fcac49388efc33df65e2ba9a3369e1bc533bf456
[strongswan.git] / src / libcharon / tests / suites / test_child_rekey.c
1 /*
2 * Copyright (C) 2016 Tobias Brunner
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "test_suite.h"
17
18 #include <daemon.h>
19 #include <tests/utils/exchange_test_helper.h>
20 #include <tests/utils/exchange_test_asserts.h>
21 #include <tests/utils/job_asserts.h>
22 #include <tests/utils/sa_asserts.h>
23
24 /**
25 * Initiate rekeying the CHILD_SA with the given SPI on the given IKE_SA.
26 */
27 #define initiate_rekey(sa, spi) ({ \
28 assert_hook_not_called(child_updown); \
29 assert_hook_not_called(child_rekey); \
30 call_ikesa(sa, rekey_child_sa, PROTO_ESP, spi); \
31 assert_child_sa_state(sa, spi, CHILD_REKEYING); \
32 assert_hook(); \
33 assert_hook(); \
34 })
35
36 /**
37 * Regular CHILD_SA rekey either initiated by the original initiator or
38 * responder of the IKE_SA.
39 */
40 START_TEST(test_regular)
41 {
42 ike_sa_t *a, *b;
43 uint32_t spi_a = _i+1, spi_b = 2-_i;
44
45 if (_i)
46 { /* responder rekeys the CHILD_SA (SPI 2) */
47 exchange_test_helper->establish_sa(exchange_test_helper,
48 &b, &a, NULL);
49 }
50 else
51 { /* initiator rekeys the CHILD_SA (SPI 1) */
52 exchange_test_helper->establish_sa(exchange_test_helper,
53 &a, &b, NULL);
54 }
55 initiate_rekey(a, spi_a);
56
57 /* this should never get called as this results in a successful rekeying */
58 assert_hook_not_called(child_updown);
59
60 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
61 assert_hook_called(child_rekey);
62 assert_notify(IN, REKEY_SA);
63 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
64 assert_child_sa_state(b, spi_b, CHILD_REKEYED);
65 assert_child_sa_state(b, 4, CHILD_INSTALLED);
66 assert_hook();
67
68 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
69 assert_hook_called(child_rekey);
70 assert_no_notify(IN, REKEY_SA);
71 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
72 assert_child_sa_state(a, spi_a, CHILD_DELETING);
73 assert_child_sa_state(a, 3, CHILD_INSTALLED);
74 assert_hook();
75
76 /* INFORMATIONAL { D } --> */
77 assert_hook_not_called(child_rekey);
78 assert_single_payload(IN, PLV2_DELETE);
79 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
80 assert_child_sa_state(b, 4, CHILD_INSTALLED);
81 assert_child_sa_count(b, 1);
82 assert_hook();
83 /* <-- INFORMATIONAL { D } */
84 assert_hook_not_called(child_rekey);
85 assert_single_payload(IN, PLV2_DELETE);
86 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
87 assert_child_sa_state(a, 3, CHILD_INSTALLED);
88 assert_child_sa_count(a, 1);
89 assert_hook();
90
91 /* child_updown */
92 assert_hook();
93
94 call_ikesa(a, destroy);
95 call_ikesa(b, destroy);
96 }
97 END_TEST
98
99 /**
100 * CHILD_SA rekey where the responder does not agree with the DH group selected
101 * by the initiator, either initiated by the original initiator or responder of
102 * the IKE_SA.
103 */
104 START_TEST(test_regular_ke_invalid)
105 {
106 exchange_test_sa_conf_t conf = {
107 .initiator = {
108 .esp = "aes128-sha256-modp2048-modp3072",
109 },
110 .responder = {
111 .esp = "aes128-sha256-modp3072-modp2048",
112 },
113 };
114 ike_sa_t *a, *b;
115 uint32_t spi_a = _i+1, spi_b = 2-_i;
116
117 if (_i)
118 { /* responder rekeys the CHILD_SA (SPI 2) */
119 exchange_test_helper->establish_sa(exchange_test_helper,
120 &b, &a, &conf);
121 }
122 else
123 { /* initiator rekeys the CHILD_SA (SPI 1) */
124 exchange_test_helper->establish_sa(exchange_test_helper,
125 &a, &b, &conf);
126 }
127 initiate_rekey(a, spi_a);
128
129 /* this should never get called as this results in a successful rekeying */
130 assert_hook_not_called(child_updown);
131
132 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
133 assert_hook_not_called(child_rekey);
134 assert_notify(IN, REKEY_SA);
135 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
136 assert_child_sa_state(b, spi_b, CHILD_INSTALLED);
137 assert_child_sa_count(b, 1);
138 assert_hook();
139
140 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
141 assert_hook_not_called(child_rekey);
142 assert_single_notify(IN, INVALID_KE_PAYLOAD);
143 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
144 assert_child_sa_state(a, spi_a, CHILD_REKEYING);
145 assert_child_sa_count(a, 1);
146 assert_hook();
147
148 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
149 assert_hook_called(child_rekey);
150 assert_notify(IN, REKEY_SA);
151 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
152 assert_child_sa_state(b, spi_b, CHILD_REKEYED);
153 assert_child_sa_state(b, 6, CHILD_INSTALLED);
154 assert_hook();
155
156 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
157 assert_hook_called(child_rekey);
158 assert_no_notify(IN, REKEY_SA);
159 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
160 assert_child_sa_state(a, spi_a, CHILD_DELETING);
161 assert_child_sa_state(a, 5, CHILD_INSTALLED);
162 assert_hook();
163
164 /* INFORMATIONAL { D } --> */
165 assert_hook_not_called(child_rekey);
166 assert_single_payload(IN, PLV2_DELETE);
167 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
168 assert_child_sa_state(b, 6, CHILD_INSTALLED);
169 assert_child_sa_count(b, 1);
170 assert_hook();
171 /* <-- INFORMATIONAL { D } */
172 assert_hook_not_called(child_rekey);
173 assert_single_payload(IN, PLV2_DELETE);
174 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
175 assert_child_sa_state(a, 5, CHILD_INSTALLED);
176 assert_child_sa_count(a, 1);
177 assert_hook();
178
179 /* child_updown */
180 assert_hook();
181
182 call_ikesa(a, destroy);
183 call_ikesa(b, destroy);
184 }
185 END_TEST
186
187 /**
188 * Check that the responder ignores soft expires while waiting for the delete
189 * after a rekeying.
