projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
unit-tests: Check installed IPsec SAs in child-rekey tests
[strongswan.git] / src / libcharon / tests / suites / test_child_rekey.c
1 /*
2 * Copyright (C) 2016-2017 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <daemon.h>
19 #include <tests/utils/exchange_test_helper.h>
20 #include <tests/utils/exchange_test_asserts.h>
21 #include <tests/utils/job_asserts.h>
22 #include <tests/utils/sa_asserts.h>
23
24 /**
25 * Initiate rekeying the CHILD_SA with the given SPI on the given IKE_SA.
26 */
27 #define initiate_rekey(sa, spi) ({ \
28 assert_hook_not_called(child_updown); \
29 assert_hook_not_called(child_rekey); \
30 call_ikesa(sa, rekey_child_sa, PROTO_ESP, spi); \
31 assert_child_sa_state(sa, spi, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); \
32 assert_hook(); \
33 assert_hook(); \
34 })
35
36 /**
37 * Destroy a rekeyed CHILD_SA that was kept around to accept inbound traffic.
38 * Simulates the job that's scheduled to do this.
39 */
40 #define destroy_rekeyed(sa, spi) ({ \
41 assert_hook_not_called(child_updown); \
42 assert_hook_not_called(child_rekey); \
43 assert_no_jobs_scheduled(); \
44 assert_child_sa_state(sa, spi, CHILD_DELETING, CHILD_OUTBOUND_NONE); \
45 call_ikesa(sa, delete_child_sa, PROTO_ESP, spi, FALSE); \
46 assert_child_sa_not_exists(sa, spi); \
47 assert_scheduler(); \
48 assert_hook(); \
49 assert_hook(); \
50 })
51
52 /**
53 * Regular CHILD_SA rekey either initiated by the original initiator or
54 * responder of the IKE_SA.
55 */
56 START_TEST(test_regular)
57 {
58 ike_sa_t *a, *b;
59 uint32_t spi_a = _i+1, spi_b = 2-_i;
60
61 if (_i)
62 { /* responder rekeys the CHILD_SA (SPI 2) */
63 exchange_test_helper->establish_sa(exchange_test_helper,
64 &b, &a, NULL);
65 }
66 else
67 { /* initiator rekeys the CHILD_SA (SPI 1) */
68 exchange_test_helper->establish_sa(exchange_test_helper,
69 &a, &b, NULL);
70 }
71 initiate_rekey(a, spi_a);
72 assert_ipsec_sas_installed(a, spi_a, spi_b);
73
74 /* this should never get called as this results in a successful rekeying */
75 assert_hook_not_called(child_updown);
76
77 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
78 assert_hook_called(child_rekey);
79 assert_notify(IN, REKEY_SA);
80 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
81 assert_child_sa_state(b, spi_b, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
82 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
83 assert_ipsec_sas_installed(b, spi_a, spi_b, 4);
84 assert_hook();
85
86 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
87 assert_hook_called(child_rekey);
88 assert_no_notify(IN, REKEY_SA);
89 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
90 assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
91 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
92 assert_ipsec_sas_installed(a, spi_a, spi_b, 3, 4);
93 assert_hook();
94
95 /* INFORMATIONAL { D } --> */
96 assert_hook_not_called(child_rekey);
97 assert_jobs_scheduled(1);
98 assert_single_payload(IN, PLV2_DELETE);
99 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
100 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE);
101 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
102 assert_child_sa_count(b, 2);
103 assert_ipsec_sas_installed(b, spi_b, 3, 4);
104 assert_scheduler();
105 assert_hook();
106 /* <-- INFORMATIONAL { D } */
107 assert_hook_not_called(child_rekey);
108 assert_jobs_scheduled(1);
109 assert_single_payload(IN, PLV2_DELETE);
110 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
111 assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE);
112 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
113 assert_child_sa_count(a, 2);
114 assert_ipsec_sas_installed(a, spi_a, 3, 4);
115 assert_scheduler();
116 assert_hook();
117
118 /* simulate the execution of the scheduled jobs */
119 destroy_rekeyed(a, spi_a);
120 assert_child_sa_count(a, 1);
121 assert_ipsec_sas_installed(a, 3, 4);
122 destroy_rekeyed(b, spi_b);
123 assert_child_sa_count(b, 1);
124 assert_ipsec_sas_installed(a, 3, 4);
125
126 /* child_updown */
127 assert_hook();
128
129 call_ikesa(a, destroy);
130 call_ikesa(b, destroy);
131 }
132 END_TEST
133
134 /**
135 * CHILD_SA rekey where the responder does not agree with the DH group selected
136 * by the initiator, either initiated by the original initiator or responder of
137 * the IKE_SA.
138 */
139 START_TEST(test_regular_ke_invalid)
140 {
141 exchange_test_sa_conf_t conf = {
142 .initiator = {
143 .esp = "aes128-sha256-modp2048-modp3072",
144 },
145 .responder = {
146 .esp = "aes128-sha256-modp3072-modp2048",
147 },
148 };
149 ike_sa_t *a, *b;
150 uint32_t spi_a = _i+1, spi_b = 2-_i;
151
152 if (_i)
153 { /* responder rekeys the CHILD_SA (SPI 2) */
154 exchange_test_helper->establish_sa(exchange_test_helper,
155 &b, &a, &conf);
156 }
157 else
158 { /* initiator rekeys the CHILD_SA (SPI 1) */
159 exchange_test_helper->establish_sa(exchange_test_helper,
160 &a, &b, &conf);
161 }
162 initiate_rekey(a, spi_a);
163 assert_ipsec_sas_installed(a, spi_a, spi_b);
164
165 /* this should never get called as this results in a successful rekeying */
166 assert_hook_not_called(child_updown);
167
168 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
169 assert_hook_not_called(child_rekey);
170 assert_notify(IN, REKEY_SA);
171 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
172 assert_child_sa_state(b, spi_b, CHILD_INSTALLED);
173 assert_child_sa_count(b, 1);
174 assert_ipsec_sas_installed(b, spi_a, spi_b);
175 assert_hook();
176
177 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
178 assert_hook_not_called(child_rekey);
179 assert_single_notify(IN, INVALID_KE_PAYLOAD);
180 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
181 assert_child_sa_state(a, spi_a, CHILD_REKEYING);
182 assert_child_sa_count(a, 1);
183 assert_ipsec_sas_installed(a, spi_a, spi_b);
184 assert_hook();
185
186 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
187 assert_hook_called(child_rekey);
188 assert_notify(IN, REKEY_SA);
189 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
190 assert_child_sa_state(b, spi_b, CHILD_REKEYED);
191 assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
192 assert_ipsec_sas_installed(b, spi_a, spi_b, 6);
193 assert_hook();
194
195 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
196 assert_hook_called(child_rekey);
197 assert_no_notify(IN, REKEY_SA);
198 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
199 assert_child_sa_state(a, spi_a, CHILD_DELETING);
200 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
201 assert_ipsec_sas_installed(a, spi_a, spi_b, 5, 6);
202 assert_hook();
203
204 /* INFORMATIONAL { D } --> */
205 assert_hook_not_called(child_rekey);
206 assert_single_payload(IN, PLV2_DELETE);
207 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
208 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_NONE);
209 assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
210 assert_child_sa_count(b, 2);
211 assert_ipsec_sas_installed(b, spi_b, 5, 6);
212 assert_hook();
213 /* <-- INFORMATIONAL { D } */
214 assert_hook_not_called(child_rekey);
215 assert_single_payload(IN, PLV2_DELETE);
216 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
217 assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_NONE);
218 assert_child_sa_state(a, 5, CHILD_INSTALLED);
219 assert_child_sa_count(a, 2);
220 assert_ipsec_sas_installed(a, spi_a, 5, 6);
221 assert_hook();
222
223 /* simulate the execution of the scheduled jobs */
224 destroy_rekeyed(a, spi_a);
225 assert_child_sa_count(a, 1);
226 assert_ipsec_sas_installed(a, 5, 6);
227 destroy_rekeyed(b, spi_b);
228 assert_child_sa_count(b, 1);
229 assert_ipsec_sas_installed(b, 5, 6);
230
231 /* child_updown */
232 assert_hook();
233
234 call_ikesa(a, destroy);
235 call_ikesa(b, destroy);
236 }
237 END_TEST
238
239 /**
240 * Check that the responder ignores soft expires while waiting for the delete
241 * after a rekeying.
