#!/usr/bin/perl # #Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Yokogawa Electric Corporation. #All rights reserved. # #Redistribution and use of this software in source and binary #forms, with or without modification, are permitted provided that #the following conditions and disclaimer are agreed and accepted #by the user: # #1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # #2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with # the distribution. # #3. Neither the names of the copyrighters, the name of the project # which is related to this software (hereinafter referred to as # "project") nor the names of the contributors may be used to # endorse or promote products derived from this software without # specific prior written permission. # #4. No merchantable use may be permitted without prior written # notification to the copyrighters. # #5. The copyrighters, the project and the contributors may prohibit # the use of this software at any time. # #THIS SOFTWARE IS PROVIDED BY THE COPYRIGHTERS, THE PROJECT AND #CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING #BUT NOT LIMITED THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS #FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. IN NO EVENT SHALL THE #COPYRIGHTERS, THE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, #INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES #(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR #SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) #HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, #STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING #IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE #POSSIBILITY OF SUCH DAMAGE. # #$Id: C_RFC3315_21.5.3_ReconfigAuthSolRep.seq,v 1.2 2006/03/22 05:49:31 mnaoki Exp $ ############################################################################### BEGIN { $V6evalTool::TestVersion = '$Name: DHCPv6_1_0 $'; push(@INC, '..'); } use strict; use V6evalTool; use DHCPv6_common; use Client_pktdesc; dhcpExitNS if ChkFuncSupport('AUTHENTICATION'); dhcpExitNS if ChkFuncSupport('RECONFIGURE_AUTH'); #--------------------------------------------------------------# # Initialization variables #--------------------------------------------------------------# vLogHTML('==== NUT Initialization ====
'); # Configure authentication parametor vLogHTML("Authentication Information
"); my $auth_realm = "DHCPv6.TEST.EXAMPLE.COM"; my $hex_auth_realm = Ascii2Hex($auth_realm); my $auth_key_id = "1"; my $auth_sharedsecretkey = "TAHITEST_VALID12"; vLogHTML("  REALM: $auth_realm
"); vLogHTML("  Key ID: $auth_key_id
"); vLogHTML("  Shared Secret Key: $auth_sharedsecretkey"); my $SHARED_SECRET_KEY_TYPE = ChkConfig('SHARED_SECRET_KEY_TYPE'); my $enc_auth_sharedsecretkey = SharedSecretKeyCheck($SHARED_SECRET_KEY_TYPE, $auth_sharedsecretkey); vLogHTML("  Device's Key Type: $SHARED_SECRET_KEY_TYPE, Encoded value: $enc_auth_sharedsecretkey
"); my $IF0_NUT = $V6evalTool::NutDef{"Link0_device"}; my $IF0 = "Link0"; #------------------------------------------------------------------- vLogHTML('DHCP Client-Initiated Configuration Exchange using Delayed Authentication Protocol
'); #------------------------------------------------------------------- #--------------------------------------------------------------# # Initialize DHCPv6 Client #--------------------------------------------------------------# # my $ret = vRemote("dhcp6c.rmt", "start", "authentication=delayed", "auth_realm=$auth_realm", "auth_keyid=$auth_key_id", "auth_sharedsecretkey=$enc_auth_sharedsecretkey", "link0=$IF0_NUT"); # if($ret != 0){ # vLogHTML('Cannot Initialize DHCPv6 Client program.