190 */
191 START_TEST(test_regular_responder_ignore_soft_expire)
192 {
193 ike_sa_t *a, *b;
194
195 exchange_test_helper->establish_sa(exchange_test_helper,
196 &a, &b, NULL);
197 initiate_rekey(a, 1);
198
199 /* this should never get called as this results in a successful rekeying */
200 assert_hook_not_called(child_updown);
201
202 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
203 assert_hook_called(child_rekey);
204 assert_notify(IN, REKEY_SA);
205 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
206 assert_child_sa_state(b, 2, CHILD_REKEYED);
207 assert_child_sa_state(b, 4, CHILD_INSTALLED);
208 assert_hook();
209
210 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
211 assert_hook_called(child_rekey);
212 assert_no_notify(IN, REKEY_SA);
213 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
214 assert_child_sa_state(a, 1, CHILD_DELETING);
215 assert_child_sa_state(a, 3, CHILD_INSTALLED);
216 assert_hook();
217
218 /* we don't expect this to get called anymore */
219 assert_hook_not_called(child_rekey);
220 /* this should not produce a message, if it does there won't be a delete
221 * payload below */
222 call_ikesa(b, rekey_child_sa, PROTO_ESP, 2);
223 assert_child_sa_state(b, 2, CHILD_REKEYED);
224
225 /* INFORMATIONAL { D } --> */
226 assert_single_payload(IN, PLV2_DELETE);
227 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
228 assert_child_sa_state(b, 4, CHILD_INSTALLED);
229 assert_child_sa_count(b, 1);
230 /* <-- INFORMATIONAL { D } */
231 assert_single_payload(IN, PLV2_DELETE);
232 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
233 assert_child_sa_state(a, 3, CHILD_INSTALLED);
234 assert_child_sa_count(a, 1);
235
236 /* child_rekey/child_updown */
237 assert_hook();
238 assert_hook();
239
240 call_ikesa(a, destroy);
241 call_ikesa(b, destroy);
242 }
243 END_TEST
244
245 /**
246 * Check that the responder handles hard expires properly while waiting for the
247 * delete after a rekeying (e.g. if the initiator of the rekeying fails to
248 * delete the CHILD_SA for some reason).
249 */
250 START_TEST(test_regular_responder_handle_hard_expire)
251 {
252 ike_sa_t *a, *b;
253
254 exchange_test_helper->establish_sa(exchange_test_helper,
255 &a, &b, NULL);
256 initiate_rekey(a, 1);
257
258 /* this should never get called as this results in a successful rekeying */
259 assert_hook_not_called(child_updown);
260
261 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
262 assert_hook_called(child_rekey);
263 assert_notify(IN, REKEY_SA);
264 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
265 assert_child_sa_state(b, 2, CHILD_REKEYED);
266 assert_child_sa_state(b, 4, CHILD_INSTALLED);
267 assert_hook();
268
269 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
270 assert_hook_called(child_rekey);
271 assert_no_notify(IN, REKEY_SA);
272 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
273 assert_child_sa_state(a, 1, CHILD_DELETING);
274 assert_child_sa_state(a, 3, CHILD_INSTALLED);
275 assert_hook();
276
277 /* we don't expect this to get called anymore */
278 assert_hook_not_called(child_rekey);
279 /* this is similar to a regular delete collision */
280 assert_single_payload(OUT, PLV2_DELETE);
281 call_ikesa(b, delete_child_sa, PROTO_ESP, 2, TRUE);
282 assert_child_sa_state(b, 2, CHILD_DELETING);
283
284 /* INFORMATIONAL { D } --> */
285 assert_single_payload(IN, PLV2_DELETE);
286 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
287 assert_child_sa_state(b, 4, CHILD_INSTALLED);
288 assert_child_sa_state(a, 2, CHILD_DELETING);
289 /* <-- INFORMATIONAL { D } */
290 assert_single_payload(IN, PLV2_DELETE);
291 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
292 assert_child_sa_state(a, 3, CHILD_INSTALLED);
293 assert_child_sa_state(a, 1, CHILD_DELETING);
294 /* <-- INFORMATIONAL { } */
295 assert_message_empty(IN);
296 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
297 assert_child_sa_state(a, 3, CHILD_INSTALLED);
298 assert_child_sa_count(a, 1);
299 /* INFORMATIONAL { } --> */
300 assert_message_empty(IN);
301 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
302 assert_child_sa_state(b, 4, CHILD_INSTALLED);
303 assert_child_sa_count(b, 1);
304
305 /* child_rekey/child_updown */
306 assert_hook();
307 assert_hook();
308
309 call_ikesa(a, destroy);
310 call_ikesa(b, destroy);
311 }
312 END_TEST
313
314 /**
315 * Both peers initiate the CHILD_SA reekying concurrently and should handle
316 * the collision properly depending on the nonces.
317 */
318 START_TEST(test_collision)
319 {
320 ike_sa_t *a, *b;
321
322 exchange_test_helper->establish_sa(exchange_test_helper,
323 &a, &b, NULL);
324
325 /* When rekeyings collide we get two CHILD_SAs with a total of four nonces.
326 * The CHILD_SA with the lowest nonce SHOULD be deleted by the peer that
327 * created that CHILD_SA. The replaced CHILD_SA is deleted by the peer that
328 * initiated the surviving SA.
329 * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
330 * CHILD_SA):
331 * N1/3 -----\ /----- N2/4
332 * \--/-----> N3/5
333 * N4/6 <-------/ /----- ...
334 * ... -----\
335 * We test this four times, each time a different nonce is the lowest.
