#!/usr/bin/perl # # $Copyright$ # # $Id: HTR_E_Out_null_hmacsha1.seq,v 1.1.1.1 2000/09/28 00:14:46 sekiya Exp $ # ###################################################################### BEGIN { unshift(@INC, '../ipsec/'); $V6evalTool::TestVersion = '$Name: $ '; } use V6evalTool; use IPSEC; %pktdesc = ( ### TBD ); $IF = Link0; #----- check NUT type ipsecCheckNUT(host); #----- set SAD,SPD vLogHTML("*** Target initialization phase ***
"); ipsecClearAll(); ## HOST1 vs NUT ipsecSetSAD( "src=$IPSEC::IPsecAddr{IPSEC_NUT_NET3_ADDR}" , "dst=$IPSEC::IPsecAddr{IPSEC_HOST1_NET5_ADDR}" , "spi=0x1000" , "mode=transport" , "protocol=esp" , "ealgo=null" , "eauth=hmac-sha1" , "eauthkey=0123456789ABCDEF0123" ); ipsecSetSPD( "src=$IPSEC::IPsecAddr{IPSEC_NUT_NET3_ADDR}" , "dst=$IPSEC::IPsecAddr{IPSEC_HOST1_NET5_ADDR}" , "upperspec=any" , "direction=out" , "protocol=esp" , "mode=transport" , ); #====================================================================== vLogHTML("*** Target testing phase ***
"); #----- start capturing vCapture($IF); # ping TN(Host1) <-> NUT ($stat, %ret) = ipsecPing2NUT($IF, 'echo_request_from_host1', 'echo_reply_to_host1_esp'); if ($stat ne 'GOT_REPLY') { vLogHTML("TN received no echo reply from NUT to HOST1.
"); ipsecExitFail(); } vLogHTML("TN received echo reply from NUT to HOST1.
"); ipsecExitPass(); ###################################################################### __END__ =head1 NAME HTR_E_Out_null_hmacsha1 - Host Transport Mode ESP Outbound NULL with HMAC-SHA1 authentication =head1 TARGET Host =head1 SYNOPSIS =begin html 
  HTR_E_Out_null_hmacsha1.seq [-tooloption ...] -pkt HTR_E_null_hmacsha1.def
    -tooloption : v6eval tool option
  See also HTR_E_common.def and HTR_common.def
=end html =head1 INITIALIZATION =begin html

For details of Network Topology, see 00README

Set NUT's SAD and SPD as following: 

              NET5      NET3
    HOST1_NET5 -- Router -- NUT
         <----transport------

Security Association Database (SAD)

source address NUT_NET3
destination address HOST1_NET5
SPI 0x1000
mode transport
protocol ESP
ESP algorithm NULL
ESP authentication HMAC-SHA1
ESP authentication key 0123456789ABCDEF0123

Security Policy Database (SPD)

source address NUT_NET3
destination address HOST1_NET5
upper spec any
direction out
protocol ESP
mode transport
=end html =head1 TEST PROCEDURE =begin html 
 Tester                      Target
   |                           |
   |-------------------------->|
   |      ICMP Echo Request    |
   |                           |
   |<--------------------------|
   |      ICMP Echo Reply      |
   |        (with ESP)         |
   |                           |
   v                           v
  1. Send ICMP Echo Request
  2. Receive ICMP Echo Reply with ESP

ICMP Echo Request

IP Header Source Address HOST1_NET5
Destination Address NUT_NET3
ICMP Type 128 (Echo Request)

ICMP Echo Reply with ESP

IP Header Source Address NUT_NET3
Destination Address HOST1_NET5
ESP SPI 0x1000
Algorithm NULL
Authentication Algorithm HMAC-SHA1
Authentication Key 0123456789ABCDEF0123
ICMP Type 129 (Echo Reply)
=end html =head1 JUDGEMENT PASS: ICMP Echo Reply with ESP received =head1 SEE ALSO perldoc V6evalTool =begin html 
  IPSEC.html IPsec Test Common Utility
=cut