kernel-netlink: Support extended table IDs for custom routes
[strongswan.git] / src / libcharon / tests / suites / test_child_rekey.c
1 /*
2 * Copyright (C) 2016-2017 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <daemon.h>
19 #include <tests/utils/exchange_test_helper.h>
20 #include <tests/utils/exchange_test_asserts.h>
21 #include <tests/utils/job_asserts.h>
22 #include <tests/utils/sa_asserts.h>
23
24 /**
25 * Initiate rekeying the CHILD_SA with the given SPI on the given IKE_SA.
26 */
27 #define initiate_rekey(sa, spi) ({ \
28 assert_hook_not_called(child_updown); \
29 assert_hook_not_called(child_rekey); \
30 call_ikesa(sa, rekey_child_sa, PROTO_ESP, spi); \
31 assert_child_sa_state(sa, spi, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED); \
32 assert_hook(); \
33 assert_hook(); \
34 })
35
36 /**
37 * Destroy a rekeyed CHILD_SA that was kept around to accept inbound traffic.
38 * Simulates the job that's scheduled to do this.
39 */
40 #define destroy_rekeyed(sa, spi) ({ \
41 assert_hook_not_called(child_updown); \
42 assert_hook_not_called(child_rekey); \
43 assert_no_jobs_scheduled(); \
44 assert_child_sa_state(sa, spi, CHILD_DELETED, CHILD_OUTBOUND_NONE); \
45 call_ikesa(sa, delete_child_sa, PROTO_ESP, spi, FALSE); \
46 assert_child_sa_not_exists(sa, spi); \
47 assert_scheduler(); \
48 assert_hook(); \
49 assert_hook(); \
50 })
51
52 /**
53 * Regular CHILD_SA rekey either initiated by the original initiator or
54 * responder of the IKE_SA.
55 */
56 START_TEST(test_regular)
57 {
58 ike_sa_t *a, *b;
59 uint32_t spi_a = _i+1, spi_b = 2-_i;
60
61 if (_i)
62 { /* responder rekeys the CHILD_SA (SPI 2) */
63 exchange_test_helper->establish_sa(exchange_test_helper,
64 &b, &a, NULL);
65 }
66 else
67 { /* initiator rekeys the CHILD_SA (SPI 1) */
68 exchange_test_helper->establish_sa(exchange_test_helper,
69 &a, &b, NULL);
70 }
71 initiate_rekey(a, spi_a);
72 assert_ipsec_sas_installed(a, spi_a, spi_b);
73
74 /* this should never get called as this results in a successful rekeying */
75 assert_hook_not_called(child_updown);
76
77 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
78 assert_hook_called(child_rekey);
79 assert_notify(IN, REKEY_SA);
80 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
81 assert_child_sa_state(b, spi_b, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
82 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
83 assert_ipsec_sas_installed(b, spi_a, spi_b, 4);
84 assert_hook();
85
86 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
87 assert_hook_called(child_rekey);
88 assert_no_notify(IN, REKEY_SA);
89 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
90 assert_child_sa_state(a, spi_a, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
91 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
92 assert_ipsec_sas_installed(a, spi_a, spi_b, 3, 4);
93 assert_hook();
94
95 /* INFORMATIONAL { D } --> */
96 assert_hook_not_called(child_rekey);
97 assert_jobs_scheduled(1);
98 assert_single_payload(IN, PLV2_DELETE);
99 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
100 assert_child_sa_state(b, spi_b, CHILD_DELETED, CHILD_OUTBOUND_NONE);
101 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
102 assert_child_sa_count(b, 2);
103 assert_ipsec_sas_installed(b, spi_b, 3, 4);
104 assert_scheduler();
105 assert_hook();
106 /* <-- INFORMATIONAL { D } */
107 assert_hook_not_called(child_rekey);
108 assert_jobs_scheduled(1);
109 assert_single_payload(IN, PLV2_DELETE);
110 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
111 assert_child_sa_state(a, spi_a, CHILD_DELETED, CHILD_OUTBOUND_NONE);
112 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
113 assert_child_sa_count(a, 2);
114 assert_ipsec_sas_installed(a, spi_a, 3, 4);
115 assert_scheduler();
116 assert_hook();
117
118 /* simulate the execution of the scheduled jobs */
119 destroy_rekeyed(a, spi_a);
120 assert_child_sa_count(a, 1);
121 assert_ipsec_sas_installed(a, 3, 4);
122 destroy_rekeyed(b, spi_b);
123 assert_child_sa_count(b, 1);
124 assert_ipsec_sas_installed(a, 3, 4);
125
126 /* child_updown */
127 assert_hook();
128
129 call_ikesa(a, destroy);
130 call_ikesa(b, destroy);
131 }
132 END_TEST
133
134 /**
135 * CHILD_SA rekey where the responder does not agree with the DH group selected
136 * by the initiator, either initiated by the original initiator or responder of
137 * the IKE_SA.
138 */
139 START_TEST(test_regular_ke_invalid)
140 {
141 exchange_test_sa_conf_t conf = {
142 .initiator = {
143 .esp = "aes128-sha256-modp2048-modp3072",
144 },
145 .responder = {
146 .esp = "aes128-sha256-modp3072-modp2048",
147 },
148 };
149 ike_sa_t *a, *b;
150 uint32_t spi_a = _i+1, spi_b = 2-_i;
151
152 if (_i)
153 { /* responder rekeys the CHILD_SA (SPI 2) */
154 exchange_test_helper->establish_sa(exchange_test_helper,
155 &b, &a, &conf);
156 }
157 else
158 { /* initiator rekeys the CHILD_SA (SPI 1) */
159 exchange_test_helper->establish_sa(exchange_test_helper,
160 &a, &b, &conf);
161 }
162 initiate_rekey(a, spi_a);
163 assert_ipsec_sas_installed(a, spi_a, spi_b);
164
165 /* this should never get called as this results in a successful rekeying */
166 assert_hook_not_called(child_updown);
167
168 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
169 assert_hook_not_called(child_rekey);
170 assert_notify(IN, REKEY_SA);
171 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
172 assert_child_sa_state(b, spi_b, CHILD_INSTALLED);
173 assert_child_sa_count(b, 1);
174 assert_ipsec_sas_installed(b, spi_a, spi_b);
175 assert_hook();
176
177 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
178 assert_hook_not_called(child_rekey);
179 assert_single_notify(IN, INVALID_KE_PAYLOAD);
180 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
181 assert_child_sa_state(a, spi_a, CHILD_REKEYING);
182 assert_child_sa_count(a, 1);
183 assert_ipsec_sas_installed(a, spi_a, spi_b);
184 assert_hook();
185
186 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
187 assert_hook_called(child_rekey);
188 assert_notify(IN, REKEY_SA);
189 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
190 assert_child_sa_state(b, spi_b, CHILD_REKEYED);
191 assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
192 assert_ipsec_sas_installed(b, spi_a, spi_b, 6);
193 assert_hook();
194
195 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
196 assert_hook_called(child_rekey);
197 assert_no_notify(IN, REKEY_SA);
198 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
199 assert_child_sa_state(a, spi_a, CHILD_DELETING);
200 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
201 assert_ipsec_sas_installed(a, spi_a, spi_b, 5, 6);
202 assert_hook();
203
204 /* INFORMATIONAL { D } --> */
205 assert_hook_not_called(child_rekey);
206 assert_single_payload(IN, PLV2_DELETE);
207 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
208 assert_child_sa_state(b, spi_b, CHILD_DELETED, CHILD_OUTBOUND_NONE);
209 assert_child_sa_state(b, 6, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
210 assert_child_sa_count(b, 2);
211 assert_ipsec_sas_installed(b, spi_b, 5, 6);
212 assert_hook();
213 /* <-- INFORMATIONAL { D } */
214 assert_hook_not_called(child_rekey);
215 assert_single_payload(IN, PLV2_DELETE);
216 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
217 assert_child_sa_state(a, spi_a, CHILD_DELETED, CHILD_OUTBOUND_NONE);
218 assert_child_sa_state(a, 5, CHILD_INSTALLED);
219 assert_child_sa_count(a, 2);
220 assert_ipsec_sas_installed(a, spi_a, 5, 6);
221 assert_hook();
222
223 /* simulate the execution of the scheduled jobs */
224 destroy_rekeyed(a, spi_a);
225 assert_child_sa_count(a, 1);
226 assert_ipsec_sas_installed(a, 5, 6);
227 destroy_rekeyed(b, spi_b);
228 assert_child_sa_count(b, 1);
229 assert_ipsec_sas_installed(b, 5, 6);
230
231 /* child_updown */
232 assert_hook();
233
234 /* because the DH group should get reused another rekeying should complete
235 * without additional exchange */
236 initiate_rekey(a, 5);