336 */
337 struct {
338 /* Nonces used at each point */
339 u_char nonces[4];
340 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
341 uint32_t spi_del_a, spi_del_b;
342 /* SPIs of the kept CHILD_SA */
343 uint32_t spi_a, spi_b;
344 } data[] = {
345 { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
346 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
347 { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
348 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
349 };
350
351 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
352 initiate_rekey(a, 1);
353 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
354 initiate_rekey(b, 2);
355
356 /* this should never get called as this results in a successful rekeying */
357 assert_hook_not_called(child_updown);
358
359 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
360 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
361 assert_hook_rekey(child_rekey, 2, 5);
362 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
363 assert_child_sa_state(b, 2, CHILD_REKEYED);
364 assert_child_sa_state(b, 5, CHILD_INSTALLED);
365 assert_hook();
366 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
367 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
368 assert_hook_rekey(child_rekey, 1, 6);
369 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
370 assert_child_sa_state(a, 1, CHILD_REKEYED);
371 assert_child_sa_state(a, 6, CHILD_INSTALLED);
372 assert_hook();
373
374 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
375 if (data[_i].spi_del_a == 1)
376 { /* currently we call this again if we keep our own replacement as we
377 * already called it above */
378 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
379 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
380 assert_hook();
381 }
382 else
383 {
384 assert_hook_not_called(child_rekey);
385 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
386 assert_hook();
387 }
388 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
389 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED);
390 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
391 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
392 if (data[_i].spi_del_b == 2)
393 {
394 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
395 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
396 assert_hook();
397 }
398 else
399 {
400 assert_hook_not_called(child_rekey);
401 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
402 assert_hook();
403 }
404 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
405 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED);
406 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
407
408 /* we don't expect this hook to get called anymore */
409 assert_hook_not_called(child_rekey);
410 /* INFORMATIONAL { D } --> */
411 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
412 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
413 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
414 assert_child_sa_count(b, 2);
415 /* <-- INFORMATIONAL { D } */
416 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
417 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
418 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
419 assert_child_sa_count(a, 2);
420 /* <-- INFORMATIONAL { D } */
421 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
422 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
423 assert_child_sa_count(a, 1);
424 /* INFORMATIONAL { D } --> */
425 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
426 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
427 assert_child_sa_count(b, 1);
428
429 /* child_rekey/child_updown */
430 assert_hook();
431 assert_hook();
432
433 call_ikesa(a, destroy);
434 call_ikesa(b, destroy);
435 }
436 END_TEST
437
438 /**
439 * This is like the rekey collision above, but one peer deletes the
440 * redundant/old SA before the other peer receives the CREATE_CHILD_SA
441 * response:
442 *
443 * rekey ----\ /---- rekey
444 * \-----/----> detect collision
445 * detect collision <---------/ /----
446 * ----\ /
447 * \----/----->
448 * handle delete <--------/------- delete SA
449 * --------/------->
450 * handle rekey <------/
451 * delete SA ---------------->
452 * <----------------
453 */
454 START_TEST(test_collision_delayed_response)
455 {
456 ike_sa_t *a, *b;
457 message_t *msg;
458
459 exchange_test_helper->establish_sa(exchange_test_helper,
460 &a, &b, NULL);
461
462 /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
463 * CHILD_SA):
464 * N1/3 -----\ /----- N2/4
465 * \--/-----> N3/5
466 * N4/6 <-------/ /----- ...
467 * ... -----\
468 * We test this four times, each time a different nonce is the lowest.
469 */
470 struct {
471 /* Nonces used at each point */
472 u_char nonces[4];
473 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
474 uint32_t spi_del_a, spi_del_b;
475 /* SPIs of the kept CHILD_SA */
476 uint32_t spi_a, spi_b;
477 } data[] = {
478 { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 },
479 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 },
480 { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 },
481 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 },
482 };
483
484 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
485 initiate_rekey(a, 1);
486 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
487 initiate_rekey(b, 2);
488
489 /* this should never get called as this results in a successful rekeying */
490 assert_hook_not_called(child_updown);
491
492 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
493 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
494 assert_hook_rekey(child_rekey, 2, 5);
495 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
496 assert_child_sa_state(b, 2, CHILD_REKEYED);
497 assert_child_sa_state(b, 5, CHILD_INSTALLED);
498 assert_hook();
499 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
500 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
501 assert_hook_rekey(child_rekey, 1, 6);
502 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
503 assert_child_sa_state(a, 1, CHILD_REKEYED);
504 assert_child_sa_state(a, 6, CHILD_INSTALLED);
505 assert_hook();
506
507 /* delay the CREATE_CHILD_SA response from b to a */
508 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
509
510 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
511 if (data[_i].spi_del_b == 2)
512 {
513 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
514 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
515 assert_hook();
516 }
517 else
518 {
519 assert_hook_not_called(child_rekey);
520 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
521 assert_hook();
522 }
523 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
524 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED);
525 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
526
527 /* <-- INFORMATIONAL { D } */
528 assert_hook_not_called(child_rekey);
529 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
530 if (data[_i].spi_del_b == 2)
531 {
532 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
533 assert_child_sa_count(a, 1);
534 }
535 else
536 {
537 assert_child_sa_state(a, 1, CHILD_REKEYED);
538 assert_child_sa_count(a, 1);
539 }
540 /* INFORMATIONAL { D } --> */
541 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
542 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED);
543 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
544 assert_child_sa_count(b, 2);
545 assert_hook();
546
547 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } (delayed) */
548 if (data[_i].spi_del_a == 1)
549 {
550 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
551 exchange_test_helper->process_message(exchange_test_helper, a, msg);
552 assert_hook();
553 }
554 else
555 {
556 assert_hook_not_called(child_rekey);
557 exchange_test_helper->process_message(exchange_test_helper, a, msg);
558 assert_hook();
559 }
560 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
561 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
562 assert_child_sa_count(a, 2);
563
564 /* we don't expect this hook to get called anymore */
565 assert_hook_not_called(child_rekey);
566 /* INFORMATIONAL { D } --> */
567 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
568 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
569 assert_child_sa_count(b, 1);
570 /* <-- INFORMATIONAL { D } */
571 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
572 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
573 assert_child_sa_count(a, 1);
574
575 /* child_rekey/child_updown */
576 assert_hook();
577 assert_hook();
578
579 call_ikesa(a, destroy);
580 call_ikesa(b, destroy);
581 }
582 END_TEST
583
584 /**
585 * In this scenario one of the peers does not notice that there is a
586 * rekey collision:
587 *
588 * rekey ----\ /---- rekey
589 * \ /
590 * detect collision <-----\---/
591 * -------\-------->
592 * \ /---- delete old SA
593 * \-/----> detect collision
594 * detect collision <---------/ /---- TEMP_FAIL
595 * delete -----------/---->
596 * aborts rekeying <---------/
597 */
598 START_TEST(test_collision_delayed_request)
599 {
600 ike_sa_t *a, *b;
601 message_t *msg;
602
603 exchange_test_helper->establish_sa(exchange_test_helper,
604 &a, &b, NULL);
605
606 /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
607 * CHILD_SA):
608 * N1/3 -----\ /----- N2/4
609 * N3/5 <-----\--/
610 * ... -----\ \-------> ...
611 * We test this three times, each time a different nonce is the lowest.
