/* * Copyright (C) 2016 Tobias Brunner * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your * option) any later version. See . * * This program is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * for more details. */ #include "test_suite.h" #include #include #include #include /** * Initiate rekeying the given IKE_SA. */ #define initiate_rekey(sa) ({ \ assert_hook_not_called(ike_rekey); \ call_ikesa(sa, rekey); \ assert_ike_sa_state(a, IKE_REKEYING); \ assert_hook(); \ }) /** * Regular IKE_SA rekeying either initiated by the original initiator or * responder of the IKE_SA. */ START_TEST(test_regular) { ike_sa_t *a, *b, *new_sa; status_t s; if (_i) { /* responder rekeys the IKE_SA */ exchange_test_helper->establish_sa(exchange_test_helper, &b, &a, NULL); } else { /* initiator rekeys the IKE_SA */ exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, NULL); } /* these should never get called as this results in a successful rekeying */ assert_hook_not_called(ike_updown); assert_hook_not_called(child_updown); initiate_rekey(a); /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ assert_hook_rekey(ike_rekey, 1, 3); assert_no_notify(IN, REKEY_SA); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_REKEYED); assert_child_sa_count(b, 0); new_sa = assert_ike_sa_checkout(3, 4, FALSE); assert_ike_sa_state(new_sa, IKE_ESTABLISHED); assert_child_sa_count(new_sa, 1); assert_ike_sa_count(1); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */ assert_hook_rekey(ike_rekey, 1, 3); assert_no_notify(IN, REKEY_SA); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_DELETING); assert_child_sa_count(a, 0); new_sa = assert_ike_sa_checkout(3, 4, TRUE); assert_ike_sa_state(new_sa, IKE_ESTABLISHED); assert_child_sa_count(new_sa, 1); assert_ike_sa_count(2); assert_hook(); /* we don't expect this hook to get called anymore */ assert_hook_not_called(ike_rekey); /* INFORMATIONAL { D } --> */ assert_single_payload(IN, PLV2_DELETE); s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(b, destroy); /* <-- INFORMATIONAL { } */ assert_message_empty(IN); s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(a, destroy); /* ike_rekey/ike_updown/child_updown */ assert_hook(); assert_hook(); assert_hook(); charon->ike_sa_manager->flush(charon->ike_sa_manager); } END_TEST /** * IKE_SA rekeying where the responder does not agree with the DH group selected * by the initiator, either initiated by the original initiator or responder of * the IKE_SA. */ START_TEST(test_regular_ke_invalid) { exchange_test_sa_conf_t conf = { .initiator = { .ike = "aes128-sha256-modp2048-modp3072", }, .responder = { .ike = "aes128-sha256-modp3072-modp2048", }, }; ike_sa_t *a, *b, *sa; status_t s; lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", FALSE, lib->ns); if (_i) { /* responder rekeys the IKE_SA */ exchange_test_helper->establish_sa(exchange_test_helper, &b, &a, &conf); } else { /* initiator rekeys the IKE_SA */ exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, &conf); } /* these should never get called as this results in a successful rekeying */ assert_hook_not_called(ike_updown); assert_hook_not_called(child_updown); lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", TRUE, lib->ns); initiate_rekey(a); /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_ESTABLISHED); assert_child_sa_count(b, 1); assert_ike_sa_count(0); /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ assert_single_notify(IN, INVALID_KE_PAYLOAD); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYING); assert_child_sa_count(a, 1); assert_ike_sa_count(0); assert_hook(); /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ assert_hook_rekey(ike_rekey, 1, 3); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_REKEYED); assert_child_sa_count(b, 0); sa = assert_ike_sa_checkout(3, 5, FALSE); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(1); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */ assert_hook_rekey(ike_rekey, 1, 3); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_DELETING); assert_child_sa_count(a, 0); sa = assert_ike_sa_checkout(3, 5, TRUE); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(2); assert_hook(); /* we don't expect this hook to get called anymore */ assert_hook_not_called(ike_rekey); /* INFORMATIONAL { D } --> */ assert_single_payload(IN, PLV2_DELETE); s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(b, destroy); /* <-- INFORMATIONAL { } */ assert_message_empty(IN); s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(a, destroy); /* ike_rekey/ike_updown/child_updown */ assert_hook(); assert_hook(); assert_hook(); charon->ike_sa_manager->flush(charon->ike_sa_manager); } END_TEST /** * Both peers initiate the IKE_SA rekeying concurrently and should handle the * collision properly depending on the nonces. */ START_TEST(test_collision) { ike_sa_t *a, *b, *sa; status_t status; exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, NULL); /* When rekeyings collide we get two IKE_SAs with a total of four nonces. * The IKE_SA with the lowest