237 /* this should never get called as this results in a successful rekeying */
238 assert_hook_not_called(child_updown);
239
240 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
241 assert_hook_called(child_rekey);
242 assert_notify(IN, REKEY_SA);
243 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
244 assert_child_sa_state(b, 6, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
245 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
246 assert_ipsec_sas_installed(b, 5, 6, 8);
247 assert_hook();
248
249 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
250 assert_hook_called(child_rekey);
251 assert_no_notify(IN, REKEY_SA);
252 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
253 assert_child_sa_state(a, 5, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
254 assert_child_sa_state(a, 7, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
255 assert_ipsec_sas_installed(a, 5, 6, 7, 8);
256 assert_hook();
257
258 /* INFORMATIONAL { D } --> */
259 assert_hook_not_called(child_rekey);
260 assert_single_payload(IN, PLV2_DELETE);
261 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
262 assert_child_sa_state(b, 6, CHILD_DELETED, CHILD_OUTBOUND_NONE);
263 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
264 assert_child_sa_count(b, 2);
265 assert_ipsec_sas_installed(b, 6, 7, 8);
266 assert_hook();
267
268 /* <-- INFORMATIONAL { D } */
269 assert_hook_not_called(child_rekey);
270 assert_single_payload(IN, PLV2_DELETE);
271 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
272 assert_child_sa_state(a, 5, CHILD_DELETED, CHILD_OUTBOUND_NONE);
273 assert_child_sa_state(a, 7, CHILD_INSTALLED);
274 assert_child_sa_count(a, 2);
275 assert_ipsec_sas_installed(a, 5, 7, 8);
276 assert_hook();
277
278 /* simulate the execution of the scheduled jobs */
279 destroy_rekeyed(a, 5);
280 assert_child_sa_count(a, 1);
281 assert_ipsec_sas_installed(a, 7, 8);
282 destroy_rekeyed(b, 6);
283 assert_child_sa_count(b, 1);
284 assert_ipsec_sas_installed(b, 7, 8);
285
286 /* child_updown */
287 assert_hook();
288
289 call_ikesa(a, destroy);
290 call_ikesa(b, destroy);
291 }
292 END_TEST
293
294 /**
295 * Check that the responder ignores soft expires while waiting for the delete
296 * after a rekeying.
297 */
298 START_TEST(test_regular_responder_ignore_soft_expire)
299 {
300 ike_sa_t *a, *b;
301
302 exchange_test_helper->establish_sa(exchange_test_helper,
303 &a, &b, NULL);
304 initiate_rekey(a, 1);
305 assert_ipsec_sas_installed(a, 1, 2);
306
307 /* this should never get called as this results in a successful rekeying */
308 assert_hook_not_called(child_updown);
309
310 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
311 assert_hook_called(child_rekey);
312 assert_notify(IN, REKEY_SA);
313 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
314 assert_child_sa_state(b, 2, CHILD_REKEYED);
315 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
316 assert_ipsec_sas_installed(b, 1, 2, 4);
317 assert_hook();
318
319 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
320 assert_hook_called(child_rekey);
321 assert_no_notify(IN, REKEY_SA);
322 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
323 assert_child_sa_state(a, 1, CHILD_DELETING);
324 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
325 assert_ipsec_sas_installed(a, 1, 2, 3, 4);
326 assert_hook();
327
328 /* we don't expect this to get called anymore */
329 assert_hook_not_called(child_rekey);
330 /* this should not produce a message, if it does there won't be a delete
331 * payload below */
332 call_ikesa(b, rekey_child_sa, PROTO_ESP, 2);
333 assert_child_sa_state(b, 2, CHILD_REKEYED);
334
335 /* INFORMATIONAL { D } --> */
336 assert_jobs_scheduled(1);
337 assert_single_payload(IN, PLV2_DELETE);
338 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
339 assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
340 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
341 assert_child_sa_count(b, 2);
342 assert_ipsec_sas_installed(b, 2, 3, 4);
343 assert_scheduler();
344 /* <-- INFORMATIONAL { D } */
345 assert_jobs_scheduled(1);
346 assert_single_payload(IN, PLV2_DELETE);
347 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
348 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
349 assert_child_sa_state(a, 3, CHILD_INSTALLED);
350 assert_child_sa_count(a, 2);
351 assert_ipsec_sas_installed(a, 1, 3, 4);
352 assert_scheduler();
353
354 /* simulate the execution of the scheduled jobs */
355 destroy_rekeyed(a, 1);
356 assert_child_sa_count(a, 1);
357 assert_ipsec_sas_installed(a, 3, 4);
358 destroy_rekeyed(b, 2);
359 assert_child_sa_count(b, 1);
360 assert_ipsec_sas_installed(b, 3, 4);
361
362 /* child_rekey/child_updown */
363 assert_hook();
364 assert_hook();
365
366 call_ikesa(a, destroy);
367 call_ikesa(b, destroy);
368 }
369 END_TEST
370
371 /**
372 * Check that the responder handles hard expires properly while waiting for the
373 * delete after a rekeying (e.g. if the rekey settings are tight or the
374 * CREATE_CHILD_SA response is delayed).
375 */
376 START_TEST(test_regular_responder_handle_hard_expire)
377 {
378 ike_sa_t *a, *b;
379
380 exchange_test_helper->establish_sa(exchange_test_helper,
381 &a, &b, NULL);
382 initiate_rekey(a, 1);
383 assert_ipsec_sas_installed(a, 1, 2);
384
385 /* this should never get called as this results in a successful rekeying */
386 assert_hook_not_called(child_updown);
387
388 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
389 assert_hook_called(child_rekey);
390 assert_notify(IN, REKEY_SA);
391 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
392 assert_child_sa_state(b, 2, CHILD_REKEYED);
393 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
394 assert_ipsec_sas_installed(b, 1, 2, 4);
395 assert_hook();
396
397 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
398 assert_hook_called(child_rekey);
399 assert_no_notify(IN, REKEY_SA);
400 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
401 assert_child_sa_state(a, 1, CHILD_DELETING);
402 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
403 assert_ipsec_sas_installed(a, 1, 2, 3, 4);
404 assert_hook();
405
406 /* we don't expect this to get called anymore */
407 assert_hook_not_called(child_rekey);
408 /* this is similar to a regular delete collision, but we don't actually
409 * want to send a delete back as that might conflict with a delayed
410 * CREATE_CHILD_SA response */
411 call_ikesa(b, delete_child_sa, PROTO_ESP, 2, TRUE);
412 assert_child_sa_count(b, 1);
413 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
414 /* the expire causes the outbound SA to get installed */
415 assert_ipsec_sas_installed(b, 3, 4);
416
417 /* INFORMATIONAL { D } --> */
418 assert_no_jobs_scheduled();
419 assert_single_payload(IN, PLV2_DELETE);
420 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
421 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
422 assert_ipsec_sas_installed(b, 3, 4);
423 assert_scheduler();
424 /* <-- INFORMATIONAL { } */
425 assert_jobs_scheduled(1);
426 assert_message_empty(IN);
427 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
428 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
429 assert_child_sa_state(a, 3, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
430 assert_child_sa_count(a, 2);
431 assert_ipsec_sas_installed(a, 1, 3, 4);
432 assert_scheduler();
433
434 /* simulate the execution of the scheduled job */
435 destroy_rekeyed(a, 1);
436 assert_child_sa_count(a, 1);
437 assert_ipsec_sas_installed(a, 3, 4);
438
439 /* child_rekey/child_updown */
440 assert_hook();
441 assert_hook();
442
443 call_ikesa(a, destroy);
444 call_ikesa(b, destroy);
445 }
446 END_TEST
447
448 /**
449 * Both peers initiate the CHILD_SA reekying concurrently and should handle
450 * the collision properly depending on the nonces.
451 */
452 START_TEST(test_collision)
453 {
454 ike_sa_t *a, *b;
455
456 exchange_test_helper->establish_sa(exchange_test_helper,
457 &a, &b, NULL);
458
459 /* When rekeyings collide we get two CHILD_SAs with a total of four nonces.