242 */
243 START_TEST(test_regular_responder_ignore_soft_expire)
244 {
245 ike_sa_t *a, *b;
246
247 exchange_test_helper->establish_sa(exchange_test_helper,
248 &a, &b, NULL);
249 initiate_rekey(a, 1);
250 assert_ipsec_sas_installed(a, 1, 2);
251
252 /* this should never get called as this results in a successful rekeying */
253 assert_hook_not_called(child_updown);
254
255 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
256 assert_hook_called(child_rekey);
257 assert_notify(IN, REKEY_SA);
258 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
259 assert_child_sa_state(b, 2, CHILD_REKEYED);
260 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
261 assert_ipsec_sas_installed(b, 1, 2, 4);
262 assert_hook();
263
264 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
265 assert_hook_called(child_rekey);
266 assert_no_notify(IN, REKEY_SA);
267 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
268 assert_child_sa_state(a, 1, CHILD_DELETING);
269 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
270 assert_ipsec_sas_installed(a, 1, 2, 3, 4);
271 assert_hook();
272
273 /* we don't expect this to get called anymore */
274 assert_hook_not_called(child_rekey);
275 /* this should not produce a message, if it does there won't be a delete
276 * payload below */
277 call_ikesa(b, rekey_child_sa, PROTO_ESP, 2);
278 assert_child_sa_state(b, 2, CHILD_REKEYED);
279
280 /* INFORMATIONAL { D } --> */
281 assert_jobs_scheduled(1);
282 assert_single_payload(IN, PLV2_DELETE);
283 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
284 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
285 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
286 assert_child_sa_count(b, 2);
287 assert_ipsec_sas_installed(b, 2, 3, 4);
288 assert_scheduler();
289 /* <-- INFORMATIONAL { D } */
290 assert_jobs_scheduled(1);
291 assert_single_payload(IN, PLV2_DELETE);
292 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
293 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
294 assert_child_sa_state(a, 3, CHILD_INSTALLED);
295 assert_child_sa_count(a, 2);
296 assert_ipsec_sas_installed(a, 1, 3, 4);
297 assert_scheduler();
298
299 /* simulate the execution of the scheduled jobs */
300 destroy_rekeyed(a, 1);
301 assert_child_sa_count(a, 1);
302 assert_ipsec_sas_installed(a, 3, 4);
303 destroy_rekeyed(b, 2);
304 assert_child_sa_count(b, 1);
305 assert_ipsec_sas_installed(b, 3, 4);
306
307 /* child_rekey/child_updown */
308 assert_hook();
309 assert_hook();
310
311 call_ikesa(a, destroy);
312 call_ikesa(b, destroy);
313 }
314 END_TEST
315
316 /**
317 * Check that the responder handles hard expires properly while waiting for the
318 * delete after a rekeying (e.g. if the initiator of the rekeying fails to
319 * delete the CHILD_SA for some reason).
320 */
321 START_TEST(test_regular_responder_handle_hard_expire)
322 {
323 ike_sa_t *a, *b;
324
325 exchange_test_helper->establish_sa(exchange_test_helper,
326 &a, &b, NULL);
327 initiate_rekey(a, 1);
328 assert_ipsec_sas_installed(a, 1, 2);
329
330 /* this should never get called as this results in a successful rekeying */
331 assert_hook_not_called(child_updown);
332
333 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
334 assert_hook_called(child_rekey);
335 assert_notify(IN, REKEY_SA);
336 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
337 assert_child_sa_state(b, 2, CHILD_REKEYED);
338 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
339 assert_ipsec_sas_installed(b, 1, 2, 4);
340 assert_hook();
341
342 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
343 assert_hook_called(child_rekey);
344 assert_no_notify(IN, REKEY_SA);
345 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
346 assert_child_sa_state(a, 1, CHILD_DELETING);
347 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
348 assert_ipsec_sas_installed(a, 1, 2, 3, 4);
349 assert_hook();
350
351 /* we don't expect this to get called anymore */
352 assert_hook_not_called(child_rekey);
353 /* this is similar to a regular delete collision */
354 assert_single_payload(OUT, PLV2_DELETE);
355 call_ikesa(b, delete_child_sa, PROTO_ESP, 2, TRUE);
356 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
357 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
358 /* since the SAs expired they would not actually be installed in the kernel
359 * anymore and since we have not yet installed a new outbound SA this
360 * will result in dropped packets and possibly acquires */
361 assert_ipsec_sas_installed(b, 1, 2, 4);
362
363 /* INFORMATIONAL { D } --> */
364 assert_single_payload(IN, PLV2_DELETE);
365 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
366 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
367 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
368 assert_ipsec_sas_installed(b, 1, 2, 4);
369 /* <-- INFORMATIONAL { D } */
370 assert_single_payload(IN, PLV2_DELETE);
371 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
372 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
373 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
374 assert_ipsec_sas_installed(a, 1, 2, 3, 4);
375 /* <-- INFORMATIONAL { } */
376 assert_jobs_scheduled(1);
377 assert_message_empty(IN);
378 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
379 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
380 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
381 assert_child_sa_count(a, 2);
382 assert_ipsec_sas_installed(a, 1, 3, 4);
383 assert_scheduler();
384 /* INFORMATIONAL { } --> */
385 assert_jobs_scheduled(1);
386 assert_message_empty(IN);
387 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
388 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
389 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
390 assert_child_sa_count(b, 2);
391 assert_ipsec_sas_installed(b, 2, 3, 4);
392 assert_scheduler();
393
394 /* simulate the execution of the scheduled jobs */
395 destroy_rekeyed(a, 1);
396 assert_child_sa_count(a, 1);
397 assert_ipsec_sas_installed(a, 3, 4);
398 destroy_rekeyed(b, 2);
399 assert_child_sa_count(b, 1);
400 assert_ipsec_sas_installed(b, 3, 4);
401
402 /* child_rekey/child_updown */
403 assert_hook();
404 assert_hook();
405
406 call_ikesa(a, destroy);
407 call_ikesa(b, destroy);
408 }
409 END_TEST
410
411 /**
412 * Both peers initiate the CHILD_SA reekying concurrently and should handle
413 * the collision properly depending on the nonces.
414 */
415 START_TEST(test_collision)
416 {
417 ike_sa_t *a, *b;
418
419 exchange_test_helper->establish_sa(exchange_test_helper,
420 &a, &b, NULL);
421
422 /* When rekeyings collide we get two CHILD_SAs with a total of four nonces.
423 * The CHILD_SA with the lowest nonce SHOULD be deleted by the peer that
424 * created that CHILD_SA. The replaced CHILD_SA is deleted by the peer that
425 * initiated the surviving SA.
426 * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
427 * CHILD_SA):
428 * N1/3 -----\ /----- N2/4
429 * \--/-----> N3/5
430 * N4/6 <-------/ /----- ...
431 * ... -----\
432 * We test this four times, each time a different nonce is the lowest.
