unit-tests: Add test for rekey collision if one CREATE_CHILD_SA response is delayed

2016-05-31 18:19:17 +02:00 · 2016-05-31 18:19:17 +02:00 · 2e33d1f9ae
parent 566134b25a
commit 2e33d1f9ae
1 changed files with 221 additions and 0 deletions
--- a/src/libcharon/tests/suites/test_ike_rekey.c
+++ b/src/libcharon/tests/suites/test_ike_rekey.c
@ -257,6 +257,226 @@ START_TEST(test_collision)
 }
 END_TEST

+/**
+ * This is like the rekey collision above, but one peer deletes the
+ * redundant/old SA before the other peer receives the CREATE_CHILD_SA
+ * response:
+ *           Peer A                   Peer B
+ *            rekey ----\       /---- rekey
+ *                       \-----/----> detect collision
+ * detect collision <---------/ /----
+ *                  -----------/---->
+ *    handle delete <---------/------ delete redundant/old SA
+ *                  ---------/------>
+ *     handle rekey <-------/
+ *        delete SA ---------------->
+ *                  <----------------
+ *
+ * If peer B won the collision it deletes the old IKE_SA, in which case
+ * this situation is handled as if peer B was not aware of the collision (see
+ * below).  That is, peer A finalizes the rekeying initiated by the peer and
+ * deletes the IKE_SA (it has no way of knowing whether the peer was aware of
+ * the collision or not).  Peer B will expect the redundant IKE_SA to get
+ * deleted, but that will never happen if the response arrives after the SA is
+ * already gone.  So a job should be queued that deletes it after a while.
+ *
+ * If peer B lost it will switch to the new IKE_SA and delete the redundant
+ * IKE_SA and expect a delete for the old IKE_SA.  In this case peer A will
+ * simply retransmit until it receives a response to the rekey request, all the
+ * while ignoring the delete requests for the unknown IKE_SA.  Afterwards,
+ * everything works as in a regular collision (however, until peer A receives
+ * the response it will not be able to receive any messages on the new IKE_SA).
+ */
+START_TEST(test_collision_delayed_response)
+{
+	ike_sa_t *a, *b, *sa;
+	message_t *msg, *d;
+	status_t s;
+
+	exchange_test_helper->establish_sa(exchange_test_helper,
+									   &a, &b, NULL);
+
+	/* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial
+	 * IKE_SA):
+	 *   N1/3 -----\    /----- N2/4
+	 *              \--/-----> N3/5
+	 *   N4/6 <-------/ /----- ...
+	 *   ...  -----\
+	 * We test this four times, each time a different nonce is the lowest.
+	 */
+	struct {
+		/* Nonces used at each point */
+		u_char nonces[4];
+		/* SPIs of the deleted IKE_SAs (either redundant or replaced) */
+		uint32_t del_a_i, del_a_r;
+		uint32_t del_b_i, del_b_r;
+		/* SPIs of the kept IKE_SA */
+		uint32_t spi_i, spi_r;
+	} data[] = {
+		{ { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 },
+		{ { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 },
+		{ { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 },
+		{ { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 },
+	};
+	/* these should never get called as this results in a successful rekeying */
+	assert_hook_not_called(ike_updown);
+	assert_hook_not_called(child_updown);
+
+	exchange_test_helper->nonce_first_byte = data[_i].nonces[0];
+	initiate_rekey(a);
+	exchange_test_helper->nonce_first_byte = data[_i].nonces[1];
+	initiate_rekey(b);
+
+	/* CREATE_CHILD_SA { SA, Ni, KEi } --> */
+	exchange_test_helper->nonce_first_byte = data[_i].nonces[2];
+	assert_hook_not_called(ike_rekey);
+	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+	assert_ike_sa_state(b, IKE_REKEYING);
+	assert_child_sa_count(b, 1);
+	assert_ike_sa_count(0);
+	assert_hook();
+
+	/* <-- CREATE_CHILD_SA { SA, Ni, KEi } */
+	exchange_test_helper->nonce_first_byte = data[_i].nonces[3];
+	assert_hook_not_called(ike_rekey);
+	exchange_test_helper->process_message(exchange_test_helper, a, NULL);
+	assert_ike_sa_state(a, IKE_REKEYING);
+	assert_child_sa_count(a, 1);
+	assert_ike_sa_count(0);
+	assert_hook();
+
+	/* delay the CREATE_CHILD_SA response from b to a */
+	msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+	/* simplify next steps by checking in original IKE_SAs */
+	charon->ike_sa_manager->checkin(charon->ike_sa_manager, a);
+	charon->ike_sa_manager->checkin(charon->ike_sa_manager, b);
+	assert_ike_sa_count(2);
+
+	/* CREATE_CHILD_SA { SA, Nr, KEr } --> */
+	assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+	/* besides the job that retransmits the delete, we expect a job that
+	 * deletes the redundant IKE_SA if we expect the other to delete it */
+	assert_jobs_scheduled(data[_i].del_b_i == 1 ? 2 : 1);
+	exchange_test_helper->process_message(exchange_test_helper, b, NULL);
+	/* if b wins it deletes the SA originally initiated by a */
+	sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r,
+								data[_i].del_b_i != 1);
+	assert_ike_sa_state(sa, IKE_DELETING);