nonce SHOULD be deleted by the peer that * created that IKE_SA. The replaced IKE_SA is deleted by the peer that * initiated the surviving SA. * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial * IKE_SA): * N1/3 -----\ /----- N2/4 * \--/-----> N3/5 * N4/6 <-------/ /----- ... * ... -----\ * We test this four times, each time a different nonce is the lowest. */ struct { /* Nonces used at each point */ u_char nonces[4]; /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ uint32_t del_a_i, del_a_r; uint32_t del_b_i, del_b_r; /* SPIs of the kept IKE_SA */ uint32_t spi_i, spi_r; } data[] = { { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 }, { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 }, }; /* these should never get called as this results in a successful rekeying */ assert_hook_not_called(ike_updown); assert_hook_not_called(child_updown); exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; initiate_rekey(a); exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; initiate_rekey(b); /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_REKEYING); assert_child_sa_count(b, 1); assert_ike_sa_count(0); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYING); assert_child_sa_count(a, 1); assert_ike_sa_count(0); assert_hook(); /* simplify next steps by checking in original IKE_SAs */ charon->ike_sa_manager->checkin(charon->ike_sa_manager, a); charon->ike_sa_manager->checkin(charon->ike_sa_manager, b); assert_ike_sa_count(2); /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); exchange_test_helper->process_message(exchange_test_helper, a, NULL); /* as original initiator a is initiator of both SAs it could delete */ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); assert_ike_sa_state(sa, IKE_DELETING); assert_child_sa_count(sa, 0); /* if b won it will delete the original SA a initiated */ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, data[_i].del_b_i == 1); assert_ike_sa_state(sa, IKE_REKEYED); assert_child_sa_count(sa, 0); sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, data[_i].del_a_i == 1); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(4); assert_hook(); /* CREATE_CHILD_SA { SA, Nr, KEr } --> */ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); exchange_test_helper->process_message(exchange_test_helper, b, NULL); /* if b wins it deletes the SA originally initiated by a */ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, data[_i].del_b_i != 1); assert_ike_sa_state(sa, IKE_DELETING); assert_child_sa_count(sa, 0); /* a only deletes SAs for which b is responder */ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); assert_ike_sa_state(sa, IKE_REKEYED); assert_child_sa_count(sa, 0); sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, data[_i].del_b_i == 1); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(6); assert_hook(); /* we don't expect this hook to get called anymore */ assert_hook_not_called(ike_rekey); /* INFORMATIONAL { D } --> */ assert_single_payload(IN, PLV2_DELETE); sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); status = exchange_test_helper->process_message(exchange_test_helper, sa, NULL); ck_assert_int_eq(DESTROY_ME, status); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); assert_ike_sa_count(5); /* <-- INFORMATIONAL { D } */ assert_single_payload(IN, PLV2_DELETE); sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, data[_i].del_b_i == 1); status = exchange_test_helper->process_message(exchange_test_helper, sa, NULL); ck_assert_int_eq(DESTROY_ME, status); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); assert_ike_sa_count(4); /* <-- INFORMATIONAL { } */ assert_message_empty(IN); sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); status = exchange_test_helper->process_message(exchange_test_helper, sa, NULL); ck_assert_int_eq(DESTROY_ME, status); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); assert_ike_sa_count(3); /* INFORMATIONAL { } --> */ assert_message_empty(IN); sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, data[_i].del_b_i != 1); status = exchange_test_helper->process_message(exchange_test_helper, sa, NULL); ck_assert_int_eq(DESTROY_ME, status); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); assert_ike_sa_count(2); /* ike_rekey/ike_updown/child_updown */ assert_hook(); assert_hook(); assert_hook(); charon->ike_sa_manager->flush(charon->ike_sa_manager); } END_TEST /** * Both peers initiate the IKE_SA rekeying concurrently but the proposed DH * gropus are not the same. After handling the INVALID_KE_PAYLOAD they should * still handle the collision properly depending on the nonces. */ START_TEST(test_collision_ke_invalid) { exchange_test_sa_conf_t conf = { .initiator = { .ike = "aes128-sha256-modp2048-modp3072", }, .responder = { .ike = "aes128-sha256-modp3072-modp2048", }, }; ike_sa_t *a, *b, *sa; status_t status; lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", FALSE, lib->ns); exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, &conf); lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", TRUE, lib->ns); /* Six