433 */
434 struct {
435 /* Nonces used at each point */
436 u_char nonces[4];
437 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
438 uint32_t spi_del_a, spi_del_b;
439 /* SPIs of the kept CHILD_SA */
440 uint32_t spi_a, spi_b;
441 } data[] = {
442 { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
443 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
444 { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
445 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
446 };
447
448 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
449 initiate_rekey(a, 1);
450 assert_ipsec_sas_installed(a, 1, 2);
451 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
452 initiate_rekey(b, 2);
453 assert_ipsec_sas_installed(b, 1, 2);
454
455 /* this should never get called as this results in a successful rekeying */
456 assert_hook_not_called(child_updown);
457
458 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
459 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
460 assert_hook_rekey(child_rekey, 2, 5);
461 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
462 assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
463 assert_child_sa_state(b, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
464 assert_ipsec_sas_installed(b, 1, 2, 5);
465 assert_hook();
466 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
467 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
468 assert_hook_rekey(child_rekey, 1, 6);
469 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
470 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
471 assert_child_sa_state(a, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
472 assert_ipsec_sas_installed(a, 1, 2, 6);
473 assert_hook();
474
475 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
476 if (data[_i].spi_del_a == 1)
477 { /* currently we call this again if we keep our own replacement as we
478 * already called it above */
479 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
480 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
481 assert_hook();
482 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
483 CHILD_OUTBOUND_REGISTERED);
484 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
485 CHILD_OUTBOUND_INSTALLED);
486 }
487 else
488 {
489 assert_hook_not_called(child_rekey);
490 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
491 assert_hook();
492 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
493 CHILD_OUTBOUND_INSTALLED);
494 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
495 CHILD_OUTBOUND_REGISTERED);
496 }
497 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
498 CHILD_OUTBOUND_INSTALLED);
499 assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6);
500 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
501 if (data[_i].spi_del_b == 2)
502 {
503 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
504 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
505 assert_hook();
506 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
507 CHILD_OUTBOUND_REGISTERED);
508 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
509 CHILD_OUTBOUND_INSTALLED);
510 }
511 else
512 {
513 assert_hook_not_called(child_rekey);
514 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
515 assert_hook();
516 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
517 CHILD_OUTBOUND_INSTALLED);
518 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
519 CHILD_OUTBOUND_REGISTERED);
520 }
521 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
522 CHILD_OUTBOUND_INSTALLED);
523 assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6);
524
525 /* we don't expect this hook to get called anymore */
526 assert_hook_not_called(child_rekey);
527 /* INFORMATIONAL { D } --> */
528 assert_jobs_scheduled(1);
529 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
530 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
531 CHILD_OUTBOUND_INSTALLED);
532 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
533 CHILD_OUTBOUND_NONE);
534 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
535 CHILD_OUTBOUND_INSTALLED);
536 assert_child_sa_count(b, 3);
537 assert_ipsec_sas_installed(b, 2, 4, 5, 6,
538 data[_i].spi_del_b == 2 ? 1 : 3);
539 assert_scheduler();
540 /* <-- INFORMATIONAL { D } */
541 assert_jobs_scheduled(1);
542 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
543 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
544 CHILD_OUTBOUND_INSTALLED);
545 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
546 CHILD_OUTBOUND_NONE);
547 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
548 CHILD_OUTBOUND_INSTALLED);
549 assert_child_sa_count(a, 3);
550 assert_ipsec_sas_installed(a, 1, 3, 5, 6,
551 data[_i].spi_del_a == 1 ? 2 : 4);
552 assert_scheduler();
553 /* <-- INFORMATIONAL { D } */
554 assert_jobs_scheduled(1);
555 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
556 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
557 CHILD_OUTBOUND_NONE);
558 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
559 CHILD_OUTBOUND_NONE);
560 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
561 CHILD_OUTBOUND_INSTALLED);
562 assert_child_sa_count(a, 3);
563 assert_ipsec_sas_installed(a, 1, 3, 6,
564 data[_i].spi_del_a == 1 ? 5 : 4);
565 assert_scheduler();
566 /* INFORMATIONAL { D } --> */
567 assert_jobs_scheduled(1);
568 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
569 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
570 CHILD_OUTBOUND_NONE);
571 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
572 CHILD_OUTBOUND_NONE);
573 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
574 CHILD_OUTBOUND_INSTALLED);
575 assert_child_sa_count(b, 3);
576 assert_ipsec_sas_installed(b, 2, 4, 5,
577 data[_i].spi_del_b == 2 ? 6 : 3);
578 assert_scheduler();
579
580 /* simulate the execution of the scheduled jobs */
581 destroy_rekeyed(a, data[_i].spi_del_a);
582 destroy_rekeyed(a, data[_i].spi_del_b);
583 assert_child_sa_count(a, 1);
584 assert_ipsec_sas_installed(a, data[_i].spi_a, data[_i].spi_b);
585 destroy_rekeyed(b, data[_i].spi_del_a);
586 destroy_rekeyed(b, data[_i].spi_del_b);
587 assert_child_sa_count(b, 1);
588 assert_ipsec_sas_installed(b, data[_i].spi_a, data[_i].spi_b);
589
590 /* child_rekey/child_updown */
591 assert_hook();
592 assert_hook();
593
594 call_ikesa(a, destroy);
595 call_ikesa(b, destroy);
596 }
597 END_TEST
598
599 /**
600 * This is like the rekey collision above, but one peer deletes the
601 * redundant/old SA before the other peer receives the CREATE_CHILD_SA
602 * response:
603 *
604 * rekey ----\ /---- rekey
605 * \-----/----> detect collision
606 * detect collision <---------/ /----
607 * ----\ /
608 * \----/----->
609 * handle delete <--------/------- delete SA
610 * --------/------->
611 * handle rekey <------/
612 * delete SA ---------------->
613 * <----------------
614 */
615 START_TEST(test_collision_delayed_response)
616 {
617 ike_sa_t *a, *b;
618 message_t *msg;
619
620 exchange_test_helper->establish_sa(exchange_test_helper,
621 &a, &b, NULL);
622
623 /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
624 * CHILD_SA):
625 * N1/3 -----\ /----- N2/4
626 * \--/-----> N3/5
627 * N4/6 <-------/ /----- ...
628 * ... -----\
629 * We test this four times, each time a different nonce is the lowest.
