Annotation of embedaddon/strongswan/src/libcharon/tests/suites/test_ike_rekey.c, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2016 Tobias Brunner
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "test_suite.h"
17:
18: #include <tests/utils/exchange_test_helper.h>
19: #include <tests/utils/exchange_test_asserts.h>
20: #include <tests/utils/job_asserts.h>
21: #include <tests/utils/sa_asserts.h>
22:
23: /**
24: * Initiate rekeying the given IKE_SA.
25: */
26: #define initiate_rekey(sa) ({ \
27: assert_hook_not_called(ike_rekey); \
28: call_ikesa(sa, rekey); \
29: assert_ike_sa_state(a, IKE_REKEYING); \
30: assert_hook(); \
31: })
32:
33: /**
34: * Regular IKE_SA rekeying either initiated by the original initiator or
35: * responder of the IKE_SA.
36: */
37: START_TEST(test_regular)
38: {
39: ike_sa_t *a, *b, *new_sa;
40: status_t s;
41:
42: if (_i)
43: { /* responder rekeys the IKE_SA */
44: exchange_test_helper->establish_sa(exchange_test_helper,
45: &b, &a, NULL);
46: }
47: else
48: { /* initiator rekeys the IKE_SA */
49: exchange_test_helper->establish_sa(exchange_test_helper,
50: &a, &b, NULL);
51: }
52: /* these should never get called as this results in a successful rekeying */
53: assert_hook_not_called(ike_updown);
54: assert_hook_not_called(child_updown);
55:
56: initiate_rekey(a);
57:
58: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
59: assert_hook_rekey(ike_rekey, 1, 3);
60: assert_no_notify(IN, REKEY_SA);
61: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
62: assert_ike_sa_state(b, IKE_REKEYED);
63: assert_child_sa_count(b, 0);
64: new_sa = assert_ike_sa_checkout(3, 4, FALSE);
65: assert_ike_sa_state(new_sa, IKE_ESTABLISHED);
66: assert_child_sa_count(new_sa, 1);
67: assert_ike_sa_count(1);
68: assert_hook();
69:
70: /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */
71: assert_hook_rekey(ike_rekey, 1, 3);
72: assert_no_notify(IN, REKEY_SA);
73: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
74: assert_ike_sa_state(a, IKE_DELETING);
75: assert_child_sa_count(a, 0);
76: new_sa = assert_ike_sa_checkout(3, 4, TRUE);
77: assert_ike_sa_state(new_sa, IKE_ESTABLISHED);
78: assert_child_sa_count(new_sa, 1);
79: assert_ike_sa_count(2);
80: assert_hook();
81:
82: /* we don't expect this hook to get called anymore */
83: assert_hook_not_called(ike_rekey);
84:
85: /* INFORMATIONAL { D } --> */
86: assert_single_payload(IN, PLV2_DELETE);
87: s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
88: ck_assert_int_eq(DESTROY_ME, s);
89: call_ikesa(b, destroy);
90: /* <-- INFORMATIONAL { } */
91: assert_message_empty(IN);
92: s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
93: ck_assert_int_eq(DESTROY_ME, s);
94: call_ikesa(a, destroy);
95:
96: /* ike_rekey/ike_updown/child_updown */
97: assert_hook();
98: assert_hook();
99: assert_hook();
100:
101: charon->ike_sa_manager->flush(charon->ike_sa_manager);
102: }
103: END_TEST
104:
105: /**
106: * IKE_SA rekeying where the responder does not agree with the DH group selected
107: * by the initiator, either initiated by the original initiator or responder of
108: * the IKE_SA.
109: */
110: START_TEST(test_regular_ke_invalid)
111: {
112: exchange_test_sa_conf_t conf = {
113: .initiator = {
114: .ike = "aes128-sha256-modp2048-modp3072",
115: },
116: .responder = {
117: .ike = "aes128-sha256-modp3072-modp2048",
118: },
119: };
120: ike_sa_t *a, *b, *sa;
121: status_t s;
122:
123: lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
124: FALSE, lib->ns);
125: if (_i)
126: { /* responder rekeys the IKE_SA */
127: exchange_test_helper->establish_sa(exchange_test_helper,
128: &b, &a, &conf);
129: }
130: else
131: { /* initiator rekeys the IKE_SA */
132: exchange_test_helper->establish_sa(exchange_test_helper,
133: &a, &b, &conf);
134: }
135: /* these should never get called as this results in a successful rekeying */
136: assert_hook_not_called(ike_updown);
137: assert_hook_not_called(child_updown);
138:
139: lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
140: TRUE, lib->ns);
141: lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group",
142: FALSE, lib->ns);
143:
144: initiate_rekey(a);
145:
146: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
147: assert_hook_not_called(ike_rekey);
148: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
149: assert_ike_sa_state(b, IKE_ESTABLISHED);
150: assert_child_sa_count(b, 1);
151: assert_ike_sa_count(0);
152:
153: /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
154: assert_single_notify(IN, INVALID_KE_PAYLOAD);
155: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
156: assert_ike_sa_state(a, IKE_REKEYING);
157: assert_child_sa_count(a, 1);
158: assert_ike_sa_count(0);
159: assert_hook();
160:
161: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
162: assert_hook_rekey(ike_rekey, 1, 3);
163: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
164: assert_ike_sa_state(b, IKE_REKEYED);
165: assert_child_sa_count(b, 0);
166: sa = assert_ike_sa_checkout(3, 5, FALSE);
167: assert_ike_sa_state(sa, IKE_ESTABLISHED);
168: assert_child_sa_count(sa, 1);
169: assert_ike_sa_count(1);
170: assert_hook();
171:
172: /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */
173: assert_hook_rekey(ike_rekey, 1, 3);
174: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
175: assert_ike_sa_state(a, IKE_DELETING);
176: assert_child_sa_count(a, 0);
177: sa = assert_ike_sa_checkout(3, 5, TRUE);
178: assert_ike_sa_state(sa, IKE_ESTABLISHED);
179: assert_child_sa_count(sa, 1);
180: assert_ike_sa_count(2);
181: assert_hook();
182:
183: /* we don't expect this hook to get called anymore */
184: assert_hook_not_called(ike_rekey);
185:
186: /* INFORMATIONAL { D } --> */
187: assert_single_payload(IN, PLV2_DELETE);
188: s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
189: ck_assert_int_eq(DESTROY_ME, s);
190: call_ikesa(b, destroy);
191: /* <-- INFORMATIONAL { } */
192: assert_message_empty(IN);
193: s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
194: ck_assert_int_eq(DESTROY_ME, s);
195: call_ikesa(a, destroy);
196:
197: /* ike_rekey/ike_updown/child_updown */
198: assert_hook();
199: assert_hook();
200: assert_hook();
201:
202: charon->ike_sa_manager->flush(charon->ike_sa_manager);
203: }
204: END_TEST
205:
206: /**
207: * Both peers initiate the IKE_SA rekeying concurrently and should handle the
208: * collision properly depending on the nonces.