612 */
613 struct {
614 /* Nonces used at each point */
615 u_char nonces[3];
616 } data[] = {
617 { { 0x00, 0xFF, 0xFF } },
618 { { 0xFF, 0x00, 0xFF } },
619 { { 0xFF, 0xFF, 0x00 } },
620 };
621
622 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
623 initiate_rekey(a, 1);
624 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
625 initiate_rekey(b, 2);
626
627 /* delay the CREATE_CHILD_SA request from a to b */
628 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
629
630 /* this should never get called as this results in a successful rekeying */
631 assert_hook_not_called(child_updown);
632
633 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
634 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
635 assert_hook_rekey(child_rekey, 1, 5);
636 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
637 assert_child_sa_state(a, 1, CHILD_REKEYED);
638 assert_child_sa_state(a, 5, CHILD_INSTALLED);
639 assert_hook();
640 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
641 assert_hook_rekey(child_rekey, 2, 4);
642 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
643 assert_child_sa_state(b, 2, CHILD_DELETING);
644 assert_child_sa_state(b, 4, CHILD_INSTALLED);
645 assert_hook();
646
647 /* we don't expect this hook to get called anymore */
648 assert_hook_not_called(child_rekey);
649
650 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
651 assert_single_notify(OUT, TEMPORARY_FAILURE);
652 exchange_test_helper->process_message(exchange_test_helper, b, msg);
653 assert_child_sa_state(b, 2, CHILD_DELETING);
654 assert_child_sa_state(b, 4, CHILD_INSTALLED);
655
656 /* <-- INFORMATIONAL { D } */
657 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
658 assert_child_sa_state(a, 5, CHILD_INSTALLED);
659 assert_child_sa_count(a, 1);
660
661 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
662 assert_no_jobs_scheduled();
663 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
664 assert_child_sa_state(a, 5, CHILD_INSTALLED);
665 assert_child_sa_count(a, 1);
666 assert_scheduler();
667
668 /* INFORMATIONAL { D } --> */
669 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
670 assert_child_sa_state(b, 4, CHILD_INSTALLED);
671 assert_child_sa_count(b, 1);
672
673 /* child_rekey/child_updown */
674 assert_hook();
675 assert_hook();
676
677 assert_sa_idle(a);
678 assert_sa_idle(b);
679
680 call_ikesa(a, destroy);
681 call_ikesa(b, destroy);
682 }
683 END_TEST
684
685 /**
686 * Similar to above one peer fails to notice the collision but the
687 * CREATE_CHILD_SA request is even more delayed:
688 *
689 * rekey ----\ /---- rekey
690 * \ /
691 * detect collision <-----\---/
692 * -------\-------->
693 * detect collision <-------\-------- delete old SA
694 * delete ---------\------>
695 * \----->
696 * /---- CHILD_SA_NOT_FOUND
697 * aborts rekeying <----------/
698 */
699 START_TEST(test_collision_delayed_request_more)
700 {
701 ike_sa_t *a, *b;
702 message_t *msg;
703
704 exchange_test_helper->establish_sa(exchange_test_helper,
705 &a, &b, NULL);
706
707 /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
708 * CHILD_SA):
709 * N1/3 -----\ /----- N2/4
710 * N3/5 <-----\--/
711 * ... -----\ \-------> ...
712 * We test this three times, each time a different nonce is the lowest.
713 */
714 struct {
715 /* Nonces used at each point */
716 u_char nonces[3];
717 } data[] = {
718 { { 0x00, 0xFF, 0xFF } },
719 { { 0xFF, 0x00, 0xFF } },
720 { { 0xFF, 0xFF, 0x00 } },
721 };
722
723 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
724 initiate_rekey(a, 1);
725 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
726 initiate_rekey(b, 2);
727
728 /* delay the CREATE_CHILD_SA request from a to b */
729 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
730
731 /* this should never get called as this results in a successful rekeying */
732 assert_hook_not_called(child_updown);
733
734 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
735 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
736 assert_hook_rekey(child_rekey, 1, 5);
737 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
738 assert_child_sa_state(a, 1, CHILD_REKEYED);
739 assert_child_sa_state(a, 5, CHILD_INSTALLED);
740 assert_hook();
741 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
742 assert_hook_rekey(child_rekey, 2, 4);
743 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
744 assert_child_sa_state(b, 2, CHILD_DELETING);
745 assert_child_sa_state(b, 4, CHILD_INSTALLED);
746 assert_hook();
747
748 /* we don't expect this hook to get called anymore */
749 assert_hook_not_called(child_rekey);
750
751 /* <-- INFORMATIONAL { D } */
752 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
753 assert_child_sa_state(a, 5, CHILD_INSTALLED);
754 assert_child_sa_count(a, 1);
755 /* INFORMATIONAL { D } --> */
756 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
757 assert_child_sa_state(b, 4, CHILD_INSTALLED);
758 assert_child_sa_count(b, 1);
759
760 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
761 assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
762 exchange_test_helper->process_message(exchange_test_helper, b, msg);
763 assert_child_sa_state(b, 4, CHILD_INSTALLED);
764 assert_child_sa_count(b, 1);
765 /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
766 assert_no_jobs_scheduled();
767 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
768 assert_child_sa_state(a, 5, CHILD_INSTALLED);
769 assert_child_sa_count(a, 1);
770 assert_scheduler();
771
772 /* child_rekey/child_updown */
773 assert_hook();
774 assert_hook();
775
776 assert_sa_idle(a);
777 assert_sa_idle(b);
778
779 call_ikesa(a, destroy);
780 call_ikesa(b, destroy);
781 }
782 END_TEST
783
784 /**
785 * Both peers initiate the CHILD_SA reekying concurrently but the proposed DH
786 * groups are not the same after handling the INVALID_KE_PAYLOAD they should
787 * still handle the collision properly depending on the nonces.
788 */
789 START_TEST(test_collision_ke_invalid)
790 {
791 exchange_test_sa_conf_t conf = {
792 .initiator = {
793 .esp = "aes128-sha256-modp2048-modp3072",
794 },
795 .responder = {
796 .esp = "aes128-sha256-modp3072-modp2048",
797 },
798 };
799 ike_sa_t *a, *b;
800
801 exchange_test_helper->establish_sa(exchange_test_helper,
802 &a, &b, &conf);
803
804 /* Eight nonces and SPIs are needed (SPI 1 and 2 are used for the initial
805 * CHILD_SA):
806 * N1/3 -----\ /----- N2/4
807 * \--/-----> N3/5
808 * N4/6 <-------/ /---- INVAL_KE
809 * INVAL_KE -----\ /
810 * <-----\--/
811 * N5/7 -----\ \------->
812 * \ /---- N6/8
813 * \--/----> N7/9
814 * N8/10 <--------/ /---- ...