630 */
631 struct {
632 /* Nonces used at each point */
633 u_char nonces[4];
634 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
635 uint32_t spi_del_a, spi_del_b;
636 /* SPIs of the kept CHILD_SA */
637 uint32_t spi_a, spi_b;
638 } data[] = {
639 { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
640 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
641 { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
642 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
643 };
644
645 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
646 initiate_rekey(a, 1);
647 assert_ipsec_sas_installed(a, 1, 2);
648 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
649 initiate_rekey(b, 2);
650 assert_ipsec_sas_installed(b, 1, 2);
651
652 /* this should never get called as this results in a successful rekeying */
653 assert_hook_not_called(child_updown);
654
655 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
656 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
657 assert_hook_rekey(child_rekey, 2, 5);
658 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
659 assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
660 assert_child_sa_state(b, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
661 assert_ipsec_sas_installed(b, 1, 2, 5);
662 assert_hook();
663 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
664 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
665 assert_hook_rekey(child_rekey, 1, 6);
666 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
667 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
668 assert_child_sa_state(a, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
669 assert_ipsec_sas_installed(a, 1, 2, 6);
670 assert_hook();
671
672 /* delay the CREATE_CHILD_SA response from b to a */
673 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
674
675 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
676 if (data[_i].spi_del_b == 2)
677 {
678 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
679 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
680 assert_hook();
681 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
682 CHILD_OUTBOUND_REGISTERED);
683 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
684 CHILD_OUTBOUND_INSTALLED);
685 }
686 else
687 {
688 assert_hook_not_called(child_rekey);
689 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
690 assert_hook();
691 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
692 CHILD_OUTBOUND_INSTALLED);
693 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
694 CHILD_OUTBOUND_REGISTERED);
695 }
696 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
697 CHILD_OUTBOUND_INSTALLED);
698 assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6);
699
700 /* <-- INFORMATIONAL { D } */
701 assert_hook_not_called(child_rekey);
702 assert_jobs_scheduled(1);
703 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
704 if (data[_i].spi_del_b == 2)
705 {
706 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
707 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
708 CHILD_OUTBOUND_INSTALLED);
709 assert_ipsec_sas_installed(a, 1, 4, 6);
710 }
711 else
712 {
713 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
714 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
715 CHILD_OUTBOUND_NONE);
716 assert_ipsec_sas_installed(a, 1, 2, 6);
717 }
718 assert_child_sa_count(a, 2);
719 assert_scheduler();
720 /* INFORMATIONAL { D } --> */
721 assert_jobs_scheduled(1);
722 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
723 if (data[_i].spi_del_b == 2)
724 {
725 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
726 CHILD_OUTBOUND_REGISTERED);
727 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
728 CHILD_OUTBOUND_INSTALLED);
729 assert_ipsec_sas_installed(b, 2, 4, 5, 6);
730 }
731 else
732 {
733 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
734 CHILD_OUTBOUND_INSTALLED);
735 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
736 CHILD_OUTBOUND_REGISTERED);
737 assert_ipsec_sas_installed(b, 1, 2, 4, 5);
738 }
739 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
740 CHILD_OUTBOUND_NONE);
741 assert_child_sa_count(b, 3);
742 assert_scheduler();
743 assert_hook();
744
745 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } (delayed) */
746 if (data[_i].spi_del_a == 1)
747 {
748 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
749 exchange_test_helper->process_message(exchange_test_helper, a, msg);
750 assert_hook();
751 }
752 else
753 {
754 assert_hook_not_called(child_rekey);
755 exchange_test_helper->process_message(exchange_test_helper, a, msg);
756 assert_hook();
757 }
758 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
759 CHILD_OUTBOUND_INSTALLED);
760 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
761 CHILD_OUTBOUND_NONE);
762 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
763 CHILD_OUTBOUND_INSTALLED);
764 assert_ipsec_sas_installed(a, 1, 3, 5, 6,
765 data[_i].spi_del_a == 1 ? 2 : 4);
766 assert_child_sa_count(a, 3);
767
768 /* we don't expect this hook to get called anymore */
769 assert_hook_not_called(child_rekey);
770 /* INFORMATIONAL { D } --> */
771 assert_jobs_scheduled(1);
772 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
773 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
774 CHILD_OUTBOUND_NONE);
775 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
776 CHILD_OUTBOUND_NONE);
777 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
778 CHILD_OUTBOUND_INSTALLED);
779 assert_ipsec_sas_installed(b, 2, 4, 5,
780 data[_i].spi_del_b == 2 ? 6 : 3);
781 assert_child_sa_count(b, 3);
782 assert_scheduler();
783 /* <-- INFORMATIONAL { D } */
784 assert_jobs_scheduled(1);
785 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
786 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
787 CHILD_OUTBOUND_NONE);
788 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
789 CHILD_OUTBOUND_NONE);
790 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
791 CHILD_OUTBOUND_INSTALLED);
792 assert_child_sa_count(a, 3);
793 assert_ipsec_sas_installed(a, 1, 3, 6,
794 data[_i].spi_del_a == 1 ? 5 : 4);
795 assert_scheduler();
796
797 /* simulate the execution of the scheduled jobs */
798 destroy_rekeyed(a, data[_i].spi_del_a);
799 destroy_rekeyed(a, data[_i].spi_del_b);
800 assert_child_sa_count(a, 1);
801 assert_ipsec_sas_installed(a, data[_i].spi_a, data[_i].spi_b);
802 destroy_rekeyed(b, data[_i].spi_del_a);
803 destroy_rekeyed(b, data[_i].spi_del_b);
804 assert_child_sa_count(b, 1);
805 assert_ipsec_sas_installed(b, data[_i].spi_a, data[_i].spi_b);
806
807 /* child_rekey/child_updown */
808 assert_hook();
809 assert_hook();
810
811 call_ikesa(a, destroy);
812 call_ikesa(b, destroy);
813 }
814 END_TEST
815
816 /**
817 * In this scenario one of the peers does not notice that there is a
818 * rekey collision:
819 *
820 * rekey ----\ /---- rekey
821 * \ /
822 * detect collision <-----\---/
823 * -------\-------->
824 * \ /---- delete old SA
825 * \-/----> detect collision
826 * detect collision <---------/ /---- TEMP_FAIL
827 * delete -----------/---->
828 * aborts rekeying <---------/
829 */
830 START_TEST(test_collision_delayed_request)
831 {
832 ike_sa_t *a, *b;
833 message_t *msg;
834
835 exchange_test_helper->establish_sa(exchange_test_helper,
836 &a, &b, NULL);
837
838 /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
839 * CHILD_SA):
840 * N1/3 -----\ /----- N2/4
841 * N3/5 <-----\--/
842 * ... -----\ \-------> ...
843 * We test this three times, each time a different nonce is the lowest.
844 */
845 struct {
846 /* Nonces used at each point */
847 u_char nonces[3];
848 } data[] = {
849 { { 0x00, 0xFF, 0xFF } },
850 { { 0xFF, 0x00, 0xFF } },
851 { { 0xFF, 0xFF, 0x00 } },
852 };
853
854 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
855 initiate_rekey(a, 1);
856 assert_ipsec_sas_installed(a, 1, 2);
857 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
858 initiate_rekey(b, 2);
859 assert_ipsec_sas_installed(b, 1, 2);
860
861 /* delay the CREATE_CHILD_SA request from a to b */
862 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
863
864 /* this should never get called as this results in a successful rekeying */
865 assert_hook_not_called(child_updown);
866
867 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
868 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
869 assert_hook_rekey(child_rekey, 1, 5);
870 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
871 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
872 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
873 assert_ipsec_sas_installed(a, 1, 2, 5);
874 assert_hook();
875 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
876 assert_hook_rekey(child_rekey, 2, 4);
877 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
878 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
879 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
880 assert_ipsec_sas_installed(b, 1, 2, 4, 5);
881 assert_hook();
882
883 /* we don't expect this hook to get called anymore */
884 assert_hook_not_called(child_rekey);
885
886 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
887 assert_single_notify(OUT, TEMPORARY_FAILURE);
888 exchange_test_helper->process_message(exchange_test_helper, b, msg);
889 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
890 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
891
892 /* <-- INFORMATIONAL { D } */
893 assert_jobs_scheduled(1);
894 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
895 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
896 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
897 assert_child_sa_count(a, 2);
898 assert_ipsec_sas_installed(a, 1, 4, 5);
899 assert_scheduler();
900
901 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
902 assert_no_jobs_scheduled();
903 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
904 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
905 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
906 assert_child_sa_count(a, 2);
907 assert_ipsec_sas_installed(a, 1, 4, 5);
908 assert_scheduler();
909
910 /* INFORMATIONAL { D } --> */
911 assert_jobs_scheduled(1);
912 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
913 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
914 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
915 assert_child_sa_count(b, 2);
916 assert_ipsec_sas_installed(b, 2, 4, 5);
917 assert_scheduler();
918
919 /* simulate the execution of the scheduled jobs */
920 destroy_rekeyed(a, 1);
921 assert_child_sa_count(a, 1);
922 assert_ipsec_sas_installed(a, 4, 5);
923 destroy_rekeyed(b, 2);
924 assert_child_sa_count(b, 1);
925 assert_ipsec_sas_installed(b, 4, 5);
926
927 /* child_rekey/child_updown */
928 assert_hook();
929 assert_hook();
930
931 assert_sa_idle(a);
932 assert_sa_idle(b);
933
934 call_ikesa(a, destroy);
935 call_ikesa(b, destroy);
936 }
937 END_TEST
938
939 /**
940 * Similar to above one peer fails to notice the collision but the
941 * CREATE_CHILD_SA request is even more delayed:
942 *
943 * rekey ----\ /---- rekey
944 * \ /
945 * detect collision <-----\---/
946 * -------\-------->
947 * detect collision <-------\-------- delete old SA
948 * delete ---------\------>
949 * \----->
950 * /---- CHILD_SA_NOT_FOUND
951 * aborts rekeying <----------/
952 */
953 START_TEST(test_collision_delayed_request_more)
954 {
955 ike_sa_t *a, *b;
956 message_t *msg;
957
958 exchange_test_helper->establish_sa(exchange_test_helper,
959 &a, &b, NULL);
960
961 /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
962 * CHILD_SA):
963 * N1/3 -----\ /----- N2/4
964 * N3/5 <-----\--/
965 * ... -----\ \-------> ...
