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
882 assert_hook_rekey(child_rekey, 2, 9);
883 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
884 assert_child_sa_state(b, 2, CHILD_REKEYED);
885 assert_child_sa_state(b, 9, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
886 assert_hook();
887 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
888 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
889 assert_hook_rekey(child_rekey, 1, 10);
890 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
891 assert_child_sa_state(a, 1, CHILD_REKEYED);
892 assert_child_sa_state(a,10, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
893 assert_hook();
894
895 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
896 if (data[_i].spi_del_a == 1)
897 { /* currently we call this again if we keep our own replacement as we
898 * already called it above */
899 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
900 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
901 assert_hook();
902 }
903 else
904 {
905 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
906 }
907 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
908 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED);
909 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
910 data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED
911 : CHILD_OUTBOUND_REGISTERED);
912 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
913 if (data[_i].spi_del_b == 2)
914 {
915 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
916 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
917 assert_hook();
918 }
919 else
920 {
921 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
922 }
923 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
924 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED);
925 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
926 data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED
927 : CHILD_OUTBOUND_REGISTERED);
928
929 /* we don't expect this hook to get called anymore */
930 assert_hook_not_called(child_rekey);
931 /* INFORMATIONAL { D } --> */
932 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
933 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
934 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
935 assert_child_sa_count(b, 2);
936 /* <-- INFORMATIONAL { D } */
937 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
938 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
939 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
940 assert_child_sa_count(a, 2);
941 /* <-- INFORMATIONAL { D } */
942 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
943 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
944 assert_child_sa_count(a, 1);
945 /* INFORMATIONAL { D } --> */
946 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
947 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
948 assert_child_sa_count(b, 1);
949
950 /* child_rekey/child_updown */
951 assert_hook();
952 assert_hook();
953
954 assert_sa_idle(a);
955 assert_sa_idle(b);
956
957 call_ikesa(a, destroy);
958 call_ikesa(b, destroy);
959 }
960 END_TEST
961
962 /**
963 * This is a variation of the above but with the retry by one peer delayed so
964 * that to the other peer it looks like there is no collision.
965 */
966 START_TEST(test_collision_ke_invalid_delayed_retry)
967 {
968 exchange_test_sa_conf_t conf = {
969 .initiator = {
970 .esp = "aes128-sha256-modp2048-modp3072",
971 },
972 .responder = {
973 .esp = "aes128-sha256-modp3072-modp2048",
974 },
975 };
976 ike_sa_t *a, *b;
977 message_t *msg;
978
979 exchange_test_helper->establish_sa(exchange_test_helper,
980 &a, &b, &conf);
981
982 /* Seven nonces and SPIs are needed (SPI 1 and 2 are used for the initial
983 * CHILD_SA):
984 * N1/3 -----\ /----- N2/4
985 * \--/-----> N3/5
986 * N4/6 <-------/ /---- INVAL_KE
987 * INVAL_KE -----\ /
988 * <-----\--/
989 * N5/7 -----\ \------->
990 * <-----\--------- N6/8
991 * N7/9 -------\------->
992 * <-------\------- DELETE
993 * ... ------\ \----->
994 * /---- TEMP_FAIL
995 *
996 * We test this three times, each time a different nonce is the lowest.