209: */
210: START_TEST(test_collision)
211: {
212: ike_sa_t *a, *b, *sa;
213: status_t status;
214:
215: exchange_test_helper->establish_sa(exchange_test_helper,
216: &a, &b, NULL);
217:
218: /* When rekeyings collide we get two IKE_SAs with a total of four nonces.
219: * The IKE_SA with the lowest nonce SHOULD be deleted by the peer that
220: * created that IKE_SA. The replaced IKE_SA is deleted by the peer that
221: * initiated the surviving SA.
222: * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
223: * IKE_SA):
224: * N1/3 -----\ /----- N2/4
225: * \--/-----> N3/5
226: * N4/6 <-------/ /----- ...
227: * ... -----\
228: * We test this four times, each time a different nonce is the lowest.
229: */
230: struct {
231: /* Nonces used at each point */
232: u_char nonces[4];
233: /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
234: uint32_t del_a_i, del_a_r;
235: uint32_t del_b_i, del_b_r;
236: /* SPIs of the kept IKE_SA */
237: uint32_t spi_i, spi_r;
238: } data[] = {
239: { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
240: { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
241: { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 },
242: { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 },
243: };
244: /* these should never get called as this results in a successful rekeying */
245: assert_hook_not_called(ike_updown);
246: assert_hook_not_called(child_updown);
247:
248: exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
249: initiate_rekey(a);
250: exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
251: initiate_rekey(b);
252:
253: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
254: exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
255: assert_hook_not_called(ike_rekey);
256: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
257: assert_ike_sa_state(b, IKE_REKEYING);
258: assert_child_sa_count(b, 1);
259: assert_ike_sa_count(0);
260: assert_hook();
261:
262: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
263: exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
264: assert_hook_not_called(ike_rekey);
265: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
266: assert_ike_sa_state(a, IKE_REKEYING);
267: assert_child_sa_count(a, 1);
268: assert_ike_sa_count(0);
269: assert_hook();
270:
271: /* simplify next steps by checking in original IKE_SAs */
272: charon->ike_sa_manager->checkin(charon->ike_sa_manager, a);
273: charon->ike_sa_manager->checkin(charon->ike_sa_manager, b);
274: assert_ike_sa_count(2);
275:
276: /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */
277: assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
278: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
279: /* as original initiator a is initiator of both SAs it could delete */
280: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
281: assert_ike_sa_state(sa, IKE_DELETING);
282: assert_child_sa_count(sa, 0);
283: /* if b won it will delete the original SA a initiated */
284: sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
285: data[_i].del_b_i == 1);
286: assert_ike_sa_state(sa, IKE_REKEYED);
287: assert_child_sa_count(sa, 0);
288: sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
289: data[_i].del_a_i == 1);
290: assert_ike_sa_state(sa, IKE_ESTABLISHED);
291: assert_child_sa_count(sa, 1);
292: assert_ike_sa_count(4);
293: assert_hook();
294:
295: /* CREATE_CHILD_SA { SA, Nr, KEr } --> */
296: assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
297: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
298: /* if b wins it deletes the SA originally initiated by a */
299: sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
300: data[_i].del_b_i != 1);
301: assert_ike_sa_state(sa, IKE_DELETING);
302: assert_child_sa_count(sa, 0);
303: /* a only deletes SAs for which b is responder */
304: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
305: assert_ike_sa_state(sa, IKE_REKEYED);
306: assert_child_sa_count(sa, 0);
307: sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
308: data[_i].del_b_i == 1);
309: assert_ike_sa_state(sa, IKE_ESTABLISHED);
310: assert_child_sa_count(sa, 1);
311: assert_ike_sa_count(6);
312: assert_hook();
313:
314: /* we don't expect this hook to get called anymore */
315: assert_hook_not_called(ike_rekey);
316:
317: /* INFORMATIONAL { D } --> */
318: assert_single_payload(IN, PLV2_DELETE);
319: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
320: status = exchange_test_helper->process_message(exchange_test_helper, sa,
321: NULL);
322: ck_assert_int_eq(DESTROY_ME, status);
323: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
324: assert_ike_sa_count(5);
325: /* <-- INFORMATIONAL { D } */
326: assert_single_payload(IN, PLV2_DELETE);
327: sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
328: data[_i].del_b_i == 1);
329: status = exchange_test_helper->process_message(exchange_test_helper, sa,
330: NULL);
331: ck_assert_int_eq(DESTROY_ME, status);
332: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
333: assert_ike_sa_count(4);
334: /* <-- INFORMATIONAL { } */
335: assert_message_empty(IN);
336: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
337: status = exchange_test_helper->process_message(exchange_test_helper, sa,
338: NULL);
339: ck_assert_int_eq(DESTROY_ME, status);
340: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
341: assert_ike_sa_count(3);
342: /* INFORMATIONAL { } --> */
343: assert_message_empty(IN);
344: sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
345: data[_i].del_b_i != 1);
346: status = exchange_test_helper->process_message(exchange_test_helper, sa,
347: NULL);
348: ck_assert_int_eq(DESTROY_ME, status);
349: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
350: assert_ike_sa_count(2);
351:
352: /* ike_rekey/ike_updown/child_updown */
353: assert_hook();
354: assert_hook();
355: assert_hook();
356:
357: charon->ike_sa_manager->flush(charon->ike_sa_manager);
358: }
359: END_TEST
360:
361: /**
362: * Both peers initiate the IKE_SA rekeying concurrently but the proposed DH
363: * groups are not the same. After handling the INVALID_KE_PAYLOAD they should
364: * still handle the collision properly depending on the nonces.
365: */
366: START_TEST(test_collision_ke_invalid)
367: {
368: exchange_test_sa_conf_t conf = {
369: .initiator = {
370: .ike = "aes128-sha256-modp2048-modp3072",
371: },
372: .responder = {
373: .ike = "aes128-sha256-modp3072-modp2048",
374: },
375: };
376: ike_sa_t *a, *b, *sa;
377: status_t status;
378:
379: lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
380: FALSE, lib->ns);
381:
382: exchange_test_helper->establish_sa(exchange_test_helper,
383: &a, &b, &conf);
384:
385: lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
386: TRUE, lib->ns);
387: lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group",
388: FALSE, lib->ns);
389:
390: /* Six nonces and SPIs are needed (SPI 1 and 2 are used for the initial
391: * IKE_SA):
392: * N1/3 -----\ /----- N2/4
393: * \--/-----> N3/5
394: * N4/6 <-------/ /---- INVAL_KE
395: * INVAL_KE -----\ /
396: * <-----\--/
397: * N1/3 -----\ \------->
398: * \ /---- N2/4
399: * \--/----> N5/7
400: * N6/8 <--------/ /---- ...