966 * We test this three times, each time a different nonce is the lowest.
967 */
968 struct {
969 /* Nonces used at each point */
970 u_char nonces[3];
971 } data[] = {
972 { { 0x00, 0xFF, 0xFF } },
973 { { 0xFF, 0x00, 0xFF } },
974 { { 0xFF, 0xFF, 0x00 } },
975 };
976
977 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
978 initiate_rekey(a, 1);
979 assert_ipsec_sas_installed(a, 1, 2);
980 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
981 initiate_rekey(b, 2);
982 assert_ipsec_sas_installed(b, 1, 2);
983
984 /* delay the CREATE_CHILD_SA request from a to b */
985 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
986
987 /* this should never get called as this results in a successful rekeying */
988 assert_hook_not_called(child_updown);
989
990 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
991 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
992 assert_hook_rekey(child_rekey, 1, 5);
993 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
994 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
995 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
996 assert_ipsec_sas_installed(a, 1, 2, 5);
997 assert_hook();
998 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
999 assert_hook_rekey(child_rekey, 2, 4);
1000 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1001 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1002 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1003 assert_ipsec_sas_installed(b, 1, 2, 4, 5);
1004 assert_hook();
1005
1006 /* we don't expect this hook to get called anymore */
1007 assert_hook_not_called(child_rekey);
1008
1009 /* <-- INFORMATIONAL { D } */
1010 assert_jobs_scheduled(1);
1011 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1012 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1013 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1014 assert_child_sa_count(a, 2);
1015 assert_ipsec_sas_installed(a, 1, 4, 5);
1016 assert_scheduler();
1017 /* INFORMATIONAL { D } --> */
1018 assert_jobs_scheduled(1);
1019 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1020 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1021 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1022 assert_child_sa_count(b, 2);
1023 assert_ipsec_sas_installed(b, 2, 4, 5);
1024 assert_scheduler();
1025
1026 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1027 assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
1028 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1029 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1030 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1031 assert_child_sa_count(b, 2);
1032 assert_ipsec_sas_installed(b, 2, 4, 5);
1033 /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
1034 assert_no_jobs_scheduled();
1035 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1036 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1037 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1038 assert_child_sa_count(a, 2);
1039 assert_ipsec_sas_installed(a, 1, 4, 5);
1040 assert_scheduler();
1041
1042 /* simulate the execution of the scheduled jobs */
1043 destroy_rekeyed(a, 1);
1044 assert_child_sa_count(a, 1);
1045 assert_ipsec_sas_installed(a, 4, 5);
1046 destroy_rekeyed(b, 2);
1047 assert_child_sa_count(b, 1);
1048 assert_ipsec_sas_installed(b, 4, 5);
1049
1050 /* child_rekey/child_updown */
1051 assert_hook();
1052 assert_hook();
1053
1054 assert_sa_idle(a);
1055 assert_sa_idle(b);
1056
1057 call_ikesa(a, destroy);
1058 call_ikesa(b, destroy);
1059 }
1060 END_TEST
1061
1062 /**
1063 * Both peers initiate the CHILD_SA reekying concurrently but the proposed DH
1064 * groups are not the same after handling the INVALID_KE_PAYLOAD they should
1065 * still handle the collision properly depending on the nonces.
1066 */
1067 START_TEST(test_collision_ke_invalid)
1068 {
1069 exchange_test_sa_conf_t conf = {
1070 .initiator = {
1071 .esp = "aes128-sha256-modp2048-modp3072",
1072 },
1073 .responder = {
1074 .esp = "aes128-sha256-modp3072-modp2048",
1075 },
1076 };
1077 ike_sa_t *a, *b;
1078
1079 exchange_test_helper->establish_sa(exchange_test_helper,
1080 &a, &b, &conf);
1081
1082 /* Eight nonces and SPIs are needed (SPI 1 and 2 are used for the initial
1083 * CHILD_SA):
1084 * N1/3 -----\ /----- N2/4
1085 * \--/-----> N3/5
1086 * N4/6 <-------/ /---- INVAL_KE
1087 * INVAL_KE -----\ /
1088 * <-----\--/
1089 * N5/7 -----\ \------->
1090 * \ /---- N6/8
1091 * \--/----> N7/9
1092 * N8/10 <--------/ /---- ...
1093 * ... ------\
1094 *
1095 * We test this four times, each time a different nonce is the lowest.
1096 */
1097 struct {
1098 /* Nonces used at each point */
1099 u_char nonces[4];
1100 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
1101 uint32_t spi_del_a, spi_del_b;
1102 /* SPIs of the kept CHILD_SA */
1103 uint32_t spi_a, spi_b;
1104 } data[] = {
1105 { { 0x00, 0xFF, 0xFF, 0xFF }, 7, 2,10, 8 },
1106 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 8, 7, 9 },
1107 { { 0xFF, 0xFF, 0x00, 0xFF }, 7, 2,10, 8 },
1108 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 8, 7, 9 },
1109 };
1110
1111 /* make sure the nonces of the first try don't affect the retries */
1112 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1113 initiate_rekey(a, 1);
1114 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1115 initiate_rekey(b, 2);
1116
1117 /* this should never get called as this results in a successful rekeying */
1118 assert_hook_not_called(child_updown);
1119
1120 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1121 assert_hook_not_called(child_rekey);
1122 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1123 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1124 assert_child_sa_count(b, 1);
1125 assert_hook();
1126 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1127 assert_hook_not_called(child_rekey);
1128 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1129 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1130 assert_child_sa_count(a, 1);
1131 assert_hook();
1132
1133 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
1134 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1135 assert_hook_not_called(child_rekey);
1136 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1137 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1138 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1139 assert_child_sa_count(a, 1);
1140 assert_hook();
1141 /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
1142 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1143 assert_hook_not_called(child_rekey);
1144 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1145 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1146 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1147 assert_child_sa_count(b, 1);
1148 assert_hook();
1149
1150 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1151 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1152 assert_hook_rekey(child_rekey, 2, 9);
1153 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1154 assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1155 assert_child_sa_state(b, 9, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1156 assert_hook();
1157 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1158 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
1159 assert_hook_rekey(child_rekey, 1, 10);
1160 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1161 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1162 assert_child_sa_state(a,10, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1163 assert_hook();
1164
1165 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
1166 if (data[_i].spi_del_a == 1)
1167 { /* currently we call this again if we keep our own replacement as we
1168 * already called it above */
1169 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
1170 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1171 assert_hook();
1172 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
1173 CHILD_OUTBOUND_REGISTERED);
1174 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1175 CHILD_OUTBOUND_INSTALLED);
1176 }
1177 else
1178 {
1179 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1180 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
1181 CHILD_OUTBOUND_INSTALLED);
1182 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1183 CHILD_OUTBOUND_REGISTERED);
1184 }
1185 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
1186 CHILD_OUTBOUND_INSTALLED);
1187 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
1188 if (data[_i].spi_del_b == 2)
1189 {
1190 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
1191 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1192 assert_hook();
1193 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