460 * The CHILD_SA with the lowest nonce SHOULD be deleted by the peer that
461 * created that CHILD_SA. The replaced CHILD_SA is deleted by the peer that
462 * initiated the surviving SA.
463 * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
464 * CHILD_SA):
465 * N1/3 -----\ /----- N2/4
466 * \--/-----> N3/5
467 * N4/6 <-------/ /----- ...
468 * ... -----\
469 * We test this four times, each time a different nonce is the lowest.
470 */
471 struct {
472 /* Nonces used at each point */
473 u_char nonces[4];
474 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
475 uint32_t spi_del_a, spi_del_b;
476 /* SPIs of the kept CHILD_SA */
477 uint32_t spi_a, spi_b;
478 } data[] = {
479 { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
480 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
481 { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
482 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
483 };
484
485 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
486 initiate_rekey(a, 1);
487 assert_ipsec_sas_installed(a, 1, 2);
488 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
489 initiate_rekey(b, 2);
490 assert_ipsec_sas_installed(b, 1, 2);
491
492 /* this should never get called as this results in a successful rekeying */
493 assert_hook_not_called(child_updown);
494
495 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
496 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
497 assert_hook_rekey(child_rekey, 2, 5);
498 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
499 assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
500 assert_child_sa_state(b, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
501 assert_ipsec_sas_installed(b, 1, 2, 5);
502 assert_hook();
503 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
504 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
505 assert_hook_rekey(child_rekey, 1, 6);
506 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
507 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
508 assert_child_sa_state(a, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
509 assert_ipsec_sas_installed(a, 1, 2, 6);
510 assert_hook();
511
512 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
513 if (data[_i].spi_del_a == 1)
514 { /* currently we call this again if we keep our own replacement as we
515 * already called it above */
516 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
517 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
518 assert_hook();
519 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
520 CHILD_OUTBOUND_REGISTERED);
521 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
522 CHILD_OUTBOUND_INSTALLED);
523 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
524 CHILD_OUTBOUND_INSTALLED);
525 assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6);
526 }
527 else
528 {
529 assert_hook_not_called(child_rekey);
530 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
531 assert_hook();
532 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
533 CHILD_OUTBOUND_INSTALLED);
534 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
535 CHILD_OUTBOUND_REGISTERED);
536 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
537 CHILD_OUTBOUND_REGISTERED);
538 assert_ipsec_sas_installed(a, 1, 2, 3, 6);
539 }
540 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
541 if (data[_i].spi_del_b == 2)
542 {
543 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
544 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
545 assert_hook();
546 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
547 CHILD_OUTBOUND_REGISTERED);
548 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
549 CHILD_OUTBOUND_INSTALLED);
550 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
551 CHILD_OUTBOUND_INSTALLED);
552 assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6);
553 }
554 else
555 {
556 assert_hook_not_called(child_rekey);
557 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
558 assert_hook();
559 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
560 CHILD_OUTBOUND_INSTALLED);
561 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
562 CHILD_OUTBOUND_REGISTERED);
563 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
564 CHILD_OUTBOUND_REGISTERED);
565 assert_ipsec_sas_installed(b, 1, 2, 4, 5);
566 }
567
568 /* we don't expect this hook to get called anymore */
569 assert_hook_not_called(child_rekey);
570 /* INFORMATIONAL { D } --> */
571 assert_jobs_scheduled(1);
572 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
573 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
574 data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED
575 : CHILD_OUTBOUND_REGISTERED);
576 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
577 CHILD_OUTBOUND_NONE);
578 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
579 CHILD_OUTBOUND_INSTALLED);
580 assert_child_sa_count(b, 3);
581 if (data[_i].spi_del_b == 2)
582 {
583 assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6);
584 }
585 else
586 {
587 assert_ipsec_sas_installed(b, 2, 3, 4, 5);
588 }
589 assert_scheduler();
590 /* <-- INFORMATIONAL { D } */
591 assert_jobs_scheduled(1);
592 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
593 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
594 data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED
595 : CHILD_OUTBOUND_REGISTERED);
596 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
597 CHILD_OUTBOUND_NONE);
598 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
599 CHILD_OUTBOUND_INSTALLED);
600 assert_child_sa_count(a, 3);
601 if (data[_i].spi_del_a == 1)
602 {
603 assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6);
604 }
605 else
606 {
607 assert_ipsec_sas_installed(a, 1, 3, 4, 6);
608 }
609 assert_scheduler();
610 /* <-- INFORMATIONAL { D } */
611 assert_jobs_scheduled(1);
612 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
613 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED,
614 CHILD_OUTBOUND_NONE);
615 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
616 CHILD_OUTBOUND_NONE);
617 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
618 CHILD_OUTBOUND_INSTALLED);
619 assert_child_sa_count(a, 3);
620 assert_ipsec_sas_installed(a, 1, 3, 6,
621 data[_i].spi_del_a == 1 ? 5 : 4);
622 assert_scheduler();
623 /* INFORMATIONAL { D } --> */
624 assert_jobs_scheduled(1);
625 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
626 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
627 CHILD_OUTBOUND_NONE);
628 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
629 CHILD_OUTBOUND_NONE);
630 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
631 CHILD_OUTBOUND_INSTALLED);
632 assert_child_sa_count(b, 3);
633 assert_ipsec_sas_installed(b, 2, 4, 5,
634 data[_i].spi_del_b == 2 ? 6 : 3);
635 assert_scheduler();
636
637 /* simulate the execution of the scheduled jobs */
638 destroy_rekeyed(a, data[_i].spi_del_a);
639 destroy_rekeyed(a, data[_i].spi_del_b);
640 assert_child_sa_count(a, 1);
641 assert_ipsec_sas_installed(a, data[_i].spi_a, data[_i].spi_b);
642 destroy_rekeyed(b, data[_i].spi_del_a);
643 destroy_rekeyed(b, data[_i].spi_del_b);
644 assert_child_sa_count(b, 1);
645 assert_ipsec_sas_installed(b, data[_i].spi_a, data[_i].spi_b);
646
647 /* child_rekey/child_updown */
648 assert_hook();
649 assert_hook();
650
651 call_ikesa(a, destroy);
652 call_ikesa(b, destroy);
653 }
654 END_TEST
655
656 /**
657 * This is like the rekey collision above, but one peer deletes the
658 * redundant/old SA before the other peer receives the CREATE_CHILD_SA
659 * response:
660 *
661 * rekey ----\ /---- rekey
662 * \-----/----> detect collision
663 * detect collision <---------/ /----
664 * ----\ /
665 * \----/----->
666 * handle delete <--------/------- delete SA
667 * --------/------->
668 * handle rekey <------/
669 * delete SA ---------------->
670 * <----------------
671 */
672 START_TEST(test_collision_delayed_response)
673 {
674 ike_sa_t *a, *b;
675 message_t *msg;
676
677 exchange_test_helper->establish_sa(exchange_test_helper,
678 &a, &b, NULL);
679
680 /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
681 * CHILD_SA):
682 * N1/3 -----\ /----- N2/4
683 * \--/-----> N3/5
684 * N4/6 <-------/ /----- ...
685 * ... -----\
686 * We test this four times, each time a different nonce is the lowest.