401: * ... ------\
402: * We test this four times, each time a different nonce is the lowest.
403: */
404: struct {
405: /* Nonces used at each point */
406: u_char nonces[4];
407: /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
408: uint32_t del_a_i, del_a_r;
409: uint32_t del_b_i, del_b_r;
410: /* SPIs of the kept IKE_SA */
411: uint32_t spi_i, spi_r;
412: } data[] = {
413: { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 7, 1, 2, 4, 8 },
414: { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 8, 3, 7 },
415: { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 7, 1, 2, 4, 8 },
416: { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 8, 3, 7 },
417: };
418: /* these should never get called as this results in a successful rekeying */
419: assert_hook_not_called(ike_updown);
420: assert_hook_not_called(child_updown);
421:
422: exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
423: initiate_rekey(a);
424: exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
425: initiate_rekey(b);
426:
427: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
428: exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
429: assert_hook_not_called(ike_rekey);
430: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
431: assert_ike_sa_state(b, IKE_REKEYING);
432: assert_child_sa_count(b, 1);
433: assert_ike_sa_count(0);
434: assert_hook();
435:
436: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
437: exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
438: assert_hook_not_called(ike_rekey);
439: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
440: assert_ike_sa_state(a, IKE_REKEYING);
441: assert_child_sa_count(a, 1);
442: assert_ike_sa_count(0);
443: assert_hook();
444:
445: /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
446: exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
447: assert_hook_not_called(ike_rekey);
448: assert_single_notify(IN, INVALID_KE_PAYLOAD);
449: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
450: assert_ike_sa_state(a, IKE_REKEYING);
451: assert_child_sa_count(a, 1);
452: assert_ike_sa_count(0);
453: assert_hook();
454:
455: /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
456: exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
457: assert_hook_not_called(child_rekey);
458: assert_single_notify(IN, INVALID_KE_PAYLOAD);
459: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
460: assert_ike_sa_state(b, IKE_REKEYING);
461: assert_child_sa_count(b, 1);
462: assert_ike_sa_count(0);
463: assert_hook();
464:
465: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
466: exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
467: assert_hook_not_called(ike_rekey);
468: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
469: assert_ike_sa_state(b, IKE_REKEYING);
470: assert_child_sa_count(b, 1);
471: assert_ike_sa_count(0);
472: assert_hook();
473:
474: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
475: exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
476: assert_hook_not_called(ike_rekey);
477: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
478: assert_ike_sa_state(a, IKE_REKEYING);
479: assert_child_sa_count(a, 1);
480: assert_ike_sa_count(0);
481: assert_hook();
482:
483: /* simplify next steps by checking in original IKE_SAs */
484: charon->ike_sa_manager->checkin(charon->ike_sa_manager, a);
485: charon->ike_sa_manager->checkin(charon->ike_sa_manager, b);
486: assert_ike_sa_count(2);
487:
488: /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */
489: assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
490: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
491: /* as original initiator a is initiator of both SAs it could delete */
492: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
493: assert_ike_sa_state(sa, IKE_DELETING);
494: assert_child_sa_count(sa, 0);
495: /* if b won it will delete the original SA a initiated */
496: sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
497: data[_i].del_b_i == 1);
498: assert_ike_sa_state(sa, IKE_REKEYED);
499: assert_child_sa_count(sa, 0);
500: sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
501: data[_i].del_a_i == 1);
502: assert_ike_sa_state(sa, IKE_ESTABLISHED);
503: assert_child_sa_count(sa, 1);
504: assert_ike_sa_count(4);
505: assert_hook();
506:
507: /* CREATE_CHILD_SA { SA, Nr, KEr } --> */
508: assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
509: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
510: /* if b wins it deletes the SA originally initiated by a */
511: sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
512: data[_i].del_b_i != 1);
513: assert_ike_sa_state(sa, IKE_DELETING);
514: assert_child_sa_count(sa, 0);
515: /* a only deletes SAs for which b is responder */
516: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
517: assert_ike_sa_state(sa, IKE_REKEYED);
518: assert_child_sa_count(sa, 0);
519: sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
520: data[_i].del_b_i == 1);
521: assert_ike_sa_state(sa, IKE_ESTABLISHED);
522: assert_child_sa_count(sa, 1);
523: assert_ike_sa_count(6);
524: assert_hook();
525:
526: /* we don't expect this hook to get called anymore */
527: assert_hook_not_called(ike_rekey);
528:
529: /* INFORMATIONAL { D } --> */
530: assert_single_payload(IN, PLV2_DELETE);
531: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
532: status = exchange_test_helper->process_message(exchange_test_helper, sa,
533: NULL);
534: ck_assert_int_eq(DESTROY_ME, status);
535: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
536: assert_ike_sa_count(5);
537: /* <-- INFORMATIONAL { D } */
538: assert_single_payload(IN, PLV2_DELETE);
539: sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
540: data[_i].del_b_i == 1);
541: status = exchange_test_helper->process_message(exchange_test_helper, sa,
542: NULL);
543: ck_assert_int_eq(DESTROY_ME, status);
544: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
545: assert_ike_sa_count(4);
546: /* <-- INFORMATIONAL { } */
547: assert_message_empty(IN);
548: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
549: status = exchange_test_helper->process_message(exchange_test_helper, sa,
550: NULL);
551: ck_assert_int_eq(DESTROY_ME, status);
552: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
553: assert_ike_sa_count(3);
554: /* INFORMATIONAL { } --> */
555: assert_message_empty(IN);
556: sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
557: data[_i].del_b_i != 1);
558: status = exchange_test_helper->process_message(exchange_test_helper, sa,
559: NULL);
560: ck_assert_int_eq(DESTROY_ME, status);
561: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
562: assert_ike_sa_count(2);
563:
564: /* ike_rekey/ike_updown/child_updown */
565: assert_hook();
566: assert_hook();
567: assert_hook();
568:
569: charon->ike_sa_manager->flush(charon->ike_sa_manager);
570: }
571: END_TEST
572:
573: /**
574: * This is like the collision above but one of the retries is delayed.