1194 CHILD_OUTBOUND_REGISTERED);
1195 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1196 CHILD_OUTBOUND_INSTALLED);
1197 }
1198 else
1199 {
1200 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1201 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
1202 CHILD_OUTBOUND_INSTALLED);
1203 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1204 CHILD_OUTBOUND_REGISTERED);
1205 }
1206 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
1207 CHILD_OUTBOUND_INSTALLED);
1208
1209 /* we don't expect this hook to get called anymore */
1210 assert_hook_not_called(child_rekey);
1211 /* INFORMATIONAL { D } --> */
1212 assert_jobs_scheduled(1);
1213 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1214 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
1215 CHILD_OUTBOUND_INSTALLED);
1216 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
1217 CHILD_OUTBOUND_NONE);
1218 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1219 CHILD_OUTBOUND_INSTALLED);
1220 assert_child_sa_count(b, 3);
1221 assert_scheduler();
1222 /* <-- INFORMATIONAL { D } */
1223 assert_jobs_scheduled(1);
1224 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1225 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
1226 CHILD_OUTBOUND_INSTALLED);
1227 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
1228 CHILD_OUTBOUND_NONE);
1229 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1230 CHILD_OUTBOUND_INSTALLED);
1231 assert_child_sa_count(a, 3);
1232 assert_scheduler();
1233 /* <-- INFORMATIONAL { D } */
1234 assert_jobs_scheduled(1);
1235 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1236 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
1237 CHILD_OUTBOUND_NONE);
1238 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETING,
1239 CHILD_OUTBOUND_NONE);
1240 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1241 CHILD_OUTBOUND_INSTALLED);
1242 assert_child_sa_count(a, 3);
1243 assert_scheduler();
1244 /* INFORMATIONAL { D } --> */
1245 assert_jobs_scheduled(1);
1246 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1247 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
1248 CHILD_OUTBOUND_NONE);
1249 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETING,
1250 CHILD_OUTBOUND_NONE);
1251 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1252 CHILD_OUTBOUND_INSTALLED);
1253 assert_child_sa_count(b, 3);
1254 assert_scheduler();
1255
1256 /* simulate the execution of the scheduled jobs */
1257 destroy_rekeyed(a, data[_i].spi_del_a);
1258 destroy_rekeyed(a, data[_i].spi_del_b);
1259 assert_child_sa_count(a, 1);
1260 assert_ipsec_sas_installed(a, data[_i].spi_a, data[_i].spi_b);
1261 destroy_rekeyed(b, data[_i].spi_del_a);
1262 destroy_rekeyed(b, data[_i].spi_del_b);
1263 assert_child_sa_count(b, 1);
1264 assert_ipsec_sas_installed(b, data[_i].spi_a, data[_i].spi_b);
1265
1266 /* child_rekey/child_updown */
1267 assert_hook();
1268 assert_hook();
1269
1270 assert_sa_idle(a);
1271 assert_sa_idle(b);
1272
1273 call_ikesa(a, destroy);
1274 call_ikesa(b, destroy);
1275 }
1276 END_TEST
1277
1278 /**
1279 * This is a variation of the above but with the retry by one peer delayed so
1280 * that to the other peer it looks like there is no collision.
1281 */
1282 START_TEST(test_collision_ke_invalid_delayed_retry)
1283 {
1284 exchange_test_sa_conf_t conf = {
1285 .initiator = {
1286 .esp = "aes128-sha256-modp2048-modp3072",
1287 },
1288 .responder = {
1289 .esp = "aes128-sha256-modp3072-modp2048",
1290 },
1291 };
1292 ike_sa_t *a, *b;
1293 message_t *msg;
1294
1295 exchange_test_helper->establish_sa(exchange_test_helper,
1296 &a, &b, &conf);
1297
1298 /* Seven nonces and SPIs are needed (SPI 1 and 2 are used for the initial
1299 * CHILD_SA):
1300 * N1/3 -----\ /----- N2/4
1301 * \--/-----> N3/5
1302 * N4/6 <-------/ /---- INVAL_KE
1303 * INVAL_KE -----\ /
1304 * <-----\--/
1305 * N5/7 -----\ \------->
1306 * <-----\--------- N6/8
1307 * N7/9 -------\------->
1308 * <-------\------- DELETE
1309 * ... ------\ \----->
1310 * /---- TEMP_FAIL
1311 *
1312 * We test this three times, each time a different nonce is the lowest.
1313 */
1314 struct {
1315 /* Nonces used at each point */
1316 u_char nonces[3];
1317 } data[] = {
1318 { { 0x00, 0xFF, 0xFF } },
1319 { { 0xFF, 0x00, 0xFF } },
1320 { { 0xFF, 0xFF, 0x00 } },
1321 };
1322
1323 /* make sure the nonces of the first try don't affect the retries */
1324 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1325 initiate_rekey(a, 1);
1326 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1327 initiate_rekey(b, 2);
1328
1329 /* this should never get called as this results in a successful rekeying */
1330 assert_hook_not_called(child_updown);
1331
1332 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1333 assert_hook_not_called(child_rekey);
1334 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1335 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1336 assert_child_sa_count(b, 1);
1337 assert_hook();
1338 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1339 assert_hook_not_called(child_rekey);
1340 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1341 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1342 assert_child_sa_count(a, 1);
1343 assert_hook();
1344
1345 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
1346 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1347 assert_hook_not_called(child_rekey);
1348 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1349 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1350 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1351 assert_child_sa_count(a, 1);
1352 assert_hook();
1353 /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
1354 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1355 assert_hook_not_called(child_rekey);
1356 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1357 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1358 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1359 assert_child_sa_count(b, 1);
1360 assert_hook();
1361
1362 /* delay the CREATE_CHILD_SA request from a to b */
1363 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1364
1365 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1366 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1367 assert_hook_rekey(child_rekey, 1, 9);
1368 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1369 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1370 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1371 assert_hook();
1372 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
1373 assert_hook_rekey(child_rekey, 2, 8);
1374 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1375 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1376 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1377 assert_hook();
1378
1379 /* we don't expect this hook to get called anymore */
1380 assert_hook_not_called(child_rekey);
1381
1382 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
1383 assert_single_notify(OUT, TEMPORARY_FAILURE);
1384 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1385 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1386 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1387
1388 /* <-- INFORMATIONAL { D } */
1389 assert_jobs_scheduled(1);
1390 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1391 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1392 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1393 assert_child_sa_count(a, 2);
1394 assert_scheduler();
1395
1396 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1397 assert_no_jobs_scheduled();
1398 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1399 assert_child_sa_state(a, 1, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1400 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1401 assert_child_sa_count(a, 2);
1402 assert_scheduler();
1403
1404 /* INFORMATIONAL { D } --> */
1405 assert_jobs_scheduled(1);
1406 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1407 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_NONE);
1408 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1409 assert_child_sa_count(b, 2);
1410 assert_scheduler();
1411
1412 /* simulate the execution of the scheduled jobs */
1413 destroy_rekeyed(a, 1);
1414 assert_child_sa_count(a, 1);
1415 assert_ipsec_sas_installed(a, 8, 9);
1416 destroy_rekeyed(b, 2);
1417 assert_child_sa_count(b, 1);
1418 assert_ipsec_sas_installed(b, 8, 9);
1419
1420 /* child_rekey/child_updown */
1421 assert_hook();
1422 assert_hook();
1423
1424 assert_sa_idle(a);
1425 assert_sa_idle(b);
1426
1427 call_ikesa(a, destroy);
1428 call_ikesa(b, destroy);
1429 }
1430 END_TEST
1431
1432 /**
1433 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1434 * concurrently trying to rekey.