815 * ... ------\
816 *
817 * We test this four times, each time a different nonce is the lowest.
818 */
819 struct {
820 /* Nonces used at each point */
821 u_char nonces[4];
822 /* SPIs of the deleted CHILD_SA (either redundant or replaced) */
823 uint32_t spi_del_a, spi_del_b;
824 /* SPIs of the kept CHILD_SA */
825 uint32_t spi_a, spi_b;
826 } data[] = {
827 { { 0x00, 0xFF, 0xFF, 0xFF }, 7, 2,10, 8 },
828 { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 8, 7, 9 },
829 { { 0xFF, 0xFF, 0x00, 0xFF }, 7, 2,10, 8 },
830 { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 8, 7, 9 },
831 };
832
833 /* make sure the nonces of the first try don't affect the retries */
834 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
835 initiate_rekey(a, 1);
836 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
837 initiate_rekey(b, 2);
838
839 /* this should never get called as this results in a successful rekeying */
840 assert_hook_not_called(child_updown);
841
842 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
843 assert_hook_not_called(child_rekey);
844 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
845 assert_child_sa_state(b, 2, CHILD_REKEYING);
846 assert_child_sa_count(b, 1);
847 assert_hook();
848 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
849 assert_hook_not_called(child_rekey);
850 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
851 assert_child_sa_state(a, 1, CHILD_REKEYING);
852 assert_child_sa_count(a, 1);
853 assert_hook();
854
855 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
856 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
857 assert_hook_not_called(child_rekey);
858 assert_single_notify(IN, INVALID_KE_PAYLOAD);
859 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
860 assert_child_sa_state(a, 1, CHILD_REKEYING);
861 assert_child_sa_count(a, 1);
862 assert_hook();
863 /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
864 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
865 assert_hook_not_called(child_rekey);
866 assert_single_notify(IN, INVALID_KE_PAYLOAD);
867 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
868 assert_child_sa_state(b, 2, CHILD_REKEYING);
869 assert_child_sa_count(b, 1);
870 assert_hook();
871
872 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
873 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
874 assert_hook_rekey(child_rekey, 2, 9);
875 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
876 assert_child_sa_state(b, 2, CHILD_REKEYED);
877 assert_child_sa_state(b, 9, CHILD_INSTALLED);
878 assert_hook();
879 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
880 exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
881 assert_hook_rekey(child_rekey, 1, 10);
882 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
883 assert_child_sa_state(a, 1, CHILD_REKEYED);
884 assert_child_sa_state(a,10, CHILD_INSTALLED);
885 assert_hook();
886
887 /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
888 if (data[_i].spi_del_a == 1)
889 { /* currently we call this again if we keep our own replacement as we
890 * already called it above */
891 assert_hook_rekey(child_rekey, 1, data[_i].spi_a);
892 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
893 assert_hook();
894 }
895 else
896 {
897 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
898 }
899 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
900 assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED);
901 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
902 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
903 if (data[_i].spi_del_b == 2)
904 {
905 assert_hook_rekey(child_rekey, 2, data[_i].spi_b);
906 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
907 assert_hook();
908 }
909 else
910 {
911 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
912 }
913 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
914 assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED);
915 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
916
917 /* we don't expect this hook to get called anymore */
918 assert_hook_not_called(child_rekey);
919 /* INFORMATIONAL { D } --> */
920 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
921 assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING);
922 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
923 assert_child_sa_count(b, 2);
924 /* <-- INFORMATIONAL { D } */
925 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
926 assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING);
927 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
928 assert_child_sa_count(a, 2);
929 /* <-- INFORMATIONAL { D } */
930 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
931 assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED);
932 assert_child_sa_count(a, 1);
933 /* INFORMATIONAL { D } --> */
934 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
935 assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED);
936 assert_child_sa_count(b, 1);
937
938 /* child_rekey/child_updown */
939 assert_hook();
940 assert_hook();
941
942 assert_sa_idle(a);
943 assert_sa_idle(b);
944
945 call_ikesa(a, destroy);
946 call_ikesa(b, destroy);
947 }
948 END_TEST
949
950 /**
951 * This is a variation of the above but with the retry by one peer delayed so
952 * that to the other peer it looks like there is no collision.
953 */
954 START_TEST(test_collision_ke_invalid_delayed_retry)
955 {
956 exchange_test_sa_conf_t conf = {
957 .initiator = {
958 .esp = "aes128-sha256-modp2048-modp3072",
959 },
960 .responder = {
961 .esp = "aes128-sha256-modp3072-modp2048",
962 },
963 };
964 ike_sa_t *a, *b;
965 message_t *msg;
966
967 exchange_test_helper->establish_sa(exchange_test_helper,
968 &a, &b, &conf);
969
970 /* Seven nonces and SPIs are needed (SPI 1 and 2 are used for the initial
971 * CHILD_SA):
972 * N1/3 -----\ /----- N2/4
973 * \--/-----> N3/5
974 * N4/6 <-------/ /---- INVAL_KE
975 * INVAL_KE -----\ /
976 * <-----\--/
977 * N5/7 -----\ \------->
978 * <-----\--------- N6/8
979 * N7/9 -------\------->
980 * <-------\------- DELETE
981 * ... ------\ \----->
982 * /---- TEMP_FAIL
983 *
984 * We test this three times, each time a different nonce is the lowest.