997 */
998 struct {
999 /* Nonces used at each point */
1000 u_char nonces[3];
1001 } data[] = {
1002 { { 0x00, 0xFF, 0xFF } },
1003 { { 0xFF, 0x00, 0xFF } },
1004 { { 0xFF, 0xFF, 0x00 } },
1005 };
1006
1007 /* make sure the nonces of the first try don't affect the retries */
1008 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1009 initiate_rekey(a, 1);
1010 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1011 initiate_rekey(b, 2);
1012
1013 /* this should never get called as this results in a successful rekeying */
1014 assert_hook_not_called(child_updown);
1015
1016 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1017 assert_hook_not_called(child_rekey);
1018 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1019 assert_child_sa_state(b, 2, CHILD_REKEYING);
1020 assert_child_sa_count(b, 1);
1021 assert_hook();
1022 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1023 assert_hook_not_called(child_rekey);
1024 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1025 assert_child_sa_state(a, 1, CHILD_REKEYING);
1026 assert_child_sa_count(a, 1);
1027 assert_hook();
1028
1029 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
1030 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1031 assert_hook_not_called(child_rekey);
1032 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1033 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1034 assert_child_sa_state(a, 1, CHILD_REKEYING);
1035 assert_child_sa_count(a, 1);
1036 assert_hook();
1037 /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
1038 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1039 assert_hook_not_called(child_rekey);
1040 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1041 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1042 assert_child_sa_state(b, 2, CHILD_REKEYING);
1043 assert_child_sa_count(b, 1);
1044 assert_hook();
1045
1046 /* delay the CREATE_CHILD_SA request from a to b */
1047 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1048
1049 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1050 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1051 assert_hook_rekey(child_rekey, 1, 9);
1052 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1053 assert_child_sa_state(a, 1, CHILD_REKEYED);
1054 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1055 assert_hook();
1056 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
1057 assert_hook_rekey(child_rekey, 2, 8);
1058 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1059 assert_child_sa_state(b, 2, CHILD_DELETING);
1060 assert_child_sa_state(b, 8, CHILD_INSTALLED);
1061 assert_hook();
1062
1063 /* we don't expect this hook to get called anymore */
1064 assert_hook_not_called(child_rekey);
1065
1066 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
1067 assert_single_notify(OUT, TEMPORARY_FAILURE);
1068 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1069 assert_child_sa_state(b, 2, CHILD_DELETING);
1070 assert_child_sa_state(b, 8, CHILD_INSTALLED);
1071
1072 /* <-- INFORMATIONAL { D } */
1073 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1074 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1075 assert_child_sa_count(a, 1);
1076
1077 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1078 assert_no_jobs_scheduled();
1079 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1080 assert_child_sa_state(a, 9, CHILD_INSTALLED);
1081 assert_child_sa_count(a, 1);
1082 assert_scheduler();
1083
1084 /* INFORMATIONAL { D } --> */
1085 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1086 assert_child_sa_state(b, 8, CHILD_INSTALLED);
1087 assert_child_sa_count(b, 1);
1088
1089 /* child_rekey/child_updown */
1090 assert_hook();
1091 assert_hook();
1092
1093 assert_sa_idle(a);
1094 assert_sa_idle(b);
1095
1096 call_ikesa(a, destroy);
1097 call_ikesa(b, destroy);
1098 }
1099 END_TEST
1100
1101 /**
1102 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1103 * concurrently trying to rekey.
1104 *
1105 * rekey ----\ /---- delete
1106 * \-----/----> detect collision
1107 * detect collision <---------/ /---- TEMP_FAIL
1108 * delete ----\ /
1109 * \----/----->
1110 * aborts rekeying <--------/
1111 */
1112 START_TEST(test_collision_delete)
1113 {
1114 ike_sa_t *a, *b;
1115 uint32_t spi_a = _i+1, spi_b = 2-_i;
1116
1117 if (_i)
1118 { /* responder rekeys the CHILD_SA (SPI 2) */
1119 exchange_test_helper->establish_sa(exchange_test_helper,
1120 &b, &a, NULL);
1121 }
1122 else
1123 { /* initiator rekeys the CHILD_SA (SPI 1) */
1124 exchange_test_helper->establish_sa(exchange_test_helper,
1125 &a, &b, NULL);
1126 }
1127 initiate_rekey(a, spi_a);
1128 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1129 assert_child_sa_state(b, spi_b, CHILD_DELETING);
1130
1131 /* this should never get called as there is no successful rekeying on
1132 * either side */
1133 assert_hook_not_called(child_rekey);
1134
1135 /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
1136 * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1137 */
1138
1139 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1140 assert_hook_not_called(child_updown);
1141 assert_notify(IN, REKEY_SA);
1142 assert_single_notify(OUT, TEMPORARY_FAILURE);
1143 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1144 assert_child_sa_state(b, spi_b, CHILD_DELETING);
1145 assert_hook();
1146
1147 /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
1148 * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
1149 * payload.