1435 *
1436 * rekey ----\ /---- delete
1437 * \-----/----> detect collision
1438 * detect collision <---------/ /---- TEMP_FAIL
1439 * delete ----\ /
1440 * \----/----->
1441 * aborts rekeying <--------/
1442 */
1443 START_TEST(test_collision_delete)
1444 {
1445 ike_sa_t *a, *b;
1446 uint32_t spi_a = _i+1, spi_b = 2-_i;
1447
1448 if (_i)
1449 { /* responder rekeys the CHILD_SA (SPI 2) */
1450 exchange_test_helper->establish_sa(exchange_test_helper,
1451 &b, &a, NULL);
1452 }
1453 else
1454 { /* initiator rekeys the CHILD_SA (SPI 1) */
1455 exchange_test_helper->establish_sa(exchange_test_helper,
1456 &a, &b, NULL);
1457 }
1458 initiate_rekey(a, spi_a);
1459 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1460 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1461
1462 /* this should never get called as there is no successful rekeying on
1463 * either side */
1464 assert_hook_not_called(child_rekey);
1465
1466 /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
1467 * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1468 */
1469
1470 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1471 assert_hook_not_called(child_updown);
1472 assert_notify(IN, REKEY_SA);
1473 assert_single_notify(OUT, TEMPORARY_FAILURE);
1474 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1475 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1476 assert_hook();
1477
1478 /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
1479 * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
1480 * payload.
1481 */
1482
1483 /* <-- INFORMATIONAL { D } */
1484 assert_hook_updown(child_updown, FALSE);
1485 assert_single_payload(IN, PLV2_DELETE);
1486 assert_single_payload(OUT, PLV2_DELETE);
1487 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1488 assert_child_sa_count(a, 0);
1489 assert_hook();
1490
1491 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1492 assert_hook_not_called(child_updown);
1493 /* we don't expect a job to retry the rekeying */
1494 assert_no_jobs_scheduled();
1495 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1496 assert_scheduler();
1497 assert_hook();
1498
1499 /* INFORMATIONAL { D } --> */
1500 assert_hook_updown(child_updown, FALSE);
1501 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1502 assert_child_sa_count(b, 0);
1503 assert_hook();
1504
1505 /* child_rekey */
1506 assert_hook();
1507
1508 assert_sa_idle(a);
1509 assert_sa_idle(b);
1510
1511 call_ikesa(a, destroy);
1512 call_ikesa(b, destroy);
1513 }
1514 END_TEST
1515
1516 /**
1517 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1518 * concurrently trying to rekey. However, the delete request is delayed or
1519 * dropped, so the peer doing the rekeying is unaware of the collision.
1520 *
1521 * rekey ----\ /---- delete
1522 * \-----/----> detect collision
1523 * reschedule <---------/------ TEMP_FAIL
1524 * <--------/
1525 * delete ---------------->
1526 *
1527 * The job will not find the SA to retry rekeying.
1528 */
1529 START_TEST(test_collision_delete_drop_delete)
1530 {
1531 ike_sa_t *a, *b;
1532 message_t *msg;
1533 uint32_t spi_a = _i+1, spi_b = 2-_i;
1534
1535 if (_i)
1536 { /* responder rekeys the CHILD_SA (SPI 2) */
1537 exchange_test_helper->establish_sa(exchange_test_helper,
1538 &b, &a, NULL);
1539 }
1540 else
1541 { /* initiator rekeys the CHILD_SA (SPI 1) */
1542 exchange_test_helper->establish_sa(exchange_test_helper,
1543 &a, &b, NULL);
1544 }
1545 initiate_rekey(a, spi_a);
1546 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1547 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1548
1549 /* this should never get called as there is no successful rekeying on
1550 * either side */
1551 assert_hook_not_called(child_rekey);
1552
1553 /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
1554 * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1555 */
1556
1557 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1558 assert_hook_not_called(child_updown);
1559 assert_notify(IN, REKEY_SA);
1560 assert_single_notify(OUT, TEMPORARY_FAILURE);
1561 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1562 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1563 assert_hook();
1564
1565 /* delay the DELETE request */
1566 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1567
1568 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1569 assert_hook_not_called(child_updown);
1570 /* we expect a job to retry the rekeying is scheduled */
1571 assert_jobs_scheduled(1);
1572 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1573 assert_child_sa_state(a, spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1574 assert_scheduler();
1575 assert_hook();
1576
1577 /* <-- INFORMATIONAL { D } (delayed) */
1578 assert_hook_updown(child_updown, FALSE);
1579 assert_single_payload(IN, PLV2_DELETE);
1580 assert_single_payload(OUT, PLV2_DELETE);
1581 exchange_test_helper->process_message(exchange_test_helper, a, msg);
1582 assert_child_sa_count(a, 0);
1583 assert_hook();
1584
1585 /* INFORMATIONAL { D } --> */
1586 assert_hook_updown(child_updown, FALSE);
1587 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1588 assert_child_sa_count(b, 0);
1589 assert_hook();
1590
1591 /* child_rekey */
1592 assert_hook();
1593
1594 assert_sa_idle(a);
1595 assert_sa_idle(b);
1596
1597 call_ikesa(a, destroy);
1598 call_ikesa(b, destroy);
1599 }
1600 END_TEST
1601
1602 /**
1603 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1604 * concurrently trying to rekey. However, the rekey request is delayed or
1605 * dropped, so the peer doing the deleting is unaware of the collision.
1606 *
1607 * rekey ----\ /---- delete
1608 * detect collision <----\-----/
1609 * delete ------\--------->
1610 * \-------->
1611 * /---- CHILD_SA_NOT_FOUND
1612 * aborts rekeying <----------/
1613 */
1614 START_TEST(test_collision_delete_drop_rekey)
1615 {
1616 ike_sa_t *a, *b;
1617 message_t *msg;
1618 uint32_t spi_a = _i+1, spi_b = 2-_i;
1619
1620 if (_i)
1621 { /* responder rekeys the CHILD_SA (SPI 2) */
1622 exchange_test_helper->establish_sa(exchange_test_helper,
1623 &b, &a, NULL);
1624 }
1625 else
1626 { /* initiator rekeys the CHILD_SA (SPI 1) */
1627 exchange_test_helper->establish_sa(exchange_test_helper,
1628 &a, &b, NULL);
1629 }
1630 initiate_rekey(a, spi_a);
1631 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1632 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1633
1634 /* this should never get called as there is no successful rekeying on
1635 * either side */
1636 assert_hook_not_called(child_rekey);
1637
1638 /* delay the CREATE_CHILD_SA request */
1639 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1640
1641 /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
1642 * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
1643 * payload.
1644 */
1645
1646 /* <-- INFORMATIONAL { D } */
1647 assert_hook_updown(child_updown, FALSE);
1648 assert_single_payload(IN, PLV2_DELETE);
1649 assert_single_payload(OUT, PLV2_DELETE);
1650 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1651 assert_child_sa_count(a, 0);
1652 assert_hook();
1653
1654 /* INFORMATIONAL { D } --> */
1655 assert_hook_updown(child_updown, FALSE);
1656 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1657 assert_child_sa_count(b, 0);
1658 assert_hook();
1659
1660 /* RFC 7296, 2.25.1: If a peer receives a to rekey a Child SA that does not
1661 * exist, it SHOULD reply with CHILD_SA_NOT_FOUND.
1662 */
1663
1664 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
1665 assert_hook_not_called(child_updown);
1666 assert_notify(IN, REKEY_SA);
1667 assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
1668 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1669 assert_hook();
1670
1671 /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
1672 assert_hook_not_called(child_updown);
1673 /* no jobs or tasks should get scheduled/queued */
1674 assert_no_jobs_scheduled();
1675 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1676 assert_scheduler();
1677 assert_hook();
1678
1679 /* child_rekey */
1680 assert_hook();
1681
1682 assert_sa_idle(a);
1683 assert_sa_idle(b);
1684
1685 call_ikesa(a, destroy);
1686 call_ikesa(b, destroy);
1687 }
1688 END_TEST
1689
1690 /**
1691 * FIXME: Not sure what we can do about the following:
1692 *
1693 * One of the hosts initiates a rekeying of a CHILD_SA and after responding to
1694 * it the other peer deletes the new SA. However, the rekey response is
1695 * delayed or dropped, so the peer doing the rekeying receives a delete for an
1696 * unknown CHILD_SA and then has a rekeyed CHILD_SA that should not exist.