575: */
576: START_TEST(test_collision_ke_invalid_delayed_retry)
577: {
578: exchange_test_sa_conf_t conf = {
579: .initiator = {
580: .ike = "aes128-sha256-modp2048-modp3072",
581: },
582: .responder = {
583: .ike = "aes128-sha256-modp3072-modp2048",
584: },
585: };
586: ike_sa_t *a, *b, *sa;
587: message_t *msg;
588: status_t s;
589:
590: lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
591: FALSE, lib->ns);
592:
593: exchange_test_helper->establish_sa(exchange_test_helper,
594: &a, &b, &conf);
595:
596: lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
597: TRUE, lib->ns);
598: lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group",
599: FALSE, lib->ns);
600:
601: /* Five nonces and SPIs are needed (SPI 1 and 2 are used for the initial
602: * IKE_SA):
603: * N1/3 -----\ /----- N2/4
604: * \--/-----> N3/5
605: * N4/6 <-------/ /---- INVAL_KE
606: * INVAL_KE -----\ /
607: * <-----\--/
608: * N1/3 -----\ \------->
609: * <-----\--------- N2/4
610: * N5/7 -------\------->
611: * <-------\------- DELETE
612: * ... ------\ \----->
613: * /---- TEMP_FAIL
614: *
615: * We test this three times, each time a different nonce is the lowest.
616: */
617: struct {
618: /* Nonces used at each point */
619: u_char nonces[3];
620: } data[] = {
621: { { 0x00, 0xFF, 0xFF } },
622: { { 0xFF, 0x00, 0xFF } },
623: { { 0xFF, 0xFF, 0x00 } },
624: };
625: /* these should never get called as this results in a successful rekeying */
626: assert_hook_not_called(ike_updown);
627: assert_hook_not_called(child_updown);
628:
629: exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
630: initiate_rekey(a);
631: exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
632: initiate_rekey(b);
633:
634: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
635: exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
636: assert_hook_not_called(ike_rekey);
637: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
638: assert_ike_sa_state(b, IKE_REKEYING);
639: assert_child_sa_count(b, 1);
640: assert_ike_sa_count(0);
641: assert_hook();
642:
643: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
644: exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
645: assert_hook_not_called(ike_rekey);
646: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
647: assert_ike_sa_state(a, IKE_REKEYING);
648: assert_child_sa_count(a, 1);
649: assert_ike_sa_count(0);
650: assert_hook();
651:
652: /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */
653: exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
654: assert_hook_not_called(ike_rekey);
655: assert_single_notify(IN, INVALID_KE_PAYLOAD);
656: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
657: assert_ike_sa_state(a, IKE_REKEYING);
658: assert_child_sa_count(a, 1);
659: assert_ike_sa_count(0);
660: assert_hook();
661:
662: /* CREATE_CHILD_SA { N(INVAL_KE) } --> */
663: exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
664: assert_hook_not_called(child_rekey);
665: assert_single_notify(IN, INVALID_KE_PAYLOAD);
666: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
667: assert_ike_sa_state(b, IKE_REKEYING);
668: assert_child_sa_count(b, 1);
669: assert_ike_sa_count(0);
670: assert_hook();
671:
672: /* delay the CREATE_CHILD_SA request from a to b */
673: msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
674:
675: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
676: exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
677: assert_hook_not_called(ike_rekey);
678: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
679: assert_ike_sa_state(a, IKE_REKEYING);
680: assert_child_sa_count(a, 1);
681: assert_ike_sa_count(0);
682: assert_hook();
683:
684: /* CREATE_CHILD_SA { SA, Nr, KEr } --> */
685: assert_hook_rekey(ike_rekey, 1, 4);
686: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
687: assert_ike_sa_state(b, IKE_DELETING);
688: assert_child_sa_count(b, 0);
689: sa = assert_ike_sa_checkout(4, 7, TRUE);
690: assert_ike_sa_state(sa, IKE_ESTABLISHED);
691: assert_child_sa_count(sa, 1);
692: assert_ike_sa_count(1);
693: assert_hook();
694:
695: /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */
696: assert_single_notify(OUT, TEMPORARY_FAILURE);
697: exchange_test_helper->process_message(exchange_test_helper, b, msg);
698: assert_ike_sa_state(b, IKE_DELETING);
699:
700: /* <-- INFORMATIONAL { D } */
701: assert_hook_rekey(ike_rekey, 1, 4);
702: assert_single_payload(IN, PLV2_DELETE);
703: s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
704: ck_assert_int_eq(DESTROY_ME, s);
705: call_ikesa(a, destroy);
706: sa = assert_ike_sa_checkout(4, 7, FALSE);
707: assert_ike_sa_state(sa, IKE_ESTABLISHED);
708: assert_child_sa_count(sa, 1);
709: assert_ike_sa_count(2);
710: assert_hook();
711:
712: /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
713: /* the SA is already gone */
714: msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
715: msg->destroy(msg);
716:
717: /* INFORMATIONAL { } --> */
718: assert_hook_not_called(ike_rekey);
719: assert_message_empty(IN);
720: s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
721: ck_assert_int_eq(DESTROY_ME, s);
722: call_ikesa(b, destroy);
723: assert_hook();
724:
725: /* ike_updown/child_updown */
726: assert_hook();
727: assert_hook();
728:
729: charon->ike_sa_manager->flush(charon->ike_sa_manager);
730: }
731: END_TEST
732:
733: /**
734: * This is like the rekey collision above, but one peer deletes the
735: * redundant/old SA before the other peer receives the CREATE_CHILD_SA
736: * response:
737: * Peer A Peer B
738: * rekey ----\ /---- rekey
739: * \-----/----> detect collision
740: * detect collision <---------/ /----
741: * -----------/---->
742: * handle delete <---------/------ delete redundant/old SA
743: * ---------/------>
744: * handle rekey <-------/
745: * delete SA ---------------->
746: * <----------------
747: *
748: * If peer B won the collision it deletes the old IKE_SA, in which case
749: * this situation is handled as if peer B was not aware of the collision (see
750: * below). That is, peer A finalizes the rekeying initiated by the peer and
751: * deletes the IKE_SA (it has no way of knowing whether the peer was aware of
752: * the collision or not). Peer B will expect the redundant IKE_SA to get
753: * deleted, but that will never happen if the response arrives after the SA is
754: * already gone. So a job should be queued that deletes it after a while.