1150 */
1151
1152 /* <-- INFORMATIONAL { D } */
1153 assert_hook_updown(child_updown, FALSE);
1154 assert_single_payload(IN, PLV2_DELETE);
1155 assert_single_payload(OUT, PLV2_DELETE);
1156 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1157 assert_child_sa_count(a, 0);
1158 assert_hook();
1159
1160 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1161 assert_hook_not_called(child_updown);
1162 /* we don't expect a job to retry the rekeying */
1163 assert_no_jobs_scheduled();
1164 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1165 assert_scheduler();
1166 assert_hook();
1167
1168 /* INFORMATIONAL { D } --> */
1169 assert_hook_updown(child_updown, FALSE);
1170 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1171 assert_child_sa_count(b, 0);
1172 assert_hook();
1173
1174 /* child_rekey */
1175 assert_hook();
1176
1177 assert_sa_idle(a);
1178 assert_sa_idle(b);
1179
1180 call_ikesa(a, destroy);
1181 call_ikesa(b, destroy);
1182 }
1183 END_TEST
1184
1185 /**
1186 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1187 * concurrently trying to rekey. However, the delete request is delayed or
1188 * dropped, so the peer doing the rekeying is unaware of the collision.
1189 *
1190 * rekey ----\ /---- delete
1191 * \-----/----> detect collision
1192 * reschedule <---------/------ TEMP_FAIL
1193 * <--------/
1194 * delete ---------------->
1195 *
1196 * The job will not find the SA to retry rekeying.
1197 */
1198 START_TEST(test_collision_delete_drop_delete)
1199 {
1200 ike_sa_t *a, *b;
1201 message_t *msg;
1202 uint32_t spi_a = _i+1, spi_b = 2-_i;
1203
1204 if (_i)
1205 { /* responder rekeys the CHILD_SA (SPI 2) */
1206 exchange_test_helper->establish_sa(exchange_test_helper,
1207 &b, &a, NULL);
1208 }
1209 else
1210 { /* initiator rekeys the CHILD_SA (SPI 1) */
1211 exchange_test_helper->establish_sa(exchange_test_helper,
1212 &a, &b, NULL);
1213 }
1214 initiate_rekey(a, spi_a);
1215 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1216 assert_child_sa_state(b, spi_b, CHILD_DELETING);
1217
1218 /* this should never get called as there is no successful rekeying on
1219 * either side */
1220 assert_hook_not_called(child_rekey);
1221
1222 /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
1223 * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1224 */
1225
1226 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1227 assert_hook_not_called(child_updown);
1228 assert_notify(IN, REKEY_SA);
1229 assert_single_notify(OUT, TEMPORARY_FAILURE);
1230 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1231 assert_child_sa_state(b, spi_b, CHILD_DELETING);
1232 assert_hook();
1233
1234 /* delay the DELETE request */
1235 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1236
1237 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1238 assert_hook_not_called(child_updown);
1239 /* we expect a job to retry the rekeying is scheduled */
1240 assert_jobs_scheduled(1);
1241 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1242 assert_child_sa_state(a, spi_a, CHILD_INSTALLED);
1243 assert_scheduler();
1244 assert_hook();
1245
1246 /* <-- INFORMATIONAL { D } (delayed) */
1247 assert_hook_updown(child_updown, FALSE);
1248 assert_single_payload(IN, PLV2_DELETE);
1249 assert_single_payload(OUT, PLV2_DELETE);
1250 exchange_test_helper->process_message(exchange_test_helper, a, msg);
1251 assert_child_sa_count(a, 0);
1252 assert_hook();
1253
1254 /* INFORMATIONAL { D } --> */
1255 assert_hook_updown(child_updown, FALSE);
1256 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1257 assert_child_sa_count(b, 0);
1258 assert_hook();
1259
1260 /* child_rekey */
1261 assert_hook();
1262
1263 assert_sa_idle(a);
1264 assert_sa_idle(b);
1265
1266 call_ikesa(a, destroy);
1267 call_ikesa(b, destroy);
1268 }
1269 END_TEST
1270
1271 /**
1272 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1273 * concurrently trying to rekey. However, the rekey request is delayed or
1274 * dropped, so the peer doing the deleting is unaware of the collision.