nonces and SPIs are needed (SPI 1 and 2 are used for the initial * IKE_SA): * N1/3 -----\ /----- N2/4 * \--/-----> N3/5 * N4/6 <-------/ /---- INVAL_KE * INVAL_KE -----\ / * <-----\--/ * N1/3 -----\ \-------> * \ /---- N2/4 * \--/----> N5/7 * N6/8 <--------/ /---- ... * ... ------\ * We test this four times, each time a different nonce is the lowest. */ struct { /* Nonces used at each point */ u_char nonces[4]; /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ uint32_t del_a_i, del_a_r; uint32_t del_b_i, del_b_r; /* SPIs of the kept IKE_SA */ uint32_t spi_i, spi_r; } data[] = { { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 7, 1, 2, 4, 8 }, { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 8, 3, 7 }, { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 7, 1, 2, 4, 8 }, { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 8, 3, 7 }, }; /* these should never get called as this results in a successful rekeying */ assert_hook_not_called(ike_updown); assert_hook_not_called(child_updown); exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; initiate_rekey(a); exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; initiate_rekey(b); /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_REKEYING); assert_child_sa_count(b, 1); assert_ike_sa_count(0); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYING); assert_child_sa_count(a, 1); assert_ike_sa_count(0); assert_hook(); /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; assert_hook_not_called(ike_rekey); assert_single_notify(IN, INVALID_KE_PAYLOAD); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYING); assert_child_sa_count(a, 1); assert_ike_sa_count(0); assert_hook(); /* CREATE_CHILD_SA { N(INVAL_KE) } --> */ exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; assert_hook_not_called(child_rekey); assert_single_notify(IN, INVALID_KE_PAYLOAD); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_REKEYING); assert_child_sa_count(b, 1); assert_ike_sa_count(0); assert_hook(); /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_REKEYING); assert_child_sa_count(b, 1); assert_ike_sa_count(0); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYING); assert_child_sa_count(a, 1); assert_ike_sa_count(0); assert_hook(); /* simplify next steps by checking in original IKE_SAs */ charon->ike_sa_manager->checkin(charon->ike_sa_manager, a); charon->ike_sa_manager->checkin(charon->ike_sa_manager, b); assert_ike_sa_count(2); /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); exchange_test_helper->process_message(exchange_test_helper, a, NULL); /* as original initiator a is initiator of both SAs it could delete */ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); assert_ike_sa_state(sa, IKE_DELETING); assert_child_sa_count(sa, 0); /* if b won it will delete the original SA a initiated */ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, data[_i].del_b_i == 1); assert_ike_sa_state(sa, IKE_REKEYED); assert_child_sa_count(sa, 0); sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, data[_i].del_a_i == 1); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(4); assert_hook(); /* CREATE_CHILD_SA { SA, Nr, KEr } --> */ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); exchange_test_helper->process_message(exchange_test_helper, b, NULL); /* if b wins it deletes the SA originally initiated by a */ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, data[_i].del_b_i != 1); assert_ike_sa_state(sa, IKE_DELETING); assert_child_sa_count(sa, 0); /* a only deletes SAs for which b is responder */ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); assert_ike_sa_state(sa, IKE_REKEYED); assert_child_sa_count(sa, 0); sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, data[_i].del_b_i == 1); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(6); assert_hook(); /* we don't expect this hook to get called anymore */ assert_hook_not_called(ike_rekey); /* INFORMATIONAL { D } --> */ assert_single_payload(IN, PLV2_DELETE); sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); status = exchange_test_helper->process_message(exchange_test_helper, sa, NULL); ck_assert_int_eq(DESTROY_ME, status); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); assert_ike_sa_count(5); /* <-- INFORMATIONAL { D } */ assert_single_payload(IN, PLV2_DELETE); sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, data[_i].del_b_i == 1); status = exchange_test_helper->process_message(exchange_test_helper, sa, NULL); ck_assert_int_eq(DESTROY_ME, status); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); assert_ike_sa_count(4); /* <-- INFORMATIONAL { } */ assert_message_empty(IN); sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); status = exchange_test_helper->process_message(exchange_test_helper, sa, NULL); ck_assert_int_eq(DESTROY_ME, status); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); assert_ike_sa_count(3); /* INFORMATIONAL { } --> */ assert_message_empty(IN); sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, data[_i].del_b_i != 1); status = exchange_test_helper->process_message(exchange_test_helper, sa, NULL); ck_assert_int_eq(DESTROY_ME, status); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); assert_ike_sa_count(2); /* ike_rekey/ike_updown/child_updown */ assert_hook(); assert_hook(); assert_hook(); charon->ike_sa_manager->flush(charon->ike_sa_manager); } END_TEST /** * This is like the collision above but one of the retries is delayed. */ START_TEST(test_collision_ke_invalid_delayed_retry) { exchange_test_sa_conf_t conf = { .initiator = { .ike = "aes128-sha256-modp2048-modp3072", }, .responder = { .ike = "aes128-sha256-modp3072-modp2048", }, }; ike_sa_t *a, *b, *sa; message_t *msg; status_t s; lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", FALSE, lib->ns); exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, &conf); lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", TRUE, lib->ns); /* Five nonces and SPIs are needed (SPI 1 and 2 are used for the initial * IKE_SA): * N1/3 -----\ /----- N2/4 * \--/-----> N3/5 * N4/6 <-------/ /---- INVAL_KE * INVAL_KE -----\ / * <-----\--/ * N1/3 -----\ \-------> * <-----\--------- N2/4 * N5/7 -------\-------> * <-------\------- DELETE * ... ------\ \-----> * /---- TEMP_FAIL * * We test this three times, each time a different nonce is the lowest. */ struct { /* Nonces used at each point */ u_char nonces[3]; } data[] = { { { 0x00, 0xFF, 0xFF } }, { { 0xFF, 0x00, 0xFF } }, { { 0xFF, 0xFF, 0x00 } }, }; /* these should never get called as this results in a successful rekeying */ assert_hook_not_called(ike_updown); assert_hook_not_called(child_updown); exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; initiate_rekey(a); exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; initiate_rekey(b); /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_REKEYING); assert_child_sa_count(b, 1); assert_ike_sa_count(0); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYING); assert_child_sa_count(a, 1); assert_ike_sa_count(0); assert_hook(); /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; assert_hook_not_called(ike_rekey); assert_single_notify(IN, INVALID_KE_PAYLOAD); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYING); assert_child_sa_count(a, 1); assert_ike_sa_count(0); assert_hook(); /* CREATE_CHILD_SA { N(INVAL_KE) } --> */ exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; assert_hook_not_called(child_rekey); assert_single_notify(IN, INVALID_KE_PAYLOAD); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_REKEYING); assert_child_sa_count(b, 1); assert_ike_sa_count(0); assert_hook(); /* delay the CREATE_CHILD_SA request from a to b */ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYING); assert_child_sa_count(a, 1); assert_ike_sa_count(0); assert_hook(); /* CREATE_CHILD_SA { SA, Nr, KEr } --> */ assert_hook_rekey(ike_rekey, 1, 4); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_DELETING); assert_child_sa_count(b, 0); sa = assert_ike_sa_checkout(4, 7, TRUE); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(1); assert_hook(); /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */ assert_single_notify(OUT, TEMPORARY_FAILURE); exchange_test_helper->process_message(exchange_test_helper, b, msg); assert_ike_sa_state(b, IKE_DELETING); /* <-- INFORMATIONAL { D } */ assert_hook_rekey(ike_rekey, 1, 4); assert_single_payload(IN, PLV2_DELETE); s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(a, destroy); sa = assert_ike_sa_checkout(4, 7, FALSE); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(2); assert_hook(); /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ /* the SA is already gone */ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); msg->destroy(msg); /* INFORMATIONAL { } --> */ assert_hook_not_called(ike_rekey); assert_message_empty(IN); s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(b, destroy); assert_hook(); /* ike_updown/child_updown */ assert_hook(); assert_hook(); charon->ike_sa_manager->flush(charon->ike_sa_manager); } END_TEST /** * This is like the rekey collision above, but one peer deletes the * redundant/old SA before the other peer receives the CREATE_CHILD_SA * response: * Peer A Peer B * rekey ----\ /---- rekey * \-----/----> detect collision * detect collision <---------/ /---- * -----------/----> * handle delete <---------/------ delete redundant/old SA * ---------/------> * handle rekey <-------/ * delete SA ----------------> * <---------------- * * If peer B won the collision it deletes the old IKE_SA, in which case * this situation is handled as if peer B was not aware of the collision (see * below). That is, peer A finalizes the rekeying initiated by the peer and * deletes the IKE_SA (it has no way of knowing whether the peer was aware of * the collision or not). Peer B will expect the redundant IKE_SA to get * deleted, but that will never happen if the response arrives after the SA is * already gone. So a job should be queued that deletes it after a while. * * If peer B lost it will switch to the new IKE_SA and delete the redundant * IKE_SA and expect a delete for the old IKE_SA. In this case peer A will * simply retransmit until it receives a response to the rekey request, all the * while ignoring the delete requests for the unknown IKE_SA. Afterwards, * everything works as in a regular collision (however, until peer A receives * the response it will not be able to receive any messages on the new IKE_SA). */ START_TEST(test_collision_delayed_response) { ike_sa_t *a, *b, *sa; message_t *msg, *d; status_t s; exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, NULL); /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial * IKE_SA): * N1/3 -----\ /----- N2/4 * \--/-----> N3/5 * N4/6 <-------/ /----- ... * ... -----\ * We test this four times, each time a different nonce is the lowest. */ struct { /* Nonces used at each point */ u_char nonces[4]; /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ uint32_t del_a_i, del_a_r; uint32_t del_b_i, del_b_r; /* SPIs of the kept IKE_SA */ uint32_t spi_i, spi_r; } data[] = { { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 }, { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 }, }; /* these should never get called as this results in a successful rekeying */ assert_hook_not_called(ike_updown); assert_hook_not_called(child_updown); exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; initiate_rekey(a); exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; initiate_rekey(b); /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_REKEYING); assert_child_sa_count(b, 1); assert_ike_sa_count(0); assert_hook(); /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYING); assert_child_sa_count(a, 1); assert_ike_sa_count(0); assert_hook(); /* delay the CREATE_CHILD_SA response from b to a */ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); /* simplify next steps by checking in original IKE_SAs */ charon->ike_sa_manager->checkin(charon->ike_sa_manager, a); charon->ike_sa_manager->checkin(charon->ike_sa_manager, b); assert_ike_sa_count(2); /* CREATE_CHILD_SA { SA, Nr, KEr } --> */ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); /* besides the job that retransmits the delete, we expect a job that * deletes the redundant IKE_SA if we expect the other to delete it */ assert_jobs_scheduled(data[_i].del_b_i == 1 ? 2 : 1); exchange_test_helper->process_message(exchange_test_helper, b, NULL); /* if b wins it deletes the SA originally initiated by a */ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, data[_i].del_b_i != 1); assert_ike_sa_state(sa, IKE_DELETING); assert_child_sa_count(sa, 0); /* a only deletes SAs for which b is responder */ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); assert_ike_sa_state(sa, IKE_REKEYED); assert_child_sa_count(sa, 0); sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, data[_i].del_b_i == 1); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(4); assert_scheduler(); assert_hook(); /* <-- INFORMATIONAL { D } */ if (data[_i].del_b_i == 1) { /* b won, it deletes the replaced IKE_SA */ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); assert_single_payload(IN, PLV2_DELETE); s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); ck_assert_int_eq(DESTROY_ME, s); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, a); sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, FALSE); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(4); assert_hook(); /* INFORMATIONAL { } --> */ assert_hook_not_called(ike_rekey); assert_message_empty(IN); s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); ck_assert_int_eq(DESTROY_ME, s); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, b); assert_ike_sa_count(3); assert_hook(); /* the job will later remove this redundant IKE_SA on b */ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); assert_ike_sa_state(sa, IKE_REKEYED); assert_sa_idle(sa); /* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */ /* the IKE_SA (a) does not exist anymore */ msg->destroy(msg); } else { /* b lost, the delete is for the non-existing redundant IKE_SA */ d = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); /* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */ assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); exchange_test_helper->process_message(exchange_test_helper, a, msg); /* as original initiator a is initiator of both SAs it could delete */ sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); assert_ike_sa_state(sa, IKE_DELETING); assert_child_sa_count(sa, 0); /* this is the redundant SA b is trying to delete */ sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE); assert_ike_sa_state(sa, IKE_REKEYED); assert_child_sa_count(sa, 0); sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, data[_i].del_a_i == 1); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(6); assert_hook(); /* we don't expect this hook to get called anymore */ assert_hook_not_called(ike_rekey); /* INFORMATIONAL { D } --> */ assert_single_payload(IN, PLV2_DELETE); sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); s = exchange_test_helper->process_message(exchange_test_helper, sa, NULL); ck_assert_int_eq(DESTROY_ME, s); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); assert_ike_sa_count(5); /* <-- INFORMATIONAL { } */ assert_message_empty(IN); sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); s = exchange_test_helper->process_message(exchange_test_helper, sa, NULL); ck_assert_int_eq(DESTROY_ME, s); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); assert_ike_sa_count(4); /* <-- INFORMATIONAL { D } (retransmit/delayed) */ assert_single_payload(IN, PLV2_DELETE); sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE); s = exchange_test_helper->process_message(exchange_test_helper, sa, d); ck_assert_int_eq(DESTROY_ME, s); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); assert_ike_sa_count(3); /* INFORMATIONAL { } --> */ assert_message_empty(IN); sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, TRUE); s = exchange_test_helper->process_message(exchange_test_helper, sa, NULL); ck_assert_int_eq(DESTROY_ME, s); charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); assert_ike_sa_count(2); /* ike_rekey */ assert_hook(); } /* ike_updown/child_updown */ assert_hook(); assert_hook(); charon->ike_sa_manager->flush(charon->ike_sa_manager); } END_TEST /** * In this scenario one of the peers does not notice that there is a rekey * collision because the other request is dropped: * * rekey ----\ /---- rekey * \ / * detect collision <-----\---/ * -------\--------> * detect collision <-------\-------- delete old SA * delete ---------\------> * rekey done \-----> SA not found (or it never arrives) */ START_TEST(test_collision_dropped_request) { ike_sa_t *a, *b, *sa; message_t *msg; status_t s; exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, NULL); /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial * CHILD_SA): * N1/3 -----\ /----- N2/4 * N3/5 <-----\--/ * ... -----\ \-------> ... * We test this three times, each time a different nonce is the lowest. */ struct { /* Nonces used at each point */ u_char nonces[3]; /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ uint32_t del_a_i, del_a_r; uint32_t del_b_i, del_b_r; /* SPIs of the kept IKE_SA */ uint32_t spi_i, spi_r; } data[] = { { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 }, { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 }, { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, }; /* these should never get called as this results in a successful rekeying */ assert_hook_not_called(ike_updown); assert_hook_not_called(child_updown); exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; initiate_rekey(a); /* drop the CREATE_CHILD_SA request from a to b */ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); msg->destroy(msg); exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; initiate_rekey(b); /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYING); assert_child_sa_count(a, 1); assert_ike_sa_count(0); assert_hook(); /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ assert_hook_rekey(ike_rekey, 1, 4); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_DELETING); assert_child_sa_count(b, 0); sa = assert_ike_sa_checkout(4, 5, TRUE); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(1); assert_hook(); /* <-- INFORMATIONAL { D } */ assert_hook_rekey(ike_rekey, 1, 4); assert_single_payload(IN, PLV2_DELETE); s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(a, destroy); sa = assert_ike_sa_checkout(4, 5, FALSE); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(2); assert_hook(); /* INFORMATIONAL { } --> */ assert_hook_not_called(ike_rekey); assert_message_empty(IN); s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(b, destroy); assert_hook(); /* ike_updown/child_updown */ assert_hook(); assert_hook(); charon->ike_sa_manager->flush(charon->ike_sa_manager); } END_TEST /** * In this scenario one of the peers does not notice that there is a rekey * collision because the other request is delayed: * * rekey ----\ /---- rekey * \ / * detect collision <-----\---/ * -------\--------> * \ /---- delete old SA * \-/----> detect collision * detect collision <---------/ /---- TEMP_FAIL * delete -----------/----> * rekey done / * sa already gone <--------/ */ START_TEST(test_collision_delayed_request) { ike_sa_t *a, *b, *sa; message_t *msg; status_t s; exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, NULL); /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial * CHILD_SA): * N1/3 -----\ /----- N2/4 * N3/5 <-----\--/ * ... -----\ \-------> ... * We test this three times, each time a different nonce is the lowest. */ struct { /* Nonces used at each point */ u_char nonces[3]; /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ uint32_t del_a_i, del_a_r; uint32_t del_b_i, del_b_r; /* SPIs of the kept IKE_SA */ uint32_t spi_i, spi_r; } data[] = { { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 }, { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 }, { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, }; /* these should never get