755: *
756: * If peer B lost it will switch to the new IKE_SA and delete the redundant
757: * IKE_SA and expect a delete for the old IKE_SA. In this case peer A will
758: * simply retransmit until it receives a response to the rekey request, all the
759: * while ignoring the delete requests for the unknown IKE_SA. Afterwards,
760: * everything works as in a regular collision (however, until peer A receives
761: * the response it will not be able to receive any messages on the new IKE_SA).
762: */
763: START_TEST(test_collision_delayed_response)
764: {
765: ike_sa_t *a, *b, *sa;
766: message_t *msg, *d;
767: status_t s;
768:
769: exchange_test_helper->establish_sa(exchange_test_helper,
770: &a, &b, NULL);
771:
772: /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
773: * IKE_SA):
774: * N1/3 -----\ /----- N2/4
775: * \--/-----> N3/5
776: * N4/6 <-------/ /----- ...
777: * ... -----\
778: * We test this four times, each time a different nonce is the lowest.
779: */
780: struct {
781: /* Nonces used at each point */
782: u_char nonces[4];
783: /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
784: uint32_t del_a_i, del_a_r;
785: uint32_t del_b_i, del_b_r;
786: /* SPIs of the kept IKE_SA */
787: uint32_t spi_i, spi_r;
788: } data[] = {
789: { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
790: { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
791: { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 },
792: { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 },
793: };
794: /* these should never get called as this results in a successful rekeying */
795: assert_hook_not_called(ike_updown);
796: assert_hook_not_called(child_updown);
797:
798: exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
799: initiate_rekey(a);
800: exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
801: initiate_rekey(b);
802:
803: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
804: exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
805: assert_hook_not_called(ike_rekey);
806: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
807: assert_ike_sa_state(b, IKE_REKEYING);
808: assert_child_sa_count(b, 1);
809: assert_ike_sa_count(0);
810: assert_hook();
811:
812: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
813: exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
814: assert_hook_not_called(ike_rekey);
815: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
816: assert_ike_sa_state(a, IKE_REKEYING);
817: assert_child_sa_count(a, 1);
818: assert_ike_sa_count(0);
819: assert_hook();
820:
821: /* delay the CREATE_CHILD_SA response from b to a */
822: msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
823:
824: /* simplify next steps by checking in original IKE_SAs */
825: charon->ike_sa_manager->checkin(charon->ike_sa_manager, a);
826: charon->ike_sa_manager->checkin(charon->ike_sa_manager, b);
827: assert_ike_sa_count(2);
828:
829: /* CREATE_CHILD_SA { SA, Nr, KEr } --> */
830: assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
831: /* besides the job that retransmits the delete, we expect a job that
832: * deletes the redundant IKE_SA if we expect the other to delete it */
833: assert_jobs_scheduled(data[_i].del_b_i == 1 ? 2 : 1);
834: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
835: /* if b wins it deletes the SA originally initiated by a */
836: sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
837: data[_i].del_b_i != 1);
838: assert_ike_sa_state(sa, IKE_DELETING);
839: assert_child_sa_count(sa, 0);
840: /* a only deletes SAs for which b is responder */
841: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
842: assert_ike_sa_state(sa, IKE_REKEYED);
843: assert_child_sa_count(sa, 0);
844: sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
845: data[_i].del_b_i == 1);
846: assert_ike_sa_state(sa, IKE_ESTABLISHED);
847: assert_child_sa_count(sa, 1);
848: assert_ike_sa_count(4);
849: assert_scheduler();
850: assert_hook();
851:
852: /* <-- INFORMATIONAL { D } */
853: if (data[_i].del_b_i == 1)
854: { /* b won, it deletes the replaced IKE_SA */
855: assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
856: assert_single_payload(IN, PLV2_DELETE);
857: s = exchange_test_helper->process_message(exchange_test_helper, a,
858: NULL);
859: ck_assert_int_eq(DESTROY_ME, s);
860: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, a);
861: sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, FALSE);
862: assert_ike_sa_state(sa, IKE_ESTABLISHED);
863: assert_child_sa_count(sa, 1);
864: assert_ike_sa_count(4);
865: assert_hook();
866:
867: /* INFORMATIONAL { } --> */
868: assert_hook_not_called(ike_rekey);
869: assert_message_empty(IN);
870: s = exchange_test_helper->process_message(exchange_test_helper, b,
871: NULL);
872: ck_assert_int_eq(DESTROY_ME, s);
873: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, b);
874: assert_ike_sa_count(3);
875: assert_hook();
876: /* the job will later remove this redundant IKE_SA on b */
877: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
878: assert_ike_sa_state(sa, IKE_REKEYED);
879: assert_sa_idle(sa);
880: /* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */
881: /* the IKE_SA (a) does not exist anymore */
882: msg->destroy(msg);
883: }
884: else
885: { /* b lost, the delete is for the non-existing redundant IKE_SA */
886: d = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
887:
888: /* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */
889: assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
890: exchange_test_helper->process_message(exchange_test_helper, a, msg);
891: /* as original initiator a is initiator of both SAs it could delete */
892: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
893: assert_ike_sa_state(sa, IKE_DELETING);
894: assert_child_sa_count(sa, 0);
895: /* this is the redundant SA b is trying to delete */
896: sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE);
897: assert_ike_sa_state(sa, IKE_REKEYED);
898: assert_child_sa_count(sa, 0);
899: sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
900: data[_i].del_a_i == 1);
901: assert_ike_sa_state(sa, IKE_ESTABLISHED);
902: assert_child_sa_count(sa, 1);
903: assert_ike_sa_count(6);
904: assert_hook();
905:
906: /* we don't expect this hook to get called anymore */
907: assert_hook_not_called(ike_rekey);
908:
909: /* INFORMATIONAL { D } --> */
910: assert_single_payload(IN, PLV2_DELETE);
911: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
912: s = exchange_test_helper->process_message(exchange_test_helper, sa,
913: NULL);
914: ck_assert_int_eq(DESTROY_ME, s);
915: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
916: assert_ike_sa_count(5);
917: /* <-- INFORMATIONAL { } */
918: assert_message_empty(IN);
919: sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
920: s = exchange_test_helper->process_message(exchange_test_helper, sa,
921: NULL);
922: ck_assert_int_eq(DESTROY_ME, s);
923: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
924: assert_ike_sa_count(4);
925:
926: /* <-- INFORMATIONAL { D } (retransmit/delayed) */
927: assert_single_payload(IN, PLV2_DELETE);
928: sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE);
929: s = exchange_test_helper->process_message(exchange_test_helper, sa, d);
930: ck_assert_int_eq(DESTROY_ME, s);
931: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
932: assert_ike_sa_count(3);
933: /* INFORMATIONAL { } --> */
934: assert_message_empty(IN);
935: sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, TRUE);
936: s = exchange_test_helper->process_message(exchange_test_helper, sa,
937: NULL);
938: ck_assert_int_eq(DESTROY_ME, s);
939: charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
940: assert_ike_sa_count(2);
941: /* ike_rekey */
942: assert_hook();
943: }
944:
945: /* ike_updown/child_updown */
946: assert_hook();
947: assert_hook();
948:
949: charon->ike_sa_manager->flush(charon->ike_sa_manager);
950: }
951: END_TEST
952:
953: /**
954: * In this scenario one of the peers does not notice that there is a rekey
955: * collision because the other request is dropped:
956: *
957: * rekey ----\ /---- rekey
958: * \ /
959: * detect collision <-----\---/
960: * -------\-------->
961: * detect collision <-------\-------- delete old SA
962: * delete ---------\------>
963: * rekey done \-----> SA not found (or it never arrives)
964: */
965: START_TEST(test_collision_dropped_request)
966: {
967: ike_sa_t *a, *b, *sa;
968: message_t *msg;
969: status_t s;
970:
971: exchange_test_helper->establish_sa(exchange_test_helper,
972: &a, &b, NULL);
973:
974: /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
975: * CHILD_SA):
976: * N1/3 -----\ /----- N2/4
977: * N3/5 <-----\--/
978: * ... -----\ \-------> ...
