unit-tests: Make sure we reuse the DH group during CHILD_SA rekeying
authorTobias Brunner <tobias@strongswan.org>
Fri, 2 Feb 2018 10:11:38 +0000 (11:11 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 9 Feb 2018 09:20:05 +0000 (10:20 +0100)
src/libcharon/tests/suites/test_child_rekey.c

index ac16972..44d004a 100644 (file)
@@ -231,6 +231,61 @@ START_TEST(test_regular_ke_invalid)
        /* child_updown */
        assert_hook();
 
+       /* because the DH group should get reused another rekeying should complete
+        * without additional exchange */
+       initiate_rekey(a, 5);
+       /* this should never get called as this results in a successful rekeying */
+       assert_hook_not_called(child_updown);
+
+       /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */
+       assert_hook_called(child_rekey);
+       assert_notify(IN, REKEY_SA);
+       exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+       assert_child_sa_state(b, 6, CHILD_REKEYED, CHILD_OUTBOUND_INSTALLED);
+       assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_REGISTERED);
+       assert_ipsec_sas_installed(b, 5, 6, 8);
+       assert_hook();
+
+       /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */
+       assert_hook_called(child_rekey);
+       assert_no_notify(IN, REKEY_SA);
+       exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+       assert_child_sa_state(a, 5, CHILD_DELETING, CHILD_OUTBOUND_INSTALLED);
+       assert_child_sa_state(a, 7, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
+       assert_ipsec_sas_installed(a, 5, 6, 7, 8);
+       assert_hook();
+
+       /* INFORMATIONAL { D } --> */
+       assert_hook_not_called(child_rekey);
+       assert_single_payload(IN, PLV2_DELETE);
+       exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+       assert_child_sa_state(b, 6, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(b, 8, CHILD_INSTALLED, CHILD_OUTBOUND_INSTALLED);
+       assert_child_sa_count(b, 2);
+       assert_ipsec_sas_installed(b, 6, 7, 8);
+       assert_hook();
+
+       /* <-- INFORMATIONAL { D } */
+       assert_hook_not_called(child_rekey);
+       assert_single_payload(IN, PLV2_DELETE);
+       exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+       assert_child_sa_state(a, 5, CHILD_DELETING, CHILD_OUTBOUND_NONE);
+       assert_child_sa_state(a, 7, CHILD_INSTALLED);
+       assert_child_sa_count(a, 2);
+       assert_ipsec_sas_installed(a, 5, 7, 8);
+       assert_hook();
+
+       /* simulate the execution of the scheduled jobs */
+       destroy_rekeyed(a, 5);
+       assert_child_sa_count(a, 1);
+       assert_ipsec_sas_installed(a, 7, 8);
+       destroy_rekeyed(b, 6);
+       assert_child_sa_count(b, 1);
+       assert_ipsec_sas_installed(b, 7, 8);
+
+       /* child_updown */
+       assert_hook();
+
        call_ikesa(a, destroy);
        call_ikesa(b, destroy);
 }