called as this results in a successful rekeying */ assert_hook_not_called(ike_updown); assert_hook_not_called(child_updown); exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; initiate_rekey(a); exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; initiate_rekey(b); /* delay the CREATE_CHILD_SA request from a to b */ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYING); assert_child_sa_count(a, 1); assert_ike_sa_count(0); assert_hook(); /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ assert_hook_rekey(ike_rekey, 1, 4); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_DELETING); assert_child_sa_count(b, 0); sa = assert_ike_sa_checkout(4, 5, TRUE); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(1); assert_hook(); /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */ assert_single_notify(OUT, TEMPORARY_FAILURE); exchange_test_helper->process_message(exchange_test_helper, b, msg); assert_ike_sa_state(b, IKE_DELETING); /* <-- INFORMATIONAL { D } */ assert_hook_rekey(ike_rekey, 1, 4); assert_single_payload(IN, PLV2_DELETE); s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(a, destroy); sa = assert_ike_sa_checkout(4, 5, FALSE); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(2); assert_hook(); /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ /* the SA is already gone */ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); msg->destroy(msg); /* INFORMATIONAL { } --> */ assert_hook_not_called(ike_rekey); assert_message_empty(IN); s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(b, destroy); assert_hook(); /* ike_updown/child_updown */ assert_hook(); assert_hook(); charon->ike_sa_manager->flush(charon->ike_sa_manager); } END_TEST /** * In this scenario one of the peers does not notice that there is a rekey * collision and the delete arrives after the TEMPORARY_FAILURE notify: * * rekey ----\ /---- rekey * \ / * detect collision <-----\---/ * -------\--------> * \ /---- delete old SA * \-/----> detect collision * no reschedule <---------/------ TEMP_FAIL * detect collision <--------/ * delete ----------------> * rekey done */ START_TEST(test_collision_delayed_request_and_delete) { ike_sa_t *a, *b, *sa; message_t *msg; status_t s; exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, NULL); /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial * CHILD_SA): * N1/3 -----\ /----- N2/4 * N3/5 <-----\--/ * ... -----\ \-------> ... * We test this three times, each time a different nonce is the lowest. */ struct { /* Nonces used at each point */ u_char nonces[3]; /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ uint32_t del_a_i, del_a_r; uint32_t del_b_i, del_b_r; /* SPIs of the kept IKE_SA */ uint32_t spi_i, spi_r; } data[] = { { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 }, { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 }, { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, }; /* these should never get called as this results in a successful rekeying */ assert_hook_not_called(ike_updown); assert_hook_not_called(child_updown); exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; initiate_rekey(a); exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; initiate_rekey(b); /* delay the CREATE_CHILD_SA request from a to b */ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; assert_hook_not_called(ike_rekey); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYING); assert_child_sa_count(a, 1); assert_ike_sa_count(0); assert_hook(); /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ assert_hook_rekey(ike_rekey, 1, 4); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_DELETING); assert_child_sa_count(b, 0); sa = assert_ike_sa_checkout(4, 5, TRUE); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(1); assert_hook(); /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */ assert_single_notify(OUT, TEMPORARY_FAILURE); exchange_test_helper->process_message(exchange_test_helper, b, msg); assert_ike_sa_state(b, IKE_DELETING); /* delay the INFORMATIONAL request from b to a */ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ assert_hook_rekey(ike_rekey, 1, 4); assert_no_jobs_scheduled(); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_REKEYED); assert_child_sa_count(a, 0); sa = assert_ike_sa_checkout(4, 5, FALSE); assert_ike_sa_state(sa, IKE_ESTABLISHED); assert_child_sa_count(sa, 1); assert_ike_sa_count(2); assert_scheduler(); assert_hook(); /* <-- INFORMATIONAL { D } (delayed) */ assert_single_payload(IN, PLV2_DELETE); s = exchange_test_helper->process_message(exchange_test_helper, a, msg); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(a, destroy); /* INFORMATIONAL { } --> */ assert_hook_not_called(ike_rekey); assert_message_empty(IN); s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(b, destroy); assert_hook(); /* ike_updown/child_updown */ assert_hook(); assert_hook(); charon->ike_sa_manager->flush(charon->ike_sa_manager); } END_TEST /** * One of the hosts initiates a DELETE of the IKE_SA the other peer is * concurrently trying to rekey. * * rekey ----\ /---- delete * \-----/----> detect collision * detect collision <---------/ /---- TEMP_FAIL * delete ----\ / * \----/-----> * sa already gone <--------/ */ START_TEST(test_collision_delete) { ike_sa_t *a, *b; message_t *msg; status_t s; if (_i) { /* responder rekeys the IKE_SA */ exchange_test_helper->establish_sa(exchange_test_helper, &b, &a, NULL); } else { /* initiator rekeys the IKE_SA */ exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, NULL); } /* this should never get called as this does not result in a successful * rekeying on either side */ assert_hook_not_called(ike_rekey); initiate_rekey(a); call_ikesa(b, delete); assert_ike_sa_state(b, IKE_DELETING); /* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE. */ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ assert_hook_not_called(ike_updown); assert_single_notify(OUT, TEMPORARY_FAILURE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_DELETING); assert_ike_sa_count(0); assert_hook(); /* RFC 7296, 2.25.2: If a peer receives a request to close an IKE SA that * it is currently rekeying, it SHOULD reply as usual, and forget its own * rekeying request. */ /* <-- INFORMATIONAL { D } */ assert_hook_updown(ike_updown, FALSE); assert_hook_updown(child_updown, FALSE); assert_single_payload(IN, PLV2_DELETE); assert_message_empty(OUT); s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(a, destroy); assert_hook(); assert_hook(); /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ /* the SA is already gone */ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); msg->destroy(msg); /* INFORMATIONAL { } --> */ assert_hook_updown(ike_updown, FALSE); assert_hook_updown(child_updown, FALSE); s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(b, destroy); assert_hook(); assert_hook(); /* ike_rekey */ assert_hook(); } END_TEST /** * One of the hosts initiates a DELETE of the IKE_SA the other peer is * concurrently trying to rekey. However, the delete request is delayed or * dropped, so the peer doing the rekeying is unaware of the collision. * * rekey ----\ /---- delete * \-----/----> detect collision * reschedule <---------/------ TEMP_FAIL * <--------/ * delete ----------------> */ START_TEST(test_collision_delete_drop_delete) { ike_sa_t *a, *b; message_t *msg; status_t s; if (_i) { /* responder rekeys the IKE_SA */ exchange_test_helper->establish_sa(exchange_test_helper, &b, &a, NULL); } else { /* initiator rekeys the IKE_SA */ exchange_test_helper->establish_sa(exchange_test_helper, &a, &b, NULL); } /* this should never get called as this does not result in a successful * rekeying on either side */ assert_hook_not_called(ike_rekey); initiate_rekey(a); call_ikesa(b, delete); assert_ike_sa_state(b, IKE_DELETING); /* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE. */ /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ assert_hook_not_called(ike_updown); assert_single_notify(OUT, TEMPORARY_FAILURE); exchange_test_helper->process_message(exchange_test_helper, b, NULL); assert_ike_sa_state(b, IKE_DELETING); assert_ike_sa_count(0); assert_hook(); /* delay the DELETE request */ msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ assert_hook_not_called(ike_updown); assert_hook_not_called(child_updown); /* we expect a job to retry the rekeying is scheduled */ assert_jobs_scheduled(1); exchange_test_helper->process_message(exchange_test_helper, a, NULL); assert_ike_sa_state(a, IKE_ESTABLISHED); assert_scheduler(); assert_hook(); assert_hook(); /* <-- INFORMATIONAL { D } (delayed) */ assert_hook_updown(ike_updown, FALSE); assert_hook_updown(child_updown, FALSE); assert_single_payload(IN, PLV2_DELETE); assert_message_empty(OUT); s = exchange_test_helper->process_message(exchange_test_helper, a, msg); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(a, destroy); assert_hook(); assert_hook(); /* INFORMATIONAL { } --> */ assert_hook_updown(ike_updown, FALSE); assert_hook_updown(child_updown, FALSE); s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); ck_assert_int_eq(DESTROY_ME, s); call_ikesa(b, destroy); assert_hook(); assert_hook(); /* ike_rekey */ assert_hook(); } END_TEST Suite *ike_rekey_suite_create() { Suite *s; TCase *tc; s = suite_create("ike rekey"); tc = tcase_create("regular"); tcase_add_loop_test(tc, test_regular, 0, 2); tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2); suite_add_tcase(s, tc); tc = tcase_create("collisions rekey"); tcase_add_loop_test(tc, test_collision, 0, 4); tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4); tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3); tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4); tcase_add_loop_test(tc, test_collision_dropped_request, 0, 3); tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3); tcase_add_loop_test(tc, test_collision_delayed_request_and_delete, 0, 3); suite_add_tcase(s, tc); tc = tcase_create("collisions delete"); tcase_add_loop_test(tc, test_collision_delete, 0, 2); tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2); suite_add_tcase(s, tc); return s; }