#!/usr/bin/perl # # $Copyright$ # # $Id: HTR_E_In_EncryptKey.seq,v 1.1.1.1 2000/10/31 22:38:51 sekiya Exp $ # ###################################################################### BEGIN { unshift(@INC, '../ipsec/'); $V6evalTool::TestVersion = '$Name: $ '; } use V6evalTool; use IPSEC; %pktdesc = ( ### TBD ); $IF = Link0; #----- check NUT type ipsecCheckNUT(host); #ipsecExitNS(); #----- set SAD,SPD vLogHTML("*** Target initialization phase ***
"); ipsecClearAll(); ipsecSetSAD( "src=$IPSEC::IPsecAddr{IPSEC_HOST1_NET5_ADDR}" , "dst=$IPSEC::IPsecAddr{IPSEC_NUT_NET3_ADDR}" , "spi=0x1000" , "mode=transport" , "protocol=esp" , "ealgo=des-cbc" , "ealgokey=01234567", ); ipsecSetSPD( "src=$IPSEC::IPsecAddr{IPSEC_HOST1_NET5_ADDR}" , "dst=$IPSEC::IPsecAddr{IPSEC_NUT_NET3_ADDR}" , "upperspec=any" , "direction=in" , "protocol=esp" , "mode=transport" , ); #====================================================================== vLogHTML("*** Target testing phase ***
"); vCapture($IF); # ping TN(HOST1) <-> NUT (Valid Key) ($stat, %ret) = ipsecPing2NUT($IF, 'echo_request_from_host1_esp', 'echo_reply_to_host1'); if ($stat ne 'GOT_REPLY') { vLogHTML("TN received no echo reply from NUT to HOST1. (SPI=0x1000)
"); ipsecExitFail(); } vLogHTML("TN received echo reply from NUT to HOST1.
"); # ping TN(HOST1) <-> NUT (Invalid Key) ($stat, %ret) = ipsecPing2NUT($IF, 'echo_request_from_host1_esp_2', 'echo_reply_to_host1_2'); if ($stat ne 'NO_REPLY') { vLogHTML("TN received something reply packet from NUT to HOST1.
"); vLogHTML("TN did not ignore the invalid encryption key
"); ipsecExitFail(); } vLogHTML("TN received no echo reply packet from NUT to HOST1.
"); vLogHTML("TN ignored the invalid encryption key
"); ipsecExitPass(); ###################################################################### __END__ =head1 NAME HTR_E_In_EncryptKey - Host Transport Mode ESP Inbound Invalid Encryption Key =head1 TARGET Host =head1 SYNOPSIS =begin html 
  HTR_E_In_EncryptKey.seq [-tooloption ...] -pkt HTR_E_EncryptKey.def
    -tooloption : v6eval tool option
  See also HTR_E_common.def and HTR_common.def
=end html =head1 INITIALIZATION =begin html

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following: 

              NET5      NET3
    HOST1_NET5 -- Router -- NUT
         -----transport----->

Security Association Database (SAD)

Security Policy Database (SPD)

source address HOST1_NET5
destination address NUT_NET3
SPI 0x1000
mode transport
protocol ESP
ESP algorithm DES-CBC
ESP algorithm key 01234567
source address HOST1_NET5
destination address NUT_NET3
upper spec any
direction in
protocol ESP
mode transport
=end html =head1 TEST PROCEDURE =begin html 
 Tester                      Target
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |        (with ESP)         |
   |                           |
   | (<----------------------) |
   |     No ICMP Echo Reply    |
   |                           |
   v                           v
  1. Send ICMP Echo Request with ESP
  2. Receive nothing

ICMP Echo Request with ESP

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
ESP SPI 0x1000
Algorithm DES-CBC
Key foo0foo1
ICMP Type 128 (Echo Request)

ICMP Echo Reply

IP Header Source Address NUT_NET3
Destination Address HOST1_NET5
ICMP Type 129 (Echo Reply)
=end html =head1 JUDGEMENT PASS: Nothing received FAIL: ICMP Echo Reply received =head1 SEE ALSO perldoc V6evalTool =begin html 
  IPSEC.html IPsec Test Common Utility
=cut