979: * We test this three times, each time a different nonce is the lowest.
980: */
981: struct {
982: /* Nonces used at each point */
983: u_char nonces[3];
984: /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
985: uint32_t del_a_i, del_a_r;
986: uint32_t del_b_i, del_b_r;
987: /* SPIs of the kept IKE_SA */
988: uint32_t spi_i, spi_r;
989: } data[] = {
990: { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
991: { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 },
992: { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 },
993: { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
994: };
995: /* these should never get called as this results in a successful rekeying */
996: assert_hook_not_called(ike_updown);
997: assert_hook_not_called(child_updown);
998:
999: exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1000: initiate_rekey(a);
1001: /* drop the CREATE_CHILD_SA request from a to b */
1002: msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1003: msg->destroy(msg);
1004: exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1005: initiate_rekey(b);
1006:
1007: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
1008: exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1009: assert_hook_not_called(ike_rekey);
1010: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1011: assert_ike_sa_state(a, IKE_REKEYING);
1012: assert_child_sa_count(a, 1);
1013: assert_ike_sa_count(0);
1014: assert_hook();
1015:
1016: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
1017: assert_hook_rekey(ike_rekey, 1, 4);
1018: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1019: assert_ike_sa_state(b, IKE_DELETING);
1020: assert_child_sa_count(b, 0);
1021: sa = assert_ike_sa_checkout(4, 5, TRUE);
1022: assert_ike_sa_state(sa, IKE_ESTABLISHED);
1023: assert_child_sa_count(sa, 1);
1024: assert_ike_sa_count(1);
1025: assert_hook();
1026:
1027: /* <-- INFORMATIONAL { D } */
1028: assert_hook_rekey(ike_rekey, 1, 4);
1029: assert_single_payload(IN, PLV2_DELETE);
1030: s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1031: ck_assert_int_eq(DESTROY_ME, s);
1032: call_ikesa(a, destroy);
1033: sa = assert_ike_sa_checkout(4, 5, FALSE);
1034: assert_ike_sa_state(sa, IKE_ESTABLISHED);
1035: assert_child_sa_count(sa, 1);
1036: assert_ike_sa_count(2);
1037: assert_hook();
1038:
1039: /* INFORMATIONAL { } --> */
1040: assert_hook_not_called(ike_rekey);
1041: assert_message_empty(IN);
1042: s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1043: ck_assert_int_eq(DESTROY_ME, s);
1044: call_ikesa(b, destroy);
1045: assert_hook();
1046:
1047: /* ike_updown/child_updown */
1048: assert_hook();
1049: assert_hook();
1050:
1051: charon->ike_sa_manager->flush(charon->ike_sa_manager);
1052: }
1053: END_TEST
1054:
1055: /**
1056: * In this scenario one of the peers does not notice that there is a rekey
1057: * collision because the other request is delayed:
1058: *
1059: * rekey ----\ /---- rekey
1060: * \ /
1061: * detect collision <-----\---/
1062: * -------\-------->
1063: * \ /---- delete old SA
1064: * \-/----> detect collision
1065: * detect collision <---------/ /---- TEMP_FAIL
1066: * delete -----------/---->
1067: * rekey done /
1068: * sa already gone <--------/
1069: */
1070: START_TEST(test_collision_delayed_request)
1071: {
1072: ike_sa_t *a, *b, *sa;
1073: message_t *msg;
1074: status_t s;
1075:
1076: exchange_test_helper->establish_sa(exchange_test_helper,
1077: &a, &b, NULL);
1078:
1079: /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
1080: * CHILD_SA):
1081: * N1/3 -----\ /----- N2/4
1082: * N3/5 <-----\--/
1083: * ... -----\ \-------> ...
1084: * We test this three times, each time a different nonce is the lowest.