687 */
688 struct {
689 /* Nonces used at each point */
690 u_char nonces[4];
691 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
692 uint32_t spi_del_a, spi_del_b;
693 /* SPIs of the kept CHILD_SA */
694 uint32_t spi_a, spi_b;
695 } data[] = {
696 { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
697 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
698 { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
699 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
700 };
701
702 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
703 initiate_rekey(a, 1);
704 assert_ipsec_sas_installed(a, 1, 2);
705 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
706 initiate_rekey(b, 2);
707 assert_ipsec_sas_installed(b, 1, 2);
708
709 /* this should never get called as this results in a successful rekeying */
710 assert_hook_not_called(child_updown);
711
712 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
713 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
714 assert_hook_rekey(child_rekey, 2, 5);
715 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
716 assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
717 assert_child_sa_state(b, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
718 assert_ipsec_sas_installed(b, 1, 2, 5);
719 assert_hook();
720 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
721 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
722 assert_hook_rekey(child_rekey, 1, 6);
723 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
724 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
725 assert_child_sa_state(a, 6, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
726 assert_ipsec_sas_installed(a, 1, 2, 6);
727 assert_hook();
728
729 /* delay the CREATE_CHILD_SA response from b to a */
730 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
731
732 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
733 if (data[_i].spi_del_b == 2)
734 {
735 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
736 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
737 assert_hook();
738 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
739 CHILD_OUTBOUND_REGISTERED);
740 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
741 CHILD_OUTBOUND_INSTALLED);
742 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
743 CHILD_OUTBOUND_INSTALLED);
744 assert_ipsec_sas_installed(b, 1, 2, 4, 5, 6);
745 }
746 else
747 {
748 assert_hook_not_called(child_rekey);
749 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
750 assert_hook();
751 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
752 CHILD_OUTBOUND_INSTALLED);
753 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
754 CHILD_OUTBOUND_REGISTERED);
755 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
756 CHILD_OUTBOUND_REGISTERED);
757 assert_ipsec_sas_installed(b, 1, 2, 4, 5);
758 }
759
760 /* <-- INFORMATIONAL { D } */
761 assert_hook_not_called(child_rekey);
762 assert_jobs_scheduled(1);
763 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
764 if (data[_i].spi_del_b == 2)
765 {
766 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
767 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
768 CHILD_OUTBOUND_INSTALLED);
769 assert_ipsec_sas_installed(a, 1, 4, 6);
770 }
771 else
772 {
773 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
774 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
775 CHILD_OUTBOUND_NONE);
776 assert_ipsec_sas_installed(a, 1, 2, 6);
777 }
778 assert_child_sa_count(a, 2);
779 assert_scheduler();
780 /* INFORMATIONAL { D } --> */
781 assert_jobs_scheduled(1);
782 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
783 if (data[_i].spi_del_b == 2)
784 {
785 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
786 CHILD_OUTBOUND_REGISTERED);
787 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
788 CHILD_OUTBOUND_INSTALLED);
789 assert_ipsec_sas_installed(b, 2, 4, 5, 6);
790 }
791 else
792 {
793 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
794 CHILD_OUTBOUND_INSTALLED);
795 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
796 CHILD_OUTBOUND_REGISTERED);
797 assert_ipsec_sas_installed(b, 1, 2, 4, 5);
798 }
799 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
800 CHILD_OUTBOUND_NONE);
801 assert_child_sa_count(b, 3);
802 assert_scheduler();
803 assert_hook();
804
805 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } (delayed) */
806 if (data[_i].spi_del_a == 1)
807 {
808 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
809 exchange_test_helper->process_message(exchange_test_helper, a, msg);
810 assert_hook();
811 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
812 CHILD_OUTBOUND_INSTALLED);
813 assert_ipsec_sas_installed(a, 1, 2, 3, 5, 6);
814 }
815 else
816 {
817 assert_hook_not_called(child_rekey);
818 exchange_test_helper->process_message(exchange_test_helper, a, msg);
819 assert_hook();
820 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
821 CHILD_OUTBOUND_REGISTERED);
822 assert_ipsec_sas_installed(a, 1, 3, 4, 6);
823 }
824 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
825 CHILD_OUTBOUND_NONE);
826 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
827 CHILD_OUTBOUND_INSTALLED);
828 assert_child_sa_count(a, 3);
829
830 /* we don't expect this hook to get called anymore */
831 assert_hook_not_called(child_rekey);
832 /* INFORMATIONAL { D } --> */
833 assert_jobs_scheduled(1);
834 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
835 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
836 CHILD_OUTBOUND_NONE);
837 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
838 CHILD_OUTBOUND_NONE);
839 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
840 CHILD_OUTBOUND_INSTALLED);
841 assert_ipsec_sas_installed(b, 2, 4, 5,
842 data[_i].spi_del_b == 2 ? 6 : 3);
843 assert_child_sa_count(b, 3);
844 assert_scheduler();
845 /* <-- INFORMATIONAL { D } */
846 assert_jobs_scheduled(1);
847 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
848 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED,
849 CHILD_OUTBOUND_NONE);
850 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
851 CHILD_OUTBOUND_NONE);
852 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
853 CHILD_OUTBOUND_INSTALLED);
854 assert_child_sa_count(a, 3);
855 assert_ipsec_sas_installed(a, 1, 3, 6,
856 data[_i].spi_del_a == 1 ? 5 : 4);
857 assert_scheduler();
858
859 /* simulate the execution of the scheduled jobs */
860 destroy_rekeyed(a, data[_i].spi_del_a);
861 destroy_rekeyed(a, data[_i].spi_del_b);
862 assert_child_sa_count(a, 1);
863 assert_ipsec_sas_installed(a, data[_i].spi_a, data[_i].spi_b);
864 destroy_rekeyed(b, data[_i].spi_del_a);
865 destroy_rekeyed(b, data[_i].spi_del_b);
866 assert_child_sa_count(b, 1);
867 assert_ipsec_sas_installed(b, data[_i].spi_a, data[_i].spi_b);
868
869 /* child_rekey/child_updown */
870 assert_hook();
871 assert_hook();
872
873 call_ikesa(a, destroy);
874 call_ikesa(b, destroy);
875 }
876 END_TEST
877
878 /**
879 * In this scenario one of the peers does not notice that there is a
880 * rekey collision:
881 *
882 * rekey ----\ /---- rekey
883 * \ /
884 * detect collision <-----\---/
885 * -------\-------->
886 * \ /---- delete old SA
887 * \-/----> detect collision
888 * detect collision <---------/ /---- TEMP_FAIL
889 * delete -----------/---->
890 * aborts rekeying <---------/
891 */
892 START_TEST(test_collision_delayed_request)
893 {
894 ike_sa_t *a, *b;
895 message_t *msg;
896
897 exchange_test_helper->establish_sa(exchange_test_helper,
898 &a, &b, NULL);
899
900 /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
901 * CHILD_SA):
902 * N1/3 -----\ /----- N2/4
903 * N3/5 <-----\--/
904 * ... -----\ \-------> ...
905 * We test this three times, each time a different nonce is the lowest.
906 */
907 struct {
908 /* Nonces used at each point */
909 u_char nonces[3];
910 } data[] = {
911 { { 0x00, 0xFF, 0xFF } },
912 { { 0xFF, 0x00, 0xFF } },
913 { { 0xFF, 0xFF, 0x00 } },
914 };
915
916 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
917 initiate_rekey(a, 1);
918 assert_ipsec_sas_installed(a, 1, 2);
919 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
920 initiate_rekey(b, 2);
921 assert_ipsec_sas_installed(b, 1, 2);
922
923 /* delay the CREATE_CHILD_SA request from a to b */
924 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
925
926 /* this should never get called as this results in a successful rekeying */
927 assert_hook_not_called(child_updown);
928
929 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
930 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
931 assert_hook_rekey(child_rekey, 1, 5);
932 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
933 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
934 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
935 assert_ipsec_sas_installed(a, 1, 2, 5);
936 assert_hook();
937 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
938 assert_hook_rekey(child_rekey, 2, 4);
939 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
940 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
941 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
942 assert_ipsec_sas_installed(b, 1, 2, 4, 5);
943 assert_hook();
944
945 /* we don't expect this hook to get called anymore */
946 assert_hook_not_called(child_rekey);
947
948 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
949 assert_single_notify(OUT, TEMPORARY_FAILURE);
950 exchange_test_helper->process_message(exchange_test_helper, b, msg);
951 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
952 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
953
954 /* <-- INFORMATIONAL { D } */
955 assert_jobs_scheduled(1);
956 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
957 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
958 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
959 assert_child_sa_count(a, 2);
960 assert_ipsec_sas_installed(a, 1, 4, 5);
961 assert_scheduler();
962
963 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
964 assert_no_jobs_scheduled();
965 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
966 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
967 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
968 assert_child_sa_count(a, 2);
969 assert_ipsec_sas_installed(a, 1, 4, 5);
970 assert_scheduler();
971
972 /* INFORMATIONAL { D } --> */
973 assert_jobs_scheduled(1);
974 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
975 assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
976 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
977 assert_child_sa_count(b, 2);
978 assert_ipsec_sas_installed(b, 2, 4, 5);
979 assert_scheduler();
980
981 /* simulate the execution of the scheduled jobs */
982 destroy_rekeyed(a, 1);
983 assert_child_sa_count(a, 1);
984 assert_ipsec_sas_installed(a, 4, 5);
985 destroy_rekeyed(b, 2);
986 assert_child_sa_count(b, 1);
987 assert_ipsec_sas_installed(b, 4, 5);
988
989 /* child_rekey/child_updown */
990 assert_hook();
991 assert_hook();
992
993 assert_sa_idle(a);
994 assert_sa_idle(b);
995
996 call_ikesa(a, destroy);
997 call_ikesa(b, destroy);
998 }
999 END_TEST
1000
1001 /**
1002 * Similar to above one peer fails to notice the collision but the
1003 * CREATE_CHILD_SA request is even more delayed:
1004 *
1005 * rekey ----\ /---- rekey
1006 * \ /
1007 * detect collision <-----\---/
1008 * -------\-------->
1009 * detect collision <-------\-------- delete old SA
1010 * delete ---------\------>
1011 * \----->
1012 * /---- CHILD_SA_NOT_FOUND
1013 * aborts rekeying <----------/
1014 */
1015 START_TEST(test_collision_delayed_request_more)
1016 {
1017 ike_sa_t *a, *b;
1018 message_t *msg;
1019
1020 exchange_test_helper->establish_sa(exchange_test_helper,
1021 &a, &b, NULL);
1022
1023 /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
1024 * CHILD_SA):
1025 * N1/3 -----\ /----- N2/4
1026 * N3/5 <-----\--/
1027 * ... -----\ \-------> ...