985 */
986 struct {
987 /* Nonces used at each point */
988 u_char nonces[3];
989 } data[] = {
990 { { 0x00, 0xFF, 0xFF } },
991 { { 0xFF, 0x00, 0xFF } },
992 { { 0xFF, 0xFF, 0x00 } },
993 };
994
995 /* make sure the nonces of the first try don't affect the retries */
996 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
997 initiate_rekey(a, 1);
998 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
999 initiate_rekey(b, 2);
1000
1001 /* this should never get called as this results in a successful rekeying */
1002 assert_hook_not_called(child_updown);
1003
1004 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1005 assert_hook_not_called(child_rekey);
1006 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1007 assert_child_sa_state(b, 2, CHILD_REKEYING);
1008 assert_child_sa_count(b, 1);
1009 assert_hook();
1010 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1011 assert_hook_not_called(child_rekey);
1012 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1013 assert_child_sa_state(a, 1, CHILD_REKEYING);
1014 assert_child_sa_count(a, 1);
1015 assert_hook();
1016
1017 /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
1018 exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1019 assert_hook_not_called(child_rekey);
1020 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1021 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1022 assert_child_sa_state(a, 1, CHILD_REKEYING);
1023 assert_child_sa_count(a, 1);
1024 assert_hook();
1025 /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
1026 exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1027 assert_hook_not_called(child_rekey);
1028 assert_single_notify(IN, INVALID_KE_PAYLOAD);
1029 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1030 assert_child_sa_state(b, 2, CHILD_REKEYING);
1031 assert_child_sa_count(b, 1);
1032 assert_hook();
1033
1034 /* delay the CREATE_CHILD_SA request from a to b */
1035 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1036
1037 /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */
1038 exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1039 assert_hook_rekey(child_rekey, 1, 9);
1040 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1041 assert_child_sa_state(a, 1, CHILD_REKEYED);
1042 assert_child_sa_state(a, 9, CHILD_INSTALLED);
1043 assert_hook();
1044 /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */
1045 assert_hook_rekey(child_rekey, 2, 8);
1046 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1047 assert_child_sa_state(b, 2, CHILD_DELETING);
1048 assert_child_sa_state(b, 8, CHILD_INSTALLED);
1049 assert_hook();
1050
1051 /* we don't expect this hook to get called anymore */
1052 assert_hook_not_called(child_rekey);
1053
1054 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
1055 assert_single_notify(OUT, TEMPORARY_FAILURE);
1056 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1057 assert_child_sa_state(b, 2, CHILD_DELETING);
1058 assert_child_sa_state(b, 8, CHILD_INSTALLED);
1059
1060 /* <-- INFORMATIONAL { D } */
1061 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1062 assert_child_sa_state(a, 9, CHILD_INSTALLED);
1063 assert_child_sa_count(a, 1);
1064
1065 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1066 assert_no_jobs_scheduled();
1067 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1068 assert_child_sa_state(a, 9, CHILD_INSTALLED);
1069 assert_child_sa_count(a, 1);
1070 assert_scheduler();
1071
1072 /* INFORMATIONAL { D } --> */
1073 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1074 assert_child_sa_state(b, 8, CHILD_INSTALLED);
1075 assert_child_sa_count(b, 1);
1076
1077 /* child_rekey/child_updown */
1078 assert_hook();
1079 assert_hook();
1080
1081 assert_sa_idle(a);
1082 assert_sa_idle(b);
1083
1084 call_ikesa(a, destroy);
1085 call_ikesa(b, destroy);
1086 }
1087 END_TEST
1088
1089 /**
1090 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1091 * concurrently trying to rekey.
1092 *
1093 * rekey ----\ /---- delete
1094 * \-----/----> detect collision
1095 * detect collision <---------/ /---- TEMP_FAIL
1096 * delete ----\ /
1097 * \----/----->
1098 * aborts rekeying <--------/
1099 */
1100 START_TEST(test_collision_delete)
1101 {
1102 ike_sa_t *a, *b;
1103 uint32_t spi_a = _i+1, spi_b = 2-_i;
1104
1105 if (_i)
1106 { /* responder rekeys the CHILD_SA (SPI 2) */
1107 exchange_test_helper->establish_sa(exchange_test_helper,
1108 &b, &a, NULL);
1109 }
1110 else
1111 { /* initiator rekeys the CHILD_SA (SPI 1) */
1112 exchange_test_helper->establish_sa(exchange_test_helper,
1113 &a, &b, NULL);
1114 }
1115 initiate_rekey(a, spi_a);
1116 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1117 assert_child_sa_state(b, spi_b, CHILD_DELETING);
1118
1119 /* this should never get called as there is no successful rekeying on
1120 * either side */
1121 assert_hook_not_called(child_rekey);
1122
1123 /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
1124 * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1125 */
1126
1127 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1128 assert_hook_not_called(child_updown);
1129 assert_notify(IN, REKEY_SA);
1130 assert_single_notify(OUT, TEMPORARY_FAILURE);
1131 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1132 assert_child_sa_state(b, spi_b, CHILD_DELETING);
1133 assert_hook();
1134
1135 /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
1136 * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
1137 * payload.
1138 */
1139
1140 /* <-- INFORMATIONAL { D } */
1141 assert_hook_updown(child_updown, FALSE);
1142 assert_single_payload(IN, PLV2_DELETE);
1143 assert_single_payload(OUT, PLV2_DELETE);
1144 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1145 assert_child_sa_count(a, 0);
1146 assert_hook();
1147
1148 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1149 assert_hook_not_called(child_updown);
1150 /* we don't expect a job to retry the rekeying */
1151 assert_no_jobs_scheduled();
1152 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1153 assert_scheduler();
1154 assert_hook();
1155
1156 /* INFORMATIONAL { D } --> */
1157 assert_hook_updown(child_updown, FALSE);
1158 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1159 assert_child_sa_count(b, 0);
1160 assert_hook();
1161
1162 /* child_rekey */
1163 assert_hook();
1164
1165 assert_sa_idle(a);
1166 assert_sa_idle(b);
1167
1168 call_ikesa(a, destroy);
1169 call_ikesa(b, destroy);
1170 }
1171 END_TEST
1172
1173 /**
1174 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1175 * concurrently trying to rekey. However, the delete request is delayed or
1176 * dropped, so the peer doing the rekeying is unaware of the collision.
1177 *
1178 * rekey ----\ /---- delete
1179 * \-----/----> detect collision
1180 * reschedule <---------/------ TEMP_FAIL
1181 * <--------/
1182 * delete ---------------->
1183 *
1184 * The job will not find the SA to retry rekeying.