1085: */
1086: struct {
1087: /* Nonces used at each point */
1088: u_char nonces[3];
1089: /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
1090: uint32_t del_a_i, del_a_r;
1091: uint32_t del_b_i, del_b_r;
1092: /* SPIs of the kept IKE_SA */
1093: uint32_t spi_i, spi_r;
1094: } data[] = {
1095: { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
1096: { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 },
1097: { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 },
1098: { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
1099: };
1100: /* these should never get called as this results in a successful rekeying */
1101: assert_hook_not_called(ike_updown);
1102: assert_hook_not_called(child_updown);
1103:
1104: exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1105: initiate_rekey(a);
1106: exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1107: initiate_rekey(b);
1108:
1109: /* delay the CREATE_CHILD_SA request from a to b */
1110: msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1111:
1112: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
1113: exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1114: assert_hook_not_called(ike_rekey);
1115: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1116: assert_ike_sa_state(a, IKE_REKEYING);
1117: assert_child_sa_count(a, 1);
1118: assert_ike_sa_count(0);
1119: assert_hook();
1120:
1121: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
1122: assert_hook_rekey(ike_rekey, 1, 4);
1123: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1124: assert_ike_sa_state(b, IKE_DELETING);
1125: assert_child_sa_count(b, 0);
1126: sa = assert_ike_sa_checkout(4, 5, TRUE);
1127: assert_ike_sa_state(sa, IKE_ESTABLISHED);
1128: assert_child_sa_count(sa, 1);
1129: assert_ike_sa_count(1);
1130: assert_hook();
1131:
1132: /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */
1133: assert_single_notify(OUT, TEMPORARY_FAILURE);
1134: exchange_test_helper->process_message(exchange_test_helper, b, msg);
1135: assert_ike_sa_state(b, IKE_DELETING);
1136:
1137: /* <-- INFORMATIONAL { D } */
1138: assert_hook_rekey(ike_rekey, 1, 4);
1139: assert_single_payload(IN, PLV2_DELETE);
1140: s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1141: ck_assert_int_eq(DESTROY_ME, s);
1142: call_ikesa(a, destroy);
1143: sa = assert_ike_sa_checkout(4, 5, FALSE);
1144: assert_ike_sa_state(sa, IKE_ESTABLISHED);
1145: assert_child_sa_count(sa, 1);
1146: assert_ike_sa_count(2);
1147: assert_hook();
1148:
1149: /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1150: /* the SA is already gone */
1151: msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1152: msg->destroy(msg);
1153:
1154: /* INFORMATIONAL { } --> */
1155: assert_hook_not_called(ike_rekey);
1156: assert_message_empty(IN);
1157: s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1158: ck_assert_int_eq(DESTROY_ME, s);
1159: call_ikesa(b, destroy);
1160: assert_hook();
1161:
1162: /* ike_updown/child_updown */
1163: assert_hook();
1164: assert_hook();
1165:
1166: charon->ike_sa_manager->flush(charon->ike_sa_manager);
1167: }
1168: END_TEST
1169:
1170: /**
1171: * In this scenario one of the peers does not notice that there is a rekey
1172: * collision and the delete arrives after the TEMPORARY_FAILURE notify:
1173: *
1174: * rekey ----\ /---- rekey
1175: * \ /
1176: * detect collision <-----\---/
1177: * -------\-------->
1178: * \ /---- delete old SA
1179: * \-/----> detect collision
1180: * no reschedule <---------/------ TEMP_FAIL
1181: * detect collision <--------/
1182: * delete ---------------->
1183: * rekey done
1184: */
1185: START_TEST(test_collision_delayed_request_and_delete)
1186: {
1187: ike_sa_t *a, *b, *sa;
1188: message_t *msg;
1189: status_t s;
1190:
1191: exchange_test_helper->establish_sa(exchange_test_helper,
1192: &a, &b, NULL);
1193:
1194: /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial
1195: * CHILD_SA):
1196: * N1/3 -----\ /----- N2/4
1197: * N3/5 <-----\--/
1198: * ... -----\ \-------> ...
1199: * We test this three times, each time a different nonce is the lowest.
1200: */
1201: struct {
1202: /* Nonces used at each point */
1203: u_char nonces[3];
1204: /* SPIs of the deleted IKE_SAs (either redundant or replaced) */
1205: uint32_t del_a_i, del_a_r;
1206: uint32_t del_b_i, del_b_r;
1207: /* SPIs of the kept IKE_SA */
1208: uint32_t spi_i, spi_r;
1209: } data[] = {
1210: { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
1211: { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 },
1212: { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 },
1213: { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
1214: };
1215: /* these should never get called as this results in a successful rekeying */
1216: assert_hook_not_called(ike_updown);
1217: assert_hook_not_called(child_updown);
1218:
1219: exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
1220: initiate_rekey(a);
1221: exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
1222: initiate_rekey(b);
1223:
1224: /* delay the CREATE_CHILD_SA request from a to b */
1225: msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1226:
1227: /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
1228: exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
1229: assert_hook_not_called(ike_rekey);
1230: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1231: assert_ike_sa_state(a, IKE_REKEYING);
1232: assert_child_sa_count(a, 1);
1233: assert_ike_sa_count(0);
1234: assert_hook();
1235:
1236: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
1237: assert_hook_rekey(ike_rekey, 1, 4);
1238: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1239: assert_ike_sa_state(b, IKE_DELETING);
1240: assert_child_sa_count(b, 0);
1241: sa = assert_ike_sa_checkout(4, 5, TRUE);
1242: assert_ike_sa_state(sa, IKE_ESTABLISHED);
1243: assert_child_sa_count(sa, 1);
1244: assert_ike_sa_count(1);
1245: assert_hook();
1246:
1247: /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */
1248: assert_single_notify(OUT, TEMPORARY_FAILURE);
1249: exchange_test_helper->process_message(exchange_test_helper, b, msg);
1250: assert_ike_sa_state(b, IKE_DELETING);
1251:
1252: /* delay the INFORMATIONAL request from b to a */
1253: msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1254:
1255: /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1256: assert_hook_rekey(ike_rekey, 1, 4);
1257: assert_no_jobs_scheduled();
1258: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1259: assert_ike_sa_state(a, IKE_REKEYED);
1260: assert_child_sa_count(a, 0);
1261: sa = assert_ike_sa_checkout(4, 5, FALSE);
1262: assert_ike_sa_state(sa, IKE_ESTABLISHED);
1263: assert_child_sa_count(sa, 1);
1264: assert_ike_sa_count(2);
1265: assert_scheduler();
1266: assert_hook();
1267:
1268: /* <-- INFORMATIONAL { D } (delayed) */
1269: assert_single_payload(IN, PLV2_DELETE);
1270: s = exchange_test_helper->process_message(exchange_test_helper, a, msg);
1271: ck_assert_int_eq(DESTROY_ME, s);
1272: call_ikesa(a, destroy);
1273:
1274: /* INFORMATIONAL { } --> */
1275: assert_hook_not_called(ike_rekey);
1276: assert_message_empty(IN);
1277: s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1278: ck_assert_int_eq(DESTROY_ME, s);
1279: call_ikesa(b, destroy);
1280: assert_hook();
1281:
1282: /* ike_updown/child_updown */
1283: assert_hook();
1284: assert_hook();
1285:
1286: charon->ike_sa_manager->flush(charon->ike_sa_manager);
1287: }
1288: END_TEST
1289:
1290: /**
1291: * One of the hosts initiates a DELETE of the IKE_SA the other peer is
1292: * concurrently trying to rekey.