1028 * We test this three times, each time a different nonce is the lowest.
1029 */
1030 struct {
1031 /* Nonces used at each point */
1032 u_char nonces[3];
1033 } data[] = {
1034 { { 0x00, 0xFF, 0xFF } },
1035 { { 0xFF, 0x00, 0xFF } },
1036 { { 0xFF, 0xFF, 0x00 } },
1037 };
1038
1039 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1040 initiate_rekey(a, 1);
1041 assert_ipsec_sas_installed(a, 1, 2);
1042 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1043 initiate_rekey(b, 2);
1044 assert_ipsec_sas_installed(b, 1, 2);
1045
1046 /* delay the CREATE_CHILD_SA request from a to b */
1047 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1048
1049 /* this should never get called as this results in a successful rekeying */
1050 assert_hook_not_called(child_updown);
1051
1052 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1053 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1054 assert_hook_rekey(child_rekey, 1, 5);
1055 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1056 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1057 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1058 assert_ipsec_sas_installed(a, 1, 2, 5);
1059 assert_hook();
1060 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
1061 assert_hook_rekey(child_rekey, 2, 4);
1062 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1063 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1064 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1065 assert_ipsec_sas_installed(b, 1, 2, 4, 5);
1066 assert_hook();
1067
1068 /* we don't expect this hook to get called anymore */
1069 assert_hook_not_called(child_rekey);
1070
1071 /* <-- INFORMATIONAL { D } */
1072 assert_jobs_scheduled(1);
1073 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1074 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1075 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1076 assert_child_sa_count(a, 2);
1077 assert_ipsec_sas_installed(a, 1, 4, 5);
1078 assert_scheduler();
1079 /* INFORMATIONAL { D } --> */
1080 assert_jobs_scheduled(1);
1081 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1082 assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1083 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1084 assert_child_sa_count(b, 2);
1085 assert_ipsec_sas_installed(b, 2, 4, 5);
1086 assert_scheduler();
1087
1088 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1089 assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
1090 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1091 assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1092 assert_child_sa_state(b, 4, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1093 assert_child_sa_count(b, 2);
1094 assert_ipsec_sas_installed(b, 2, 4, 5);
1095 /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
1096 assert_no_jobs_scheduled();
1097 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1098 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1099 assert_child_sa_state(a, 5, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1100 assert_child_sa_count(a, 2);
1101 assert_ipsec_sas_installed(a, 1, 4, 5);
1102 assert_scheduler();
1103
1104 /* simulate the execution of the scheduled jobs */
1105 destroy_rekeyed(a, 1);
1106 assert_child_sa_count(a, 1);
1107 assert_ipsec_sas_installed(a, 4, 5);
1108 destroy_rekeyed(b, 2);
1109 assert_child_sa_count(b, 1);
1110 assert_ipsec_sas_installed(b, 4, 5);
1111
1112 /* child_rekey/child_updown */
1113 assert_hook();
1114 assert_hook();
1115
1116 assert_sa_idle(a);
1117 assert_sa_idle(b);
1118
1119 call_ikesa(a, destroy);
1120 call_ikesa(b, destroy);
1121 }
1122 END_TEST
1123
1124 /**
1125 * Both peers initiate the CHILD_SA reekying concurrently but the proposed DH
1126 * groups are not the same after handling the INVALID_KE_PAYLOAD they should
1127 * still handle the collision properly depending on the nonces.
1128 */
1129 START_TEST(test_collision_ke_invalid)
1130 {
1131 exchange_test_sa_conf_t conf = {
1132 .initiator = {
1133 .esp = "aes128-sha256-modp2048-modp3072",
1134 },
1135 .responder = {
1136 .esp = "aes128-sha256-modp3072-modp2048",
1137 },
1138 };
1139 ike_sa_t *a, *b;
1140
1141 exchange_test_helper->establish_sa(exchange_test_helper,
1142 &a, &b, &conf);
1143
1144 /* Eight nonces and SPIs are needed (SPI 1 and 2 are used for the initial
1145 * CHILD_SA):
1146 * N1/3 -----\ /----- N2/4
1147 * \--/-----> N3/5
1148 * N4/6 <-------/ /---- INVAL_KE
1149 * INVAL_KE -----\ /
1150 * <-----\--/
1151 * N5/7 -----\ \------->
1152 * \ /---- N6/8
1153 * \--/----> N7/9
1154 * N8/10 <--------/ /---- ...
1155 * ... ------\
1156 *
1157 * We test this four times, each time a different nonce is the lowest.