+	assert_child_sa_count(sa, 0);
+	/* a only deletes SAs for which b is responder */
+	sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+	assert_ike_sa_state(sa, IKE_REKEYED);
+	assert_child_sa_count(sa, 0);
+	sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
+								data[_i].del_b_i == 1);
+	assert_ike_sa_state(sa, IKE_ESTABLISHED);
+	assert_child_sa_count(sa, 1);
+	assert_ike_sa_count(4);
+	assert_scheduler();
+	assert_hook();
+
+	/* <-- INFORMATIONAL { D } */
+	if (data[_i].del_b_i == 1)
+	{	/* b won, it deletes the replaced IKE_SA */
+		assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+		assert_single_payload(IN, PLV2_DELETE);
+		s = exchange_test_helper->process_message(exchange_test_helper, a,
+												  NULL);
+		ck_assert_int_eq(DESTROY_ME, s);
+		charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, a);
+		sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, FALSE);
+		assert_ike_sa_state(sa, IKE_ESTABLISHED);
+		assert_child_sa_count(sa, 1);
+		assert_ike_sa_count(4);
+		assert_hook();
+
+		/* INFORMATIONAL { } --> */
+		assert_hook_not_called(ike_rekey);
+		assert_message_empty(IN);
+		s = exchange_test_helper->process_message(exchange_test_helper, b,
+												  NULL);
+		ck_assert_int_eq(DESTROY_ME, s);
+		charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, b);
+		assert_ike_sa_count(3);
+		assert_hook();
+		/* the job will later remove this redundant IKE_SA on b */
+		sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+		assert_ike_sa_state(sa, IKE_REKEYED);
+		assert_sa_idle(sa);
+		/* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */
+		/* the IKE_SA (a) does not exist anymore */
+		msg->destroy(msg);
+	}
+	else
+	{	/* b lost, the delete is for the non-existing redundant IKE_SA */
+		d = exchange_test_helper->sender->dequeue(exchange_test_helper->sender);
+
+		/* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */
+		assert_hook_rekey(ike_rekey, 1, data[_i].spi_i);
+		exchange_test_helper->process_message(exchange_test_helper, a, msg);
+		/* as original initiator a is initiator of both SAs it could delete */
+		sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
+		assert_ike_sa_state(sa, IKE_DELETING);
+		assert_child_sa_count(sa, 0);
+		/* this is the redundant SA b is trying to delete */
+		sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE);
+		assert_ike_sa_state(sa, IKE_REKEYED);
+		assert_child_sa_count(sa, 0);
+		sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r,
+									data[_i].del_a_i == 1);
+		assert_ike_sa_state(sa, IKE_ESTABLISHED);
+		assert_child_sa_count(sa, 1);
+		assert_ike_sa_count(6);
+		assert_hook();
+
+		/* we don't expect this hook to get called anymore */
+		assert_hook_not_called(ike_rekey);
+
+		/* INFORMATIONAL { D } --> */
+		assert_single_payload(IN, PLV2_DELETE);
+		sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE);
+		s = exchange_test_helper->process_message(exchange_test_helper, sa,
+												  NULL);
+		ck_assert_int_eq(DESTROY_ME, s);
+		charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+		assert_ike_sa_count(5);
+		/* <-- INFORMATIONAL { } */
+		assert_message_empty(IN);
+		sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE);
+		s = exchange_test_helper->process_message(exchange_test_helper, sa,
+												  NULL);
+		ck_assert_int_eq(DESTROY_ME, s);
+		charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+		assert_ike_sa_count(4);
+
+		/* <-- INFORMATIONAL { D } (retransmit/delayed) */
+		assert_single_payload(IN, PLV2_DELETE);
+		sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE);
+		s = exchange_test_helper->process_message(exchange_test_helper, sa, d);
+		ck_assert_int_eq(DESTROY_ME, s);
+		charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+		assert_ike_sa_count(3);
+		/* INFORMATIONAL { } --> */
+		assert_message_empty(IN);
+		sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, TRUE);
+		s = exchange_test_helper->process_message(exchange_test_helper, sa,
+												  NULL);
+		ck_assert_int_eq(DESTROY_ME, s);
+		charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa);
+		assert_ike_sa_count(2);
+		/* ike_rekey */
+		assert_hook();
+	}
+
+	/* ike_updown/child_updown */
+	assert_hook();
+	assert_hook();
+
+	charon->ike_sa_manager->flush(charon->ike_sa_manager);
+}
+END_TEST
+
 /**
 * In this scenario one of the peers does not notice that there is a rekey
 * collision because the other request is dropped:
@ -775,6 +995,7 @@ Suite *ike_rekey_suite_create()

 	tc = tcase_create("collisions rekey");
 	tcase_add_loop_test(tc, test_collision, 0, 4);
+	tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4);
 	tcase_add_loop_test(tc, test_collision_dropped_request, 0, 3);
 	tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3);
 	tcase_add_loop_test(tc, test_collision_delayed_request_and_delete, 0, 3);