1185 */
1186 START_TEST(test_collision_delete_drop_delete)
1187 {
1188 ike_sa_t *a, *b;
1189 message_t *msg;
1190 uint32_t spi_a = _i+1, spi_b = 2-_i;
1191
1192 if (_i)
1193 { /* responder rekeys the CHILD_SA (SPI 2) */
1194 exchange_test_helper->establish_sa(exchange_test_helper,
1195 &b, &a, NULL);
1196 }
1197 else
1198 { /* initiator rekeys the CHILD_SA (SPI 1) */
1199 exchange_test_helper->establish_sa(exchange_test_helper,
1200 &a, &b, NULL);
1201 }
1202 initiate_rekey(a, spi_a);
1203 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1204 assert_child_sa_state(b, spi_b, CHILD_DELETING);
1205
1206 /* this should never get called as there is no successful rekeying on
1207 * either side */
1208 assert_hook_not_called(child_rekey);
1209
1210 /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that
1211 * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1212 */
1213
1214 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1215 assert_hook_not_called(child_updown);
1216 assert_notify(IN, REKEY_SA);
1217 assert_single_notify(OUT, TEMPORARY_FAILURE);
1218 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1219 assert_child_sa_state(b, spi_b, CHILD_DELETING);
1220 assert_hook();
1221
1222 /* delay the DELETE request */
1223 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1224
1225 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1226 assert_hook_not_called(child_updown);
1227 /* we expect a job to retry the rekeying is scheduled */
1228 assert_jobs_scheduled(1);
1229 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1230 assert_child_sa_state(a, spi_a, CHILD_INSTALLED);
1231 assert_scheduler();
1232 assert_hook();
1233
1234 /* <-- INFORMATIONAL { D } (delayed) */
1235 assert_hook_updown(child_updown, FALSE);
1236 assert_single_payload(IN, PLV2_DELETE);
1237 assert_single_payload(OUT, PLV2_DELETE);
1238 exchange_test_helper->process_message(exchange_test_helper, a, msg);
1239 assert_child_sa_count(a, 0);
1240 assert_hook();
1241
1242 /* INFORMATIONAL { D } --> */
1243 assert_hook_updown(child_updown, FALSE);
1244 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1245 assert_child_sa_count(b, 0);
1246 assert_hook();
1247
1248 /* child_rekey */
1249 assert_hook();
1250
1251 assert_sa_idle(a);
1252 assert_sa_idle(b);
1253
1254 call_ikesa(a, destroy);
1255 call_ikesa(b, destroy);
1256 }
1257 END_TEST
1258
1259 /**
1260 * One of the hosts initiates a DELETE of the CHILD_SA the other peer is
1261 * concurrently trying to rekey. However, the rekey request is delayed or
1262 * dropped, so the peer doing the deleting is unaware of the collision.
1263 *
1264 * rekey ----\ /---- delete
1265 * detect collision <----\-----/
1266 * delete ------\--------->
1267 * \-------->
1268 * /---- CHILD_SA_NOT_FOUND
1269 * aborts rekeying <----------/
1270 */
1271 START_TEST(test_collision_delete_drop_rekey)
1272 {
1273 ike_sa_t *a, *b;
1274 message_t *msg;
1275 uint32_t spi_a = _i+1, spi_b = 2-_i;
1276
1277 if (_i)
1278 { /* responder rekeys the CHILD_SA (SPI 2) */
1279 exchange_test_helper->establish_sa(exchange_test_helper,
1280 &b, &a, NULL);
1281 }
1282 else
1283 { /* initiator rekeys the CHILD_SA (SPI 1) */
1284 exchange_test_helper->establish_sa(exchange_test_helper,
1285 &a, &b, NULL);
1286 }
1287 initiate_rekey(a, spi_a);
1288 call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE);
1289 assert_child_sa_state(b, spi_b, CHILD_DELETING);
1290
1291 /* this should never get called as there is no successful rekeying on
1292 * either side */
1293 assert_hook_not_called(child_rekey);
1294
1295 /* delay the CREATE_CHILD_SA request */
1296 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1297
1298 /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that
1299 * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE
1300 * payload.
1301 */
1302
1303 /* <-- INFORMATIONAL { D } */
1304 assert_hook_updown(child_updown, FALSE);
1305 assert_single_payload(IN, PLV2_DELETE);
1306 assert_single_payload(OUT, PLV2_DELETE);
1307 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1308 assert_child_sa_count(a, 0);
1309 assert_hook();
1310
1311 /* INFORMATIONAL { D } --> */
1312 assert_hook_updown(child_updown, FALSE);
1313 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1314 assert_child_sa_count(b, 0);
1315 assert_hook();
1316
1317 /* RFC 7296, 2.25.1: If a peer receives a to rekey a Child SA that does not
1318 * exist, it SHOULD reply with CHILD_SA_NOT_FOUND.
1319 */
1320
1321 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */
1322 assert_hook_not_called(child_updown);
1323 assert_notify(IN, REKEY_SA);
1324 assert_single_notify(OUT, CHILD_SA_NOT_FOUND);
1325 exchange_test_helper->process_message(exchange_test_helper, b, msg);
1326 assert_hook();
1327
1328 /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */
1329 assert_hook_not_called(child_updown);
1330 /* no jobs or tasks should get scheduled/queued */
1331 assert_no_jobs_scheduled();
1332 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1333 assert_scheduler();
1334 assert_hook();
1335
1336 /* child_rekey */
1337 assert_hook();
1338
1339 assert_sa_idle(a);
1340 assert_sa_idle(b);
1341
1342 call_ikesa(a, destroy);
1343 call_ikesa(b, destroy);
1344 }
1345 END_TEST
1346
1347 /**
1348 * FIXME: Not sure what we can do about the following:
1349 *
1350 * One of the hosts initiates a rekeying of a CHILD_SA and after responding to
1351 * it the other peer deletes the new SA. However, the rekey response is
1352 * delayed or dropped, so the peer doing the rekeying receives a delete for an
1353 * unknown CHILD_SA and then has a rekeyed CHILD_SA that should not exist.
1354 *
1355 * rekey ---------------->
1356 * /---- rekey
1357 * unknown SA <----------/----- delete new SA
1358 * ----------/----->
1359 * <--------/
1360 *
1361 * The peers' states are now out of sync.
1362 *
1363 * Perhaps the rekey initiator could keep track of deletes for non-existing SAs
1364 * while rekeying and then check against the SPIs when handling the
1365 * CREATE_CHILD_SA response.
1366 */
1367
1368
1369 /**
1370 * One of the hosts initiates a rekey of the IKE_SA of the CHILD_SA the other
1371 * peer is concurrently trying to rekey.
1372 *
1373 * rekey ----\ /---- rekey IKE
1374 * \-----/----> detect collision
1375 * detect collision <---------/ /---- TEMP_FAIL
1376 * TEMP_FAIL ----\ /
1377 * \----/----->
1378 * <--------/
1379 */
1380 START_TEST(test_collision_ike_rekey)
1381 {
1382 ike_sa_t *a, *b;
1383 uint32_t spi_a = _i+1;
1384
1385 if (_i)
1386 { /* responder rekeys the CHILD_SA (SPI 2) */
1387 exchange_test_helper->establish_sa(exchange_test_helper,
1388 &b, &a, NULL);
1389 }
1390 else
1391 { /* initiator rekeys the CHILD_SA (SPI 1) */
1392 exchange_test_helper->establish_sa(exchange_test_helper,
1393 &a, &b, NULL);
1394 }
1395 initiate_rekey(a, spi_a);
1396 call_ikesa(b, rekey);
1397 assert_ike_sa_state(b, IKE_REKEYING);
1398
1399 /* these should never get called as there is no successful rekeying on
1400 * either side */
1401 assert_hook_not_called(ike_rekey);
1402 assert_hook_not_called(child_rekey);
1403
1404 /* RFC 7296, 2.25.2: If a peer receives a request to rekey a CHILD_SA when
1405 * it is currently rekeying the IKE SA, it SHOULD reply with
1406 * TEMPORARY_FAILURE.