1275 *
1276 * rekey ----\ /---- delete
1277 * detect collision <----\-----/
1278 * delete ------\--------->
1279 * \-------->
1280 * /---- CHILD_SA_NOT_FOUND
1281 * aborts rekeying <----------/
1282 */
1283 START_TEST(test_collision_delete_drop_rekey)
1284 {
1285 ike_sa_t *a, *b;
1286 message_t *msg;
1287 uint32_t spi_a = _i+1, spi_b = 2-_i;
1288
1289 if (_i)
1290 { /* responder rekeys the CHILD_SA (SPI 2) */
1291 exchange_test_helper->establish_sa(exchange_test_helper,
1292 &b, &a, NULL);
1293 }
1294 else
1295 { /* initiator rekeys the CHILD_SA (SPI 1) */
1296 exchange_test_helper->establish_sa(exchange_test_helper,
1297 &a, &b, NULL);
1298 }
1299 initiate_rekey(a, spi_a);
1300 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1301 assert_child_sa_state(b, spi_b, CHILD_DELETING);
1302
1303 /* this should never get called as there is no successful rekeying on
1304 * either side */
1305 assert_hook_not_called(child_rekey);
1306
1307 /* delay the CREATE_CHILD_SA request */
1308 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1309
1310 /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
1311 * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
1312 * payload.
1313 */
1314
1315 /* <-- INFORMATIONAL { D } */
1316 assert_hook_updown(child_updown, FALSE);
1317 assert_single_payload(IN, PLV2_DELETE);
1318 assert_single_payload(OUT, PLV2_DELETE);
1319 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1320 assert_child_sa_count(a, 0);
1321 assert_hook();
1322
1323 /* INFORMATIONAL { D } --> */
1324 assert_hook_updown(child_updown, FALSE);
1325 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1326 assert_child_sa_count(b, 0);
1327 assert_hook();
1328
1329 /* RFC 7296, 2.25.1: If a peer receives a to rekey a Child SA that does not
1330 * exist, it SHOULD reply with CHILD_SA_NOT_FOUND.
1331 */
1332
1333 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
1334 assert_hook_not_called(child_updown);
1335 assert_notify(IN, REKEY_SA);
1336 assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
1337 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1338 assert_hook();
1339
1340 /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
1341 assert_hook_not_called(child_updown);
1342 /* no jobs or tasks should get scheduled/queued */
1343 assert_no_jobs_scheduled();
1344 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1345 assert_scheduler();
1346 assert_hook();
1347
1348 /* child_rekey */
1349 assert_hook();
1350
1351 assert_sa_idle(a);
1352 assert_sa_idle(b);
1353
1354 call_ikesa(a, destroy);
1355 call_ikesa(b, destroy);
1356 }
1357 END_TEST
1358
1359 /**
1360 * FIXME: Not sure what we can do about the following:
1361 *
1362 * One of the hosts initiates a rekeying of a CHILD_SA and after responding to
1363 * it the other peer deletes the new SA. However, the rekey response is
1364 * delayed or dropped, so the peer doing the rekeying receives a delete for an
1365 * unknown CHILD_SA and then has a rekeyed CHILD_SA that should not exist.
1366 *
1367 * rekey ---------------->
1368 * /---- rekey
1369 * unknown SA <----------/----- delete new SA
1370 * ----------/----->
1371 * <--------/
1372 *
1373 * The peers' states are now out of sync.