1158 */
1159 struct {
1160 /* Nonces used at each point */
1161 u_char nonces[4];
1162 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
1163 uint32_t spi_del_a, spi_del_b;
1164 /* SPIs of the kept CHILD_SA */
1165 uint32_t spi_a, spi_b;
1166 } data[] = {
1167 { { 0x00, 0xFF, 0xFF, 0xFF }, 7, 2,10, 8 },
1168 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 8, 7, 9 },
1169 { { 0xFF, 0xFF, 0x00, 0xFF }, 7, 2,10, 8 },
1170 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 8, 7, 9 },
1171 };
1172
1173 /* make sure the nonces of the first try don't affect the retries */
1174 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1175 initiate_rekey(a, 1);
1176 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1177 initiate_rekey(b, 2);
1178
1179 /* this should never get called as this results in a successful rekeying */
1180 assert_hook_not_called(child_updown);
1181
1182 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1183 assert_hook_not_called(child_rekey);
1184 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1185 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1186 assert_child_sa_count(b, 1);
1187 assert_hook();
1188 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1189 assert_hook_not_called(child_rekey);
1190 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1191 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1192 assert_child_sa_count(a, 1);
1193 assert_hook();
1194
1195 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
1196 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1197 assert_hook_not_called(child_rekey);
1198 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1199 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1200 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1201 assert_child_sa_count(a, 1);
1202 assert_hook();
1203 /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
1204 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1205 assert_hook_not_called(child_rekey);
1206 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1207 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1208 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1209 assert_child_sa_count(b, 1);
1210 assert_hook();
1211
1212 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1213 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1214 assert_hook_rekey(child_rekey, 2, 9);
1215 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1216 assert_child_sa_state(b, 2, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1217 assert_child_sa_state(b, 9, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1218 assert_hook();
1219 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1220 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
1221 assert_hook_rekey(child_rekey, 1, 10);
1222 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1223 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1224 assert_child_sa_state(a,10, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1225 assert_hook();
1226
1227 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
1228 if (data[_i].spi_del_a == 1)
1229 { /* currently we call this again if we keep our own replacement as we
1230 * already called it above */
1231 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
1232 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1233 assert_hook();
1234 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
1235 CHILD_OUTBOUND_REGISTERED);
1236 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1237 CHILD_OUTBOUND_INSTALLED);
1238 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
1239 CHILD_OUTBOUND_INSTALLED);
1240 }
1241 else
1242 {
1243 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1244 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED,
1245 CHILD_OUTBOUND_INSTALLED);
1246 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1247 CHILD_OUTBOUND_REGISTERED);
1248 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
1249 CHILD_OUTBOUND_REGISTERED);
1250 }
1251 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
1252 if (data[_i].spi_del_b == 2)
1253 {
1254 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
1255 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1256 assert_hook();
1257 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
1258 CHILD_OUTBOUND_REGISTERED);
1259 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1260 CHILD_OUTBOUND_INSTALLED);
1261 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
1262 CHILD_OUTBOUND_INSTALLED);
1263 }
1264 else
1265 {
1266 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1267 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED,
1268 CHILD_OUTBOUND_INSTALLED);
1269 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1270 CHILD_OUTBOUND_REGISTERED);
1271 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
1272 CHILD_OUTBOUND_REGISTERED);
1273 }
1274
1275
1276 /* we don't expect this hook to get called anymore */
1277 assert_hook_not_called(child_rekey);
1278 /* INFORMATIONAL { D } --> */
1279 assert_jobs_scheduled(1);
1280 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1281 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING,
1282 data[_i].spi_del_b == 2 ? CHILD_OUTBOUND_INSTALLED
1283 : CHILD_OUTBOUND_REGISTERED);
1284 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
1285 CHILD_OUTBOUND_NONE);
1286 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1287 CHILD_OUTBOUND_INSTALLED);
1288 assert_child_sa_count(b, 3);
1289 assert_scheduler();
1290 /* <-- INFORMATIONAL { D } */
1291 assert_jobs_scheduled(1);
1292 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1293 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING,
1294 data[_i].spi_del_a == 1 ? CHILD_OUTBOUND_INSTALLED
1295 : CHILD_OUTBOUND_REGISTERED);
1296 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
1297 CHILD_OUTBOUND_NONE);
1298 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1299 CHILD_OUTBOUND_INSTALLED);
1300 assert_child_sa_count(a, 3);
1301 assert_scheduler();
1302 /* <-- INFORMATIONAL { D } */
1303 assert_jobs_scheduled(1);
1304 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1305 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETED,
1306 CHILD_OUTBOUND_NONE);
1307 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_DELETED,
1308 CHILD_OUTBOUND_NONE);
1309 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED,
1310 CHILD_OUTBOUND_INSTALLED);
1311 assert_child_sa_count(a, 3);
1312 assert_scheduler();
1313 /* INFORMATIONAL { D } --> */
1314 assert_jobs_scheduled(1);
1315 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1316 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETED,
1317 CHILD_OUTBOUND_NONE);
1318 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_DELETED,
1319 CHILD_OUTBOUND_NONE);
1320 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED,
1321 CHILD_OUTBOUND_INSTALLED);
1322 assert_child_sa_count(b, 3);
1323 assert_scheduler();
1324
1325 /* simulate the execution of the scheduled jobs */
1326 destroy_rekeyed(a, data[_i].spi_del_a);
1327 destroy_rekeyed(a, data[_i].spi_del_b);
1328 assert_child_sa_count(a, 1);
1329 assert_ipsec_sas_installed(a, data[_i].spi_a, data[_i].spi_b);
1330 destroy_rekeyed(b, data[_i].spi_del_a);
1331 destroy_rekeyed(b, data[_i].spi_del_b);
1332 assert_child_sa_count(b, 1);
1333 assert_ipsec_sas_installed(b, data[_i].spi_a, data[_i].spi_b);
1334
1335 /* child_rekey/child_updown */
1336 assert_hook();
1337 assert_hook();
1338
1339 assert_sa_idle(a);
1340 assert_sa_idle(b);
1341
1342 call_ikesa(a, destroy);
1343 call_ikesa(b, destroy);
1344 }
1345 END_TEST
1346
1347 /**
1348 * This is a variation of the above but with the retry by one peer delayed so
1349 * that to the other peer it looks like there is no collision.
1350 */
1351 START_TEST(test_collision_ke_invalid_delayed_retry)
1352 {
1353 exchange_test_sa_conf_t conf = {
1354 .initiator = {
1355 .esp = "aes128-sha256-modp2048-modp3072",
1356 },
1357 .responder = {
1358 .esp = "aes128-sha256-modp3072-modp2048",
1359 },
1360 };
1361 ike_sa_t *a, *b;
1362 message_t *msg;
1363
1364 exchange_test_helper->establish_sa(exchange_test_helper,
1365 &a, &b, &conf);
1366
1367 /* Seven nonces and SPIs are needed (SPI 1 and 2 are used for the initial
1368 * CHILD_SA):
1369 * N1/3 -----\ /----- N2/4
1370 * \--/-----> N3/5
1371 * N4/6 <-------/ /---- INVAL_KE
1372 * INVAL_KE -----\ /
1373 * <-----\--/
1374 * N5/7 -----\ \------->
1375 * <-----\--------- N6/8
1376 * N7/9 -------\------->
1377 * <-------\------- DELETE
1378 * ... ------\ \----->
1379 * /---- TEMP_FAIL
1380 *
1381 * We test this three times, each time a different nonce is the lowest.
1382 */
1383 struct {
1384 /* Nonces used at each point */
1385 u_char nonces[3];
1386 } data[] = {
1387 { { 0x00, 0xFF, 0xFF } },
1388 { { 0xFF, 0x00, 0xFF } },
1389 { { 0xFF, 0xFF, 0x00 } },
1390 };
1391
1392 /* make sure the nonces of the first try don't affect the retries */
1393 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1394 initiate_rekey(a, 1);
1395 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1396 initiate_rekey(b, 2);
1397
1398 /* this should never get called as this results in a successful rekeying */
1399 assert_hook_not_called(child_updown);
1400
1401 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1402 assert_hook_not_called(child_rekey);
1403 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1404 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1405 assert_child_sa_count(b, 1);
1406 assert_hook();
1407 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1408 assert_hook_not_called(child_rekey);
1409 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1410 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1411 assert_child_sa_count(a, 1);
1412 assert_hook();
1413
1414 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
1415 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1416 assert_hook_not_called(child_rekey);
1417 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1418 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1419 assert_child_sa_state(a, 1, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1420 assert_child_sa_count(a, 1);
1421 assert_hook();
1422 /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
1423 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1424 assert_hook_not_called(child_rekey);
1425 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1426 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1427 assert_child_sa_state(b, 2, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1428 assert_child_sa_count(b, 1);
1429 assert_hook();
1430
1431 /* delay the CREATE_CHILD_SA request from a to b */
1432 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1433
1434 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1435 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1436 assert_hook_rekey(child_rekey, 1, 9);
1437 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1438 assert_child_sa_state(a, 1, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
1439 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
1440 assert_hook();
1441 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
1442 assert_hook_rekey(child_rekey, 2, 8);
1443 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1444 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1445 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1446 assert_hook();
1447
1448 /* we don't expect this hook to get called anymore */
1449 assert_hook_not_called(child_rekey);
1450
1451 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
1452 assert_single_notify(OUT, TEMPORARY_FAILURE);
1453 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1454 assert_child_sa_state(b, 2, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1455 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1456
1457 /* <-- INFORMATIONAL { D } */
1458 assert_jobs_scheduled(1);
1459 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1460 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1461 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1462 assert_child_sa_count(a, 2);
1463 assert_scheduler();
1464
1465 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1466 assert_no_jobs_scheduled();
1467 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1468 assert_child_sa_state(a, 1, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1469 assert_child_sa_state(a, 9, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1470 assert_child_sa_count(a, 2);
1471 assert_scheduler();
1472
1473 /* INFORMATIONAL { D } --> */
1474 assert_jobs_scheduled(1);
1475 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1476 assert_child_sa_state(b, 2, CHILD_DELETED, CHILD_OUTBOUND_NONE);
1477 assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1478 assert_child_sa_count(b, 2);
1479 assert_scheduler();
1480
1481 /* simulate the execution of the scheduled jobs */
1482 destroy_rekeyed(a, 1);
1483 assert_child_sa_count(a, 1);
1484 assert_ipsec_sas_installed(a, 8, 9);
1485 destroy_rekeyed(b, 2);
1486 assert_child_sa_count(b, 1);
1487 assert_ipsec_sas_installed(b, 8, 9);
1488
1489 /* child_rekey/child_updown */
1490 assert_hook();
1491 assert_hook();
1492
1493 assert_sa_idle(a);
1494 assert_sa_idle(b);
1495
1496 call_ikesa(a, destroy);
1497 call_ikesa(b, destroy);
1498 }
1499 END_TEST
1500
1501 /**
1502 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1503 * concurrently trying to rekey.
