[Swan-dev] fixing Windows rekeying

[Paul Wouters]

On Wed, 29 Apr 2020, Antony Antony wrote:

This issue had been living in a stale mate and neither solution had been
merged in yet. I refound it based on a failing test case.

I've merged in Antony's version now as people prefered it.

Paul


> Date: Wed, 29 Apr 2020 01:53:08
> From: Antony Antony <antony at phenome.org>
> To: Libreswan Development List <swan-dev at lists.libreswan.org>,
>     Tuomo Soini <tis at foobar.fi>
> Subject: [Swan-dev] fixing Windows rekeying
> 
> Here is my attempt to fix it. I guess there more attempts Paul and Andrew
> has their own? I didnt commit because there more happening around. May be
> combine and take the best.
>
> During rekey on the responder this patch validate TS before the crypto
> starts.  Which I think is way better. I have been thinking of the same for
> initiator; when get the response to.  May be that should be later fix, first
> commmit the responder side clean up.
>
> I used 4 test cases and Windows 10 Tuomo runs to validate.
>
> ikev2-child-rekey-09-windows  this should emulate what Windows 10 is doing
> with rekey. It seems DH downgrade is fixed. This is based on logs provided
> by Tuomo.  Next 3 tests are more impairments to TS during rekey, emulating
> other possible scenarios
>
> ikev2-child-rekey-10-impair-rekey-initiate-subnet
> ikev2-child-rekey-10-impair-rekey-respond-subnet
> ikev2-child-rekey-10-impair-rekey-respond-supernet
>
> Also regarding:
> https://lists.libreswan.org/pipermail/swan-dev/2020-April/003754.html
> Andrew is right the initiator does not call the new functions added in
> 7be41582a340. That is why it is removed. Initiator already call the score
> fuction follow the last two test cases.
>
> Also Tuomo has been testing this? any issues?
>
> regards,
> -antony
>