1374 *
1375 * Perhaps the rekey initiator could keep track of deletes for non-existing SAs
1376 * while rekeying and then check against the SPIs when handling the
1377 * CREATE_CHILD_SA response.
1378 */
1379
1380
1381 /**
1382 * One of the hosts initiates a rekey of the IKE_SA of the CHILD_SA the other
1383 * peer is concurrently trying to rekey.
1384 *
1385 * rekey ----\ /---- rekey IKE
1386 * \-----/----> detect collision
1387 * detect collision <---------/ /---- TEMP_FAIL
1388 * TEMP_FAIL ----\ /
1389 * \----/----->
1390 * <--------/
1391 */
1392 START_TEST(test_collision_ike_rekey)
1393 {
1394 ike_sa_t *a, *b;
1395 uint32_t spi_a = _i+1;
1396
1397 if (_i)
1398 { /* responder rekeys the CHILD_SA (SPI 2) */
1399 exchange_test_helper->establish_sa(exchange_test_helper,
1400 &b, &a, NULL);
1401 }
1402 else
1403 { /* initiator rekeys the CHILD_SA (SPI 1) */
1404 exchange_test_helper->establish_sa(exchange_test_helper,
1405 &a, &b, NULL);
1406 }
1407 initiate_rekey(a, spi_a);
1408 call_ikesa(b, rekey);
1409 assert_ike_sa_state(b, IKE_REKEYING);
1410
1411 /* these should never get called as there is no successful rekeying on
1412 * either side */
1413 assert_hook_not_called(ike_rekey);
1414 assert_hook_not_called(child_rekey);
1415
1416 /* RFC 7296, 2.25.2: If a peer receives a request to rekey a CHILD_SA when
1417 * it is currently rekeying the IKE SA, it SHOULD reply with
1418 * TEMPORARY_FAILURE.
1419 */
1420
1421 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1422 assert_single_notify(OUT, TEMPORARY_FAILURE);
1423 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1424 assert_ike_sa_state(b, IKE_REKEYING);
1425
1426 /* RFC 7296, 2.25.1: If a peer receives a request to rekey the IKE SA, and
1427 * it is currently, rekeying, or closing a Child SA of that IKE SA, it
1428 * SHOULD reply with TEMPORARY_FAILURE.
1429 */
1430
1431 /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
1432 assert_single_notify(OUT, TEMPORARY_FAILURE);
1433 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1434 assert_child_sa_state(a, spi_a, CHILD_REKEYING);
1435
1436 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1437 /* we expect a job to retry the rekeying is scheduled */
1438 assert_jobs_scheduled(1);
1439 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1440 assert_child_sa_state(a, spi_a, CHILD_INSTALLED);
1441 assert_scheduler();
1442
1443 /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */
1444 /* we expect a job to retry the rekeying is scheduled */
1445 assert_jobs_scheduled(1);
1446 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1447 assert_ike_sa_state(b, IKE_ESTABLISHED);
1448 assert_scheduler();
1449
1450 /* ike_rekey/child_rekey */
1451 assert_hook();
1452 assert_hook();
1453
1454 assert_sa_idle(a);
1455 assert_sa_idle(b);
1456
1457 call_ikesa(a, destroy);
1458 call_ikesa(b, destroy);
1459 }
1460 END_TEST
1461
1462 /**
1463 * One of the hosts initiates a delete of the IKE_SA of the CHILD_SA the other
1464 * peer is concurrently trying to rekey.