1504 *
1505 * rekey ----\ /---- delete
1506 * \-----/----> detect collision
1507 * detect collision <---------/ /---- TEMP_FAIL
1508 * delete ----\ /
1509 * \----/----->
1510 * aborts rekeying <--------/
1511 */
1512 START_TEST(test_collision_delete)
1513 {
1514 ike_sa_t *a, *b;
1515 uint32_t spi_a = _i+1, spi_b = 2-_i;
1516
1517 if (_i)
1518 { /* responder rekeys the CHILD_SA (SPI 2) */
1519 exchange_test_helper->establish_sa(exchange_test_helper,
1520 &b, &a, NULL);
1521 }
1522 else
1523 { /* initiator rekeys the CHILD_SA (SPI 1) */
1524 exchange_test_helper->establish_sa(exchange_test_helper,
1525 &a, &b, NULL);
1526 }
1527 initiate_rekey(a, spi_a);
1528 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1529 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1530
1531 /* this should never get called as there is no successful rekeying on
1532 * either side */
1533 assert_hook_not_called(child_rekey);
1534
1535 /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
1536 * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1537 */
1538
1539 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1540 assert_hook_not_called(child_updown);
1541 assert_notify(IN, REKEY_SA);
1542 assert_single_notify(OUT, TEMPORARY_FAILURE);
1543 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1544 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1545 assert_hook();
1546
1547 /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
1548 * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
1549 * payload.
1550 */
1551
1552 /* <-- INFORMATIONAL { D } */
1553 assert_hook_updown(child_updown, FALSE);
1554 assert_single_payload(IN, PLV2_DELETE);
1555 assert_single_payload(OUT, PLV2_DELETE);
1556 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1557 assert_child_sa_count(a, 0);
1558 assert_hook();
1559
1560 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1561 assert_hook_not_called(child_updown);
1562 /* we don't expect a job to retry the rekeying */
1563 assert_no_jobs_scheduled();
1564 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1565 assert_scheduler();
1566 assert_hook();
1567
1568 /* INFORMATIONAL { D } --> */
1569 assert_hook_updown(child_updown, FALSE);
1570 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1571 assert_child_sa_count(b, 0);
1572 assert_hook();
1573
1574 /* child_rekey */
1575 assert_hook();
1576
1577 assert_sa_idle(a);
1578 assert_sa_idle(b);
1579
1580 call_ikesa(a, destroy);
1581 call_ikesa(b, destroy);
1582 }
1583 END_TEST
1584
1585 /**
1586 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1587 * concurrently trying to rekey. However, the delete request is delayed or
1588 * dropped, so the peer doing the rekeying is unaware of the collision.
1589 *
1590 * rekey ----\ /---- delete
1591 * \-----/----> detect collision
1592 * reschedule <---------/------ TEMP_FAIL
1593 * <--------/
1594 * delete ---------------->
1595 *
1596 * The job will not find the SA to retry rekeying.
1597 */
1598 START_TEST(test_collision_delete_drop_delete)
1599 {
1600 ike_sa_t *a, *b;
1601 message_t *msg;
1602 uint32_t spi_a = _i+1, spi_b = 2-_i;
1603
1604 if (_i)
1605 { /* responder rekeys the CHILD_SA (SPI 2) */
1606 exchange_test_helper->establish_sa(exchange_test_helper,
1607 &b, &a, NULL);
1608 }
1609 else
1610 { /* initiator rekeys the CHILD_SA (SPI 1) */
1611 exchange_test_helper->establish_sa(exchange_test_helper,
1612 &a, &b, NULL);
1613 }
1614 initiate_rekey(a, spi_a);
1615 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1616 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1617
1618 /* this should never get called as there is no successful rekeying on
1619 * either side */
1620 assert_hook_not_called(child_rekey);
1621
1622 /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
1623 * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1624 */
1625
1626 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1627 assert_hook_not_called(child_updown);
1628 assert_notify(IN, REKEY_SA);
1629 assert_single_notify(OUT, TEMPORARY_FAILURE);
1630 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1631 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1632 assert_hook();
1633
1634 /* delay the DELETE request */
1635 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1636
1637 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1638 assert_hook_not_called(child_updown);
1639 /* we expect a job to retry the rekeying is scheduled */
1640 assert_jobs_scheduled(1);
1641 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1642 assert_child_sa_state(a, spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1643 assert_scheduler();
1644 assert_hook();
1645
1646 /* <-- INFORMATIONAL { D } (delayed) */
1647 assert_hook_updown(child_updown, FALSE);
1648 assert_single_payload(IN, PLV2_DELETE);
1649 assert_single_payload(OUT, PLV2_DELETE);
1650 exchange_test_helper->process_message(exchange_test_helper, a, msg);
1651 assert_child_sa_count(a, 0);
1652 assert_hook();
1653
1654 /* INFORMATIONAL { D } --> */
1655 assert_hook_updown(child_updown, FALSE);
1656 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1657 assert_child_sa_count(b, 0);
1658 assert_hook();
1659
1660 /* child_rekey */
1661 assert_hook();
1662
1663 assert_sa_idle(a);
1664 assert_sa_idle(b);
1665
1666 call_ikesa(a, destroy);
1667 call_ikesa(b, destroy);
1668 }
1669 END_TEST
1670
1671 /**
1672 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1673 * concurrently trying to rekey. However, the rekey request is delayed or
1674 * dropped, so the peer doing the deleting is unaware of the collision.
1675 *
1676 * rekey ----\ /---- delete
1677 * detect collision <----\-----/
1678 * delete ------\--------->
1679 * \-------->
1680 * /---- CHILD_SA_NOT_FOUND
1681 * aborts rekeying <----------/
1682 */
1683 START_TEST(test_collision_delete_drop_rekey)
1684 {
1685 ike_sa_t *a, *b;
1686 message_t *msg;
1687 uint32_t spi_a = _i+1, spi_b = 2-_i;
1688
1689 if (_i)
1690 { /* responder rekeys the CHILD_SA (SPI 2) */
1691 exchange_test_helper->establish_sa(exchange_test_helper,
1692 &b, &a, NULL);
1693 }
1694 else
1695 { /* initiator rekeys the CHILD_SA (SPI 1) */
1696 exchange_test_helper->establish_sa(exchange_test_helper,
1697 &a, &b, NULL);
1698 }
1699 initiate_rekey(a, spi_a);
1700 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1701 assert_child_sa_state(b, spi_b, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
1702
1703 /* this should never get called as there is no successful rekeying on
1704 * either side */
1705 assert_hook_not_called(child_rekey);
1706
1707 /* delay the CREATE_CHILD_SA request */
1708 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1709
1710 /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
1711 * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
1712 * payload.
1713 */
1714
1715 /* <-- INFORMATIONAL { D } */
1716 assert_hook_updown(child_updown, FALSE);
1717 assert_single_payload(IN, PLV2_DELETE);
1718 assert_single_payload(OUT, PLV2_DELETE);
1719 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1720 assert_child_sa_count(a, 0);
1721 assert_hook();
1722
1723 /* INFORMATIONAL { D } --> */
1724 assert_hook_updown(child_updown, FALSE);
1725 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1726 assert_child_sa_count(b, 0);
1727 assert_hook();
1728
1729 /* RFC 7296, 2.25.1: If a peer receives a to rekey a Child SA that does not
1730 * exist, it SHOULD reply with CHILD_SA_NOT_FOUND.
1731 */
1732
1733 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
1734 assert_hook_not_called(child_updown);
1735 assert_notify(IN, REKEY_SA);
1736 assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
1737 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1738 assert_hook();
1739
1740 /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
1741 assert_hook_not_called(child_updown);
1742 /* no jobs or tasks should get scheduled/queued */
1743 assert_no_jobs_scheduled();
1744 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1745 assert_scheduler();
1746 assert_hook();
1747
1748 /* child_rekey */
1749 assert_hook();
1750
1751 assert_sa_idle(a);
1752 assert_sa_idle(b);
1753
1754 call_ikesa(a, destroy);
1755 call_ikesa(b, destroy);
1756 }
1757 END_TEST
1758
1759 /**
1760 * FIXME: Not sure what we can do about the following:
1761 *
1762 * One of the hosts initiates a rekeying of a CHILD_SA and after responding to
1763 * it the other peer deletes the new SA. However, the rekey response is
1764 * delayed or dropped, so the peer doing the rekeying receives a delete for an
1765 * unknown CHILD_SA and then has a rekeyed CHILD_SA that should not exist.