1697 *
1698 * rekey ---------------->
1699 * /---- rekey
1700 * unknown SA <----------/----- delete new SA
1701 * ----------/----->
1702 * <--------/
1703 *
1704 * The peers' states are now out of sync.
1705 *
1706 * Perhaps the rekey initiator could keep track of deletes for non-existing SAs
1707 * while rekeying and then check against the SPIs when handling the
1708 * CREATE_CHILD_SA response.
1709 */
1710
1711
1712 /**
1713 * One of the hosts initiates a rekey of the IKE_SA of the CHILD_SA the other
1714 * peer is concurrently trying to rekey.
1715 *
1716 * rekey ----\ /---- rekey IKE
1717 * \-----/----> detect collision
1718 * detect collision <---------/ /---- TEMP_FAIL
1719 * TEMP_FAIL ----\ /
1720 * \----/----->
1721 * <--------/
1722 */
1723 START_TEST(test_collision_ike_rekey)
1724 {
1725 ike_sa_t *a, *b;
1726 uint32_t spi_a = _i+1;
1727
1728 if (_i)
1729 { /* responder rekeys the CHILD_SA (SPI 2) */
1730 exchange_test_helper->establish_sa(exchange_test_helper,
1731 &b, &a, NULL);
1732 }
1733 else
1734 { /* initiator rekeys the CHILD_SA (SPI 1) */
1735 exchange_test_helper->establish_sa(exchange_test_helper,
1736 &a, &b, NULL);
1737 }
1738 initiate_rekey(a, spi_a);
1739 call_ikesa(b, rekey);
1740 assert_ike_sa_state(b, IKE_REKEYING);
1741
1742 /* these should never get called as there is no successful rekeying on
1743 * either side */
1744 assert_hook_not_called(ike_rekey);
1745 assert_hook_not_called(child_rekey);
1746
1747 /* RFC 7296, 2.25.2: If a peer receives a request to rekey a CHILD_SA when
1748 * it is currently rekeying the IKE SA, it SHOULD reply with
1749 * TEMPORARY_FAILURE.
1750 */
1751
1752 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1753 assert_single_notify(OUT, TEMPORARY_FAILURE);
1754 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1755 assert_ike_sa_state(b, IKE_REKEYING);
1756
1757 /* RFC 7296, 2.25.1: If a peer receives a request to rekey the IKE SA, and
1758 * it is currently, rekeying, or closing a Child SA of that IKE SA, it
1759 * SHOULD reply with TEMPORARY_FAILURE.
1760 */
1761
1762 /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
1763 assert_single_notify(OUT, TEMPORARY_FAILURE);
1764 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1765 assert_child_sa_state(a, spi_a, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1766
1767 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1768 /* we expect a job to retry the rekeying is scheduled */
1769 assert_jobs_scheduled(1);
1770 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1771 assert_child_sa_state(a, spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1772 assert_scheduler();
1773
1774 /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */
1775 /* we expect a job to retry the rekeying is scheduled */
1776 assert_jobs_scheduled(1);
1777 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1778 assert_ike_sa_state(b, IKE_ESTABLISHED);
1779 assert_scheduler();
1780
1781 /* ike_rekey/child_rekey */
1782 assert_hook();
1783 assert_hook();
1784
1785 assert_sa_idle(a);
1786 assert_sa_idle(b);
1787
1788 call_ikesa(a, destroy);
1789 call_ikesa(b, destroy);
1790 }
1791 END_TEST
1792
1793 /**
1794 * One of the hosts initiates a delete of the IKE_SA of the CHILD_SA the other
1795 * peer is concurrently trying to rekey.
1796 *
1797 * rekey ----\ /---- delete IKE
1798 * \-----/----> detect collision
1799 * <---------/ /---- TEMP_FAIL
1800 * delete ----\ /
1801 * \----/----->
1802 * sa already gone <--------/
1803 */
1804 START_TEST(test_collision_ike_delete)
1805 {
1806 ike_sa_t *a, *b;
1807 uint32_t spi_a = _i+1;
1808 message_t *msg;
1809 status_t s;
1810
1811 if (_i)
1812 { /* responder rekeys the CHILD_SA (SPI 2) */
1813 exchange_test_helper->establish_sa(exchange_test_helper,
1814 &b, &a, NULL);
1815 }
1816 else
1817 { /* initiator rekeys the CHILD_SA (SPI 1) */
1818 exchange_test_helper->establish_sa(exchange_test_helper,
1819 &a, &b, NULL);
1820 }
1821 initiate_rekey(a, spi_a);
1822 call_ikesa(b, delete);
1823 assert_ike_sa_state(b, IKE_DELETING);
1824
1825 /* this should never get called as there is no successful rekeying on
1826 * either side */
1827 assert_hook_not_called(child_rekey);
1828
1829 /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if
1830 * a peer receives a request to rekey a CHILD_SA when it is currently
1831 * closing the IKE SA. We expect a TEMPORARY_FAILURE notify.
1832 */
1833
1834 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1835 assert_single_notify(OUT, TEMPORARY_FAILURE);
1836 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1837 assert_ike_sa_state(b, IKE_DELETING);
1838
1839 /* RFC 7296, 2.25.1 does not explicitly state what the behavior SHOULD be if
1840 * a peer receives a request to close the IKE SA if it is currently rekeying
1841 * a Child SA of that IKE SA. Let's just close the IKE_SA and forget the
1842 * rekeying.
1843 */
1844
1845 /* <-- INFORMATIONAL { D } */
1846 assert_hook_updown(ike_updown, FALSE);
1847 assert_hook_updown(child_updown, FALSE);
1848 assert_message_empty(OUT);
1849 s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1850 ck_assert_int_eq(DESTROY_ME, s);
1851 call_ikesa(a, destroy);
1852 assert_hook();
1853 assert_hook();
1854
1855 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1856 /* the SA is already gone */
1857 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1858 msg->destroy(msg);
1859
1860 /* INFORMATIONAL { } --> */
1861 assert_hook_updown(ike_updown, FALSE);
1862 assert_hook_updown(child_updown, FALSE);
1863 s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1864 ck_assert_int_eq(DESTROY_ME, s);
1865 call_ikesa(b, destroy);
1866 assert_hook();
1867 assert_hook();
1868
1869 /* child_rekey */
1870 assert_hook();
1871 }
1872 END_TEST
1873
1874 Suite *child_rekey_suite_create()
1875 {
1876 Suite *s;
1877 TCase *tc;
1878
1879 s = suite_create("child rekey");
1880
1881 tc = tcase_create("regular");
1882 tcase_add_loop_test(tc, test_regular, 0, 2);
1883 tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2);
1884 tcase_add_test(tc, test_regular_responder_ignore_soft_expire);
1885 tcase_add_test(tc, test_regular_responder_handle_hard_expire);
1886 suite_add_tcase(s, tc);
1887
1888 tc = tcase_create("collisions rekey");
1889 tcase_add_loop_test(tc, test_collision, 0, 4);
1890 tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4);
1891 tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3);
1892 tcase_add_loop_test(tc, test_collision_delayed_request_more, 0, 3);
1893 tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4);
1894 tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3);
1895 suite_add_tcase(s, tc);
1896
1897 tc = tcase_create("collisions delete");
1898 tcase_add_loop_test(tc, test_collision_delete, 0, 2);
1899 tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2);
1900 tcase_add_loop_test(tc, test_collision_delete_drop_rekey, 0, 2);
1901 suite_add_tcase(s, tc);
1902
1903 tc = tcase_create("collisions ike rekey");
1904 tcase_add_loop_test(tc, test_collision_ike_rekey, 0, 2);
1905 suite_add_tcase(s, tc);
1906
1907 tc = tcase_create("collisions ike delete");
1908 tcase_add_loop_test(tc, test_collision_ike_delete, 0, 2);
1909 suite_add_tcase(s, tc);
1910
1911 return s;
1912 }
strongSwan - IPsec VPN