1465 *
1466 * rekey ----\ /---- delete IKE
1467 * \-----/----> detect collision
1468 * <---------/ /---- TEMP_FAIL
1469 * delete ----\ /
1470 * \----/----->
1471 * sa already gone <--------/
1472 */
1473 START_TEST(test_collision_ike_delete)
1474 {
1475 ike_sa_t *a, *b;
1476 uint32_t spi_a = _i+1;
1477 message_t *msg;
1478 status_t s;
1479
1480 if (_i)
1481 { /* responder rekeys the CHILD_SA (SPI 2) */
1482 exchange_test_helper->establish_sa(exchange_test_helper,
1483 &b, &a, NULL);
1484 }
1485 else
1486 { /* initiator rekeys the CHILD_SA (SPI 1) */
1487 exchange_test_helper->establish_sa(exchange_test_helper,
1488 &a, &b, NULL);
1489 }
1490 initiate_rekey(a, spi_a);
1491 call_ikesa(b, delete);
1492 assert_ike_sa_state(b, IKE_DELETING);
1493
1494 /* this should never get called as there is no successful rekeying on
1495 * either side */
1496 assert_hook_not_called(child_rekey);
1497
1498 /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if
1499 * a peer receives a request to rekey a CHILD_SA when it is currently
1500 * closing the IKE SA. We expect a TEMPORARY_FAILURE notify.
1501 */
1502
1503 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1504 assert_single_notify(OUT, TEMPORARY_FAILURE);
1505 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1506 assert_ike_sa_state(b, IKE_DELETING);
1507
1508 /* RFC 7296, 2.25.1 does not explicitly state what the behavior SHOULD be if
1509 * a peer receives a request to close the IKE SA if it is currently rekeying
1510 * a Child SA of that IKE SA. Let's just close the IKE_SA and forget the
1511 * rekeying.
1512 */
1513
1514 /* <-- INFORMATIONAL { D } */
1515 assert_hook_updown(ike_updown, FALSE);
1516 assert_hook_updown(child_updown, FALSE);
1517 assert_message_empty(OUT);
1518 s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1519 ck_assert_int_eq(DESTROY_ME, s);
1520 call_ikesa(a, destroy);
1521 assert_hook();
1522 assert_hook();
1523
1524 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1525 /* the SA is already gone */
1526 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1527 msg->destroy(msg);
1528
1529 /* INFORMATIONAL { } --> */
1530 assert_hook_updown(ike_updown, FALSE);
1531 assert_hook_updown(child_updown, FALSE);
1532 s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1533 ck_assert_int_eq(DESTROY_ME, s);
1534 call_ikesa(b, destroy);
1535 assert_hook();
1536 assert_hook();
1537
1538 /* child_rekey */
1539 assert_hook();
1540 }
1541 END_TEST
1542
1543 Suite *child_rekey_suite_create()
1544 {
1545 Suite *s;
1546 TCase *tc;
1547
1548 s = suite_create("child rekey");
1549
1550 tc = tcase_create("regular");
1551 tcase_add_loop_test(tc, test_regular, 0, 2);
1552 tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2);
1553 tcase_add_test(tc, test_regular_responder_ignore_soft_expire);
1554 tcase_add_test(tc, test_regular_responder_handle_hard_expire);
1555 suite_add_tcase(s, tc);
1556
1557 tc = tcase_create("collisions rekey");
1558 tcase_add_loop_test(tc, test_collision, 0, 4);
1559 tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4);
1560 tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3);
1561 tcase_add_loop_test(tc, test_collision_delayed_request_more, 0, 3);
1562 tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4);
1563 tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3);
1564 suite_add_tcase(s, tc);
1565
1566 tc = tcase_create("collisions delete");
1567 tcase_add_loop_test(tc, test_collision_delete, 0, 2);
1568 tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2);
1569 tcase_add_loop_test(tc, test_collision_delete_drop_rekey, 0, 2);
1570 suite_add_tcase(s, tc);
1571
1572 tc = tcase_create("collisions ike rekey");
1573 tcase_add_loop_test(tc, test_collision_ike_rekey, 0, 2);
1574 suite_add_tcase(s, tc);
1575
1576 tc = tcase_create("collisions ike delete");
1577 tcase_add_loop_test(tc, test_collision_ike_delete, 0, 2);
1578 suite_add_tcase(s, tc);
1579
1580 return s;
1581 }