1407 */
1408
1409 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1410 assert_single_notify(OUT, TEMPORARY_FAILURE);
1411 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1412 assert_ike_sa_state(b, IKE_REKEYING);
1413
1414 /* RFC 7296, 2.25.1: If a peer receives a request to rekey the IKE SA, and
1415 * it is currently, rekeying, or closing a Child SA of that IKE SA, it
1416 * SHOULD reply with TEMPORARY_FAILURE.
1417 */
1418
1419 /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
1420 assert_single_notify(OUT, TEMPORARY_FAILURE);
1421 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1422 assert_child_sa_state(a, spi_a, CHILD_REKEYING);
1423
1424 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1425 /* we expect a job to retry the rekeying is scheduled */
1426 assert_jobs_scheduled(1);
1427 exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1428 assert_child_sa_state(a, spi_a, CHILD_INSTALLED);
1429 assert_scheduler();
1430
1431 /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */
1432 /* we expect a job to retry the rekeying is scheduled */
1433 assert_jobs_scheduled(1);
1434 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1435 assert_ike_sa_state(b, IKE_ESTABLISHED);
1436 assert_scheduler();
1437
1438 /* ike_rekey/child_rekey */
1439 assert_hook();
1440 assert_hook();
1441
1442 assert_sa_idle(a);
1443 assert_sa_idle(b);
1444
1445 call_ikesa(a, destroy);
1446 call_ikesa(b, destroy);
1447 }
1448 END_TEST
1449
1450 /**
1451 * One of the hosts initiates a delete of the IKE_SA of the CHILD_SA the other
1452 * peer is concurrently trying to rekey.
1453 *
1454 * rekey ----\ /---- delete IKE
1455 * \-----/----> detect collision
1456 * <---------/ /---- TEMP_FAIL
1457 * delete ----\ /
1458 * \----/----->
1459 * sa already gone <--------/
1460 */
1461 START_TEST(test_collision_ike_delete)
1462 {
1463 ike_sa_t *a, *b;
1464 uint32_t spi_a = _i+1;
1465 message_t *msg;
1466 status_t s;
1467
1468 if (_i)
1469 { /* responder rekeys the CHILD_SA (SPI 2) */
1470 exchange_test_helper->establish_sa(exchange_test_helper,
1471 &b, &a, NULL);
1472 }
1473 else
1474 { /* initiator rekeys the CHILD_SA (SPI 1) */
1475 exchange_test_helper->establish_sa(exchange_test_helper,
1476 &a, &b, NULL);
1477 }
1478 initiate_rekey(a, spi_a);
1479 call_ikesa(b, delete);
1480 assert_ike_sa_state(b, IKE_DELETING);
1481
1482 /* this should never get called as there is no successful rekeying on
1483 * either side */
1484 assert_hook_not_called(child_rekey);
1485
1486 /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if
1487 * a peer receives a request to rekey a CHILD_SA when it is currently
1488 * closing the IKE SA. We expect a TEMPORARY_FAILURE notify.
1489 */
1490
1491 /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
1492 assert_single_notify(OUT, TEMPORARY_FAILURE);
1493 exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1494 assert_ike_sa_state(b, IKE_DELETING);
1495
1496 /* RFC 7296, 2.25.1 does not explicitly state what the behavior SHOULD be if
1497 * a peer receives a request to close the IKE SA if it is currently rekeying
1498 * a Child SA of that IKE SA. Let's just close the IKE_SA and forget the
1499 * rekeying.
1500 */
1501
1502 /* <-- INFORMATIONAL { D } */
1503 assert_hook_updown(ike_updown, FALSE);
1504 assert_hook_updown(child_updown, FALSE);
1505 assert_message_empty(OUT);
1506 s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1507 ck_assert_int_eq(DESTROY_ME, s);
1508 call_ikesa(a, destroy);
1509 assert_hook();
1510 assert_hook();
1511
1512 /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1513 /* the SA is already gone */
1514 msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1515 msg->destroy(msg);
1516
1517 /* INFORMATIONAL { } --> */
1518 assert_hook_updown(ike_updown, FALSE);
1519 assert_hook_updown(child_updown, FALSE);
1520 s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1521 ck_assert_int_eq(DESTROY_ME, s);
1522 call_ikesa(b, destroy);
1523 assert_hook();
1524 assert_hook();
1525
1526 /* child_rekey */
1527 assert_hook();
1528 }
1529 END_TEST
1530
1531 Suite *child_rekey_suite_create()
1532 {
1533 Suite *s;
1534 TCase *tc;
1535
1536 s = suite_create("child rekey");
1537
1538 tc = tcase_create("regular");
1539 tcase_add_loop_test(tc, test_regular, 0, 2);
1540 tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2);
1541 tcase_add_test(tc, test_regular_responder_ignore_soft_expire);
1542 tcase_add_test(tc, test_regular_responder_handle_hard_expire);
1543 suite_add_tcase(s, tc);
1544
1545 tc = tcase_create("collisions rekey");
1546 tcase_add_loop_test(tc, test_collision, 0, 4);
1547 tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4);
1548 tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3);
1549 tcase_add_loop_test(tc, test_collision_delayed_request_more, 0, 3);
1550 tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4);
1551 tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3);
1552 suite_add_tcase(s, tc);
1553
1554 tc = tcase_create("collisions delete");
1555 tcase_add_loop_test(tc, test_collision_delete, 0, 2);
1556 tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2);
1557 tcase_add_loop_test(tc, test_collision_delete_drop_rekey, 0, 2);
1558 suite_add_tcase(s, tc);
1559
1560 tc = tcase_create("collisions ike rekey");
1561 tcase_add_loop_test(tc, test_collision_ike_rekey, 0, 2);
1562 suite_add_tcase(s, tc);
1563
1564 tc = tcase_create("collisions ike delete");
1565 tcase_add_loop_test(tc, test_collision_ike_delete, 0, 2);
1566 suite_add_tcase(s, tc);
1567
1568 return s;
1569 }