1766 *
1767 * rekey ---------------->
1768 * /---- rekey
1769 * unknown SA <----------/----- delete new SA
1770 * ----------/----->
1771 * <--------/
1772 *
1773 * The peers' states are now out of sync.
1774 *
1775 * Perhaps the rekey initiator could keep track of deletes for non-existing SAs
1776 * while rekeying and then check against the SPIs when handling the
1777 * CREATE_CHILD_SA response.
1778 */
1779
1780
1781 /**
1782 * One of the hosts initiates a rekey of the IKE_SA of the CHILD_SA the other
1783 * peer is concurrently trying to rekey.
1784 *
1785 * rekey ----\ /---- rekey IKE
1786 * \-----/----> detect collision
1787 * detect collision <---------/ /---- TEMP_FAIL
1788 * TEMP_FAIL ----\ /
1789 * \----/----->
1790 * <--------/
1791 */
1792 START_TEST(test_collision_ike_rekey)
1793 {
1794 ike_sa_t *a, *b;
1795 uint32_t spi_a = _i+1;
1796
1797 if (_i)
1798 { /* responder rekeys the CHILD_SA (SPI 2) */
1799 exchange_test_helper->establish_sa(exchange_test_helper,
1800 &b, &a, NULL);
1801 }
1802 else
1803 { /* initiator rekeys the CHILD_SA (SPI 1) */
1804 exchange_test_helper->establish_sa(exchange_test_helper,
1805 &a, &b, NULL);
1806 }
1807 initiate_rekey(a, spi_a);
1808 call_ikesa(b, rekey);
1809 assert_ike_sa_state(b, IKE_REKEYING);
1810
1811 /* these should never get called as there is no successful rekeying on
1812 * either side */
1813 assert_hook_not_called(ike_rekey);
1814 assert_hook_not_called(child_rekey);
1815
1816 /* RFC 7296, 2.25.2: If a peer receives a request to rekey a CHILD_SA when
1817 * it is currently rekeying the IKE SA, it SHOULD reply with
1818 * TEMPORARY_FAILURE.
1819 */
1820
1821 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1822 assert_single_notify(OUT, TEMPORARY_FAILURE);
1823 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1824 assert_ike_sa_state(b, IKE_REKEYING);
1825
1826 /* RFC 7296, 2.25.1: If a peer receives a request to rekey the IKE SA, and
1827 * it is currently, rekeying, or closing a Child SA of that IKE SA, it
1828 * SHOULD reply with TEMPORARY_FAILURE.
1829 */
1830
1831 /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
1832 assert_single_notify(OUT, TEMPORARY_FAILURE);
1833 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1834 assert_child_sa_state(a, spi_a, CHILD_REKEYING, CHILD_OUTBOUND_INSTALLED);
1835
1836 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1837 /* we expect a job to retry the rekeying is scheduled */
1838 assert_jobs_scheduled(1);
1839 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1840 assert_child_sa_state(a, spi_a, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
1841 assert_scheduler();
1842
1843 /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */
1844 /* we expect a job to retry the rekeying is scheduled */
1845 assert_jobs_scheduled(1);
1846 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1847 assert_ike_sa_state(b, IKE_ESTABLISHED);
1848 assert_scheduler();
1849
1850 /* ike_rekey/child_rekey */
1851 assert_hook();
1852 assert_hook();
1853
1854 assert_sa_idle(a);
1855 assert_sa_idle(b);
1856
1857 call_ikesa(a, destroy);
1858 call_ikesa(b, destroy);
1859 }
1860 END_TEST
1861
1862 /**
1863 * One of the hosts initiates a delete of the IKE_SA of the CHILD_SA the other
1864 * peer is concurrently trying to rekey.
1865 *
1866 * rekey ----\ /---- delete IKE
1867 * \-----/----> detect collision
1868 * <---------/ /---- TEMP_FAIL
1869 * delete ----\ /
1870 * \----/----->
1871 * sa already gone <--------/
1872 */
1873 START_TEST(test_collision_ike_delete)
1874 {
1875 ike_sa_t *a, *b;
1876 uint32_t spi_a = _i+1;
1877 message_t *msg;
1878 status_t s;
1879
1880 if (_i)
1881 { /* responder rekeys the CHILD_SA (SPI 2) */
1882 exchange_test_helper->establish_sa(exchange_test_helper,
1883 &b, &a, NULL);
1884 }
1885 else
1886 { /* initiator rekeys the CHILD_SA (SPI 1) */
1887 exchange_test_helper->establish_sa(exchange_test_helper,
1888 &a, &b, NULL);
1889 }
1890 initiate_rekey(a, spi_a);
1891 call_ikesa(b, delete, FALSE);
1892 assert_ike_sa_state(b, IKE_DELETING);
1893
1894 /* this should never get called as there is no successful rekeying on
1895 * either side */
1896 assert_hook_not_called(child_rekey);
1897
1898 /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if
1899 * a peer receives a request to rekey a CHILD_SA when it is currently
1900 * closing the IKE SA. We expect a TEMPORARY_FAILURE notify.
1901 */
1902
1903 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1904 assert_single_notify(OUT, TEMPORARY_FAILURE);
1905 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1906 assert_ike_sa_state(b, IKE_DELETING);
1907
1908 /* RFC 7296, 2.25.1 does not explicitly state what the behavior SHOULD be if
1909 * a peer receives a request to close the IKE SA if it is currently rekeying
1910 * a Child SA of that IKE SA. Let's just close the IKE_SA and forget the
1911 * rekeying.
1912 */
1913
1914 /* <-- INFORMATIONAL { D } */
1915 assert_hook_updown(ike_updown, FALSE);
1916 assert_hook_updown(child_updown, FALSE);
1917 assert_message_empty(OUT);
1918 s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1919 ck_assert_int_eq(DESTROY_ME, s);
1920 call_ikesa(a, destroy);
1921 assert_hook();
1922 assert_hook();
1923
1924 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1925 /* the SA is already gone */
1926 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1927 msg->destroy(msg);
1928
1929 /* INFORMATIONAL { } --> */
1930 assert_hook_updown(ike_updown, FALSE);
1931 assert_hook_updown(child_updown, FALSE);
1932 s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1933 ck_assert_int_eq(DESTROY_ME, s);
1934 call_ikesa(b, destroy);
1935 assert_hook();
1936 assert_hook();
1937
1938 /* child_rekey */
1939 assert_hook();
1940 }
1941 END_TEST
1942
1943 Suite *child_rekey_suite_create()
1944 {
1945 Suite *s;
1946 TCase *tc;
1947
1948 s = suite_create("child rekey");
1949
1950 tc = tcase_create("regular");
1951 tcase_add_loop_test(tc, test_regular, 0, 2);
1952 tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2);
1953 tcase_add_test(tc, test_regular_responder_ignore_soft_expire);
1954 tcase_add_test(tc, test_regular_responder_handle_hard_expire);
1955 suite_add_tcase(s, tc);
1956
1957 tc = tcase_create("collisions rekey");
1958 tcase_add_loop_test(tc, test_collision, 0, 4);
1959 tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4);
1960 tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3);
1961 tcase_add_loop_test(tc, test_collision_delayed_request_more, 0, 3);
1962 tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4);
1963 tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3);
1964 suite_add_tcase(s, tc);
1965
1966 tc = tcase_create("collisions delete");
1967 tcase_add_loop_test(tc, test_collision_delete, 0, 2);
1968 tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2);
1969 tcase_add_loop_test(tc, test_collision_delete_drop_rekey, 0, 2);
1970 suite_add_tcase(s, tc);
1971
1972 tc = tcase_create("collisions ike rekey");
1973 tcase_add_loop_test(tc, test_collision_ike_rekey, 0, 2);
1974 suite_add_tcase(s, tc);
1975
1976 tc = tcase_create("collisions ike delete");
1977 tcase_add_loop_test(tc, test_collision_ike_delete, 0, 2);
1978 suite_add_tcase(s, tc);
1979
1980 return s;
1981 }