ike-init: Make DH group reuse optional to test INVALID_KE_PAYLOAD handling

This is currently not an issue for CHILD_SA rekeying tests as these only check rekeyings of the CHILD_SA created with the IKE_SA, i.e. there is no previous DH group to reuse.
2018-02-02 10:59:25 +01:00 · 2018-02-02 10:59:25 +01:00 · 576d9b907c
parent 27b0bd91d4
commit 576d9b907c
2 changed files with 8 additions and 1 deletions
--- a/src/libcharon/sa/ikev2/tasks/ike_init.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_init.c
@ -534,7 +534,8 @@ METHOD(task_t, build_i, status_t,
 	/* if we are retrying after an INVALID_KE_PAYLOAD we already have one */
 	if (!this->dh)
 	{
-		if (this->old_sa)
+		if (this->old_sa && lib->settings->get_bool(lib->settings,
+								"%s.prefer_previous_dh_group", TRUE, lib->ns))
 		{	/* reuse the DH group we used for the old IKE_SA when rekeying */
 			proposal_t *proposal;
 			uint16_t dh_group;
--- a/src/libcharon/tests/suites/test_ike_rekey.c
+++ b/src/libcharon/tests/suites/test_ike_rekey.c
@ -138,6 +138,8 @@ START_TEST(test_regular_ke_invalid)

 	lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
 							TRUE, lib->ns);
+	lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group",
+							FALSE, lib->ns);

 	initiate_rekey(a);

@ -382,6 +384,8 @@ START_TEST(test_collision_ke_invalid)

 	lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
 							TRUE, lib->ns);
+	lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group",
+							FALSE, lib->ns);

 	/* Six nonces and SPIs are needed (SPI 1 and 2 are used for the initial
 	 * IKE_SA):
@ -591,6 +595,8 @@ START_TEST(test_collision_ke_invalid_delayed_retry)

 	lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals",
 							TRUE, lib->ns);
+	lib->settings->set_bool(lib->settings, "%s.prefer_previous_dh_group",
+							FALSE, lib->ns);

 	/* Five nonces and SPIs are needed (SPI 1 and 2 are used for the initial
 	 * IKE_SA):