1293: *
1294: * rekey ----\ /---- delete
1295: * \-----/----> detect collision
1296: * detect collision <---------/ /---- TEMP_FAIL
1297: * delete ----\ /
1298: * \----/----->
1299: * sa already gone <--------/
1300: */
1301: START_TEST(test_collision_delete)
1302: {
1303: ike_sa_t *a, *b;
1304: message_t *msg;
1305: status_t s;
1306:
1307: if (_i)
1308: { /* responder rekeys the IKE_SA */
1309: exchange_test_helper->establish_sa(exchange_test_helper,
1310: &b, &a, NULL);
1311: }
1312: else
1313: { /* initiator rekeys the IKE_SA */
1314: exchange_test_helper->establish_sa(exchange_test_helper,
1315: &a, &b, NULL);
1316: }
1317: /* this should never get called as this does not result in a successful
1318: * rekeying on either side */
1319: assert_hook_not_called(ike_rekey);
1320:
1321: initiate_rekey(a);
1322: call_ikesa(b, delete, FALSE);
1323: assert_ike_sa_state(b, IKE_DELETING);
1324:
1325: /* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that
1326: * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1327: */
1328:
1329: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
1330: assert_hook_not_called(ike_updown);
1331: assert_single_notify(OUT, TEMPORARY_FAILURE);
1332: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1333: assert_ike_sa_state(b, IKE_DELETING);
1334: assert_ike_sa_count(0);
1335: assert_hook();
1336:
1337: /* RFC 7296, 2.25.2: If a peer receives a request to close an IKE SA that
1338: * it is currently rekeying, it SHOULD reply as usual, and forget its own
1339: * rekeying request.
1340: */
1341:
1342: /* <-- INFORMATIONAL { D } */
1343: assert_hook_updown(ike_updown, FALSE);
1344: assert_hook_updown(child_updown, FALSE);
1345: assert_single_payload(IN, PLV2_DELETE);
1346: assert_message_empty(OUT);
1347: s = exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1348: ck_assert_int_eq(DESTROY_ME, s);
1349: call_ikesa(a, destroy);
1350: assert_hook();
1351: assert_hook();
1352:
1353: /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1354: /* the SA is already gone */
1355: msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1356: msg->destroy(msg);
1357:
1358: /* INFORMATIONAL { } --> */
1359: assert_hook_updown(ike_updown, FALSE);
1360: assert_hook_updown(child_updown, FALSE);
1361: s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1362: ck_assert_int_eq(DESTROY_ME, s);
1363: call_ikesa(b, destroy);
1364: assert_hook();
1365: assert_hook();
1366:
1367: /* ike_rekey */
1368: assert_hook();
1369: }
1370: END_TEST
1371:
1372: /**
1373: * One of the hosts initiates a DELETE of the IKE_SA the other peer is
1374: * concurrently trying to rekey. However, the delete request is delayed or
1375: * dropped, so the peer doing the rekeying is unaware of the collision.
1376: *
1377: * rekey ----\ /---- delete
1378: * \-----/----> detect collision
1379: * reschedule <---------/------ TEMP_FAIL
1380: * <--------/
1381: * delete ---------------->
1382: */
1383: START_TEST(test_collision_delete_drop_delete)
1384: {
1385: ike_sa_t *a, *b;
1386: message_t *msg;
1387: status_t s;
1388:
1389: if (_i)
1390: { /* responder rekeys the IKE_SA */
1391: exchange_test_helper->establish_sa(exchange_test_helper,
1392: &b, &a, NULL);
1393: }
1394: else
1395: { /* initiator rekeys the IKE_SA */
1396: exchange_test_helper->establish_sa(exchange_test_helper,
1397: &a, &b, NULL);
1398: }
1399: /* this should never get called as this does not result in a successful
1400: * rekeying on either side */
1401: assert_hook_not_called(ike_rekey);
1402:
1403: initiate_rekey(a);
1404: call_ikesa(b, delete, FALSE);
1405: assert_ike_sa_state(b, IKE_DELETING);
1406:
1407: /* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that
1408: * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE.
1409: */
1410:
1411: /* CREATE_CHILD_SA { SA, Ni, KEi } --> */
1412: assert_hook_not_called(ike_updown);
1413: assert_single_notify(OUT, TEMPORARY_FAILURE);
1414: exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1415: assert_ike_sa_state(b, IKE_DELETING);
1416: assert_ike_sa_count(0);
1417: assert_hook();
1418:
1419: /* delay the DELETE request */
1420: msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
1421:
1422: /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */
1423: assert_hook_not_called(ike_updown);
1424: assert_hook_not_called(child_updown);
1425: /* we expect a job to retry the rekeying is scheduled */
1426: assert_jobs_scheduled(1);
1427: exchange_test_helper->process_message(exchange_test_helper, a, NULL);
1428: assert_ike_sa_state(a, IKE_ESTABLISHED);
1429: assert_scheduler();
1430: assert_hook();
1431: assert_hook();
1432:
1433: /* <-- INFORMATIONAL { D } (delayed) */
1434: assert_hook_updown(ike_updown, FALSE);
1435: assert_hook_updown(child_updown, FALSE);
1436: assert_single_payload(IN, PLV2_DELETE);
1437: assert_message_empty(OUT);
1438: s = exchange_test_helper->process_message(exchange_test_helper, a, msg);
1439: ck_assert_int_eq(DESTROY_ME, s);
1440: call_ikesa(a, destroy);
1441: assert_hook();
1442: assert_hook();
1443:
1444: /* INFORMATIONAL { } --> */
1445: assert_hook_updown(ike_updown, FALSE);
1446: assert_hook_updown(child_updown, FALSE);
1447: s = exchange_test_helper->process_message(exchange_test_helper, b, NULL);
1448: ck_assert_int_eq(DESTROY_ME, s);
1449: call_ikesa(b, destroy);
1450: assert_hook();
1451: assert_hook();
1452:
1453: /* ike_rekey */
1454: assert_hook();
1455: }
1456: END_TEST
1457:
1458: Suite *ike_rekey_suite_create()
1459: {
1460: Suite *s;
1461: TCase *tc;
1462:
1463: s = suite_create("ike rekey");
1464:
1465: tc = tcase_create("regular");
1466: tcase_add_loop_test(tc, test_regular, 0, 2);
1467: tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2);
1468: suite_add_tcase(s, tc);
1469:
1470: tc = tcase_create("collisions rekey");
1471: tcase_add_loop_test(tc, test_collision, 0, 4);
1472: tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4);
1473: tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3);
1474: tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4);
1475: tcase_add_loop_test(tc, test_collision_dropped_request, 0, 3);
1476: tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3);
1477: tcase_add_loop_test(tc, test_collision_delayed_request_and_delete, 0, 3);
1478: suite_add_tcase(s, tc);
1479:
1480: tc = tcase_create("collisions delete");
1481: tcase_add_loop_test(tc, test_collision_delete, 0, 2);
1482: tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2);
1483: suite_add_tcase(s, tc);
1484:
1485: return s;
1486: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to test_ike_rekey.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / tests / suites