'); # dhcpExitFail; # }; vCapture($IF0); my $cpp = undef; #--------------------------------------------------------------# #1. Wait until Solicit arrives #--------------------------------------------------------------# # This is requried when Authentication option is used, otherwise not required. $AUTH_OPTION_REQUIRED = $TRUE; my ($retsol,%sol) = wait_for_solicit($IF0,30) ; if($retsol != 0){ dhcpExitFail("Can't receive correct DHCPv6 Solicit message"); } vClear($IF0); # check options in Solicit Message if (0 != options_exist(\%sol, ($CMP_CID|$CMP_RECONF_ACCEPT|$CMP_RAPIDCOMMIT))){ dhcpExitError("Do not include necessary options!"); } #--------------------------------------------------------------# #2. send Reply message #--------------------------------------------------------------# my $auth_counter = '0000000000000001'; $SID_OPTION = "opt_SID_LLT_server1"; $IA_NA_OPTION = "opt_IA_NA"; $ReconfigureAccept_OPTION = "opt_ReconfigureAccept"; $Authentication_OPTION = "opt_Auth"; $RapidCommit_OPTION = "opt_RapidCommit"; $cpp = "-DAUTH_INFO=auth_type_key "; $cpp .= "-DAUTH_PROTO=3 "; $cpp .= "-DAUTH_COUNTER=hexstr\\$\\\"$auth_counter\\\",8\\$ "; $cpp .= "-DAUTH_KEY_VALUE=\\\"$auth_sharedsecretkey\\\" "; my ($retrep, %rep) = send_reply($IF0, "reply_server1_to_nut", \%sol, $cpp); if($retrep !=0){ dhcpExitFail; } #--------------------------------------------------------------# #3. send Reconfigure message #--------------------------------------------------------------# clear_options(); $auth_counter = '0000000000000002'; $ReconfigureMessage_OPTION = "opt_ReconfigureMessage"; $Authentication_OPTION = "opt_Auth"; $IA_NA_OPTION = "opt_IA_NA"; $OptionRequest_OPTION = "opt_OptionRequest_IA_NA"; $CID_OPTION = "opt_CID_LLT_client1"; $SID_OPTION = "opt_SID_LLT_server1"; $cpp = "-DAUTH_INFO=auth_type_hmac "; $cpp .= "-DAUTH_PROTO=3 "; $cpp .= "-DAUTH_COUNTER=hexstr\\$\\\"$auth_counter\\\",8\\$ "; $cpp .= "-DAUTH_KEY_VALUE=\\\"$auth_sharedsecretkey\\\" "; my ($retrec, %rec) = send_reconfigure($IF0, "reconfigure_server1_to_nut",undef,$cpp); if($retrec !=0){ dhcpExitFail; } #--------------------------------------------------------------# #4. wait for Renew message #--------------------------------------------------------------# my ($retren, %ren) = wait_for_renew($IF0, 30); if ($retren != 0) { dhcpExitFail("Can't receive correct DHCPv6 Renew message"); }; vClear($IF0); # check options in Renew Message if (0 != options_exist(\%ren, ($CMP_IA_NA|$CMP_CID|$CMP_SID|$CMP_ORO))){ dhcpExitError("Do not include necessary options!"); } if (0 != compare_options(\%rec, \%ren, ($CMP_SID|$CMP_CID))){ dhcpExitError("The server ID option in Renew Msg is error!"); } #------------------------------------------------------------------- vLogHTML('Solicit/Reply with Reconfigure Authentication Protocol is correct
'); #------------------------------------------------------------------- dhcpExitPass; ############################################################################### __END__ =head1 NAME C_RFC3315_21.5.3_ReconfigAuthSolRep.seq - Solicit/Reply with Reconfigure Authentication Protocol =head1 TARGET Client =head1 SYNOPSIS =begin html

   C_RFC3315_21.5.3_ReconfigAuthSolRep.seq [-tooloption...] -pkt   C_RFC3315_21.5.3_ReconfigAuthSolRep.def -tooloption : v6eval tool option


  See Also  DHCPv6.def

=end html =head1 INITIALIZATION =begin html

Network Topology

          NUT(Client)
          |           
          |                        
Link0   --+--------+------------------------ 3ffe:501:ffff:101::/64
                   |
                   |          
                   TN(Server)

Verification Points

   The client will receive a Reconfigure Key from the server in the
   initial Reply message from the server.  The client records the
   Reconfigure Key for use in authenticating subsequent Reconfigure
   messages.
   

   To authenticate a Reconfigure message, the client computes an
   HMAC-MD5 over the DHCP Reconfigure message, using the Reconfigure Key
   received from the server.  If this computed HMAC-MD5 matches the
   value in the Authentication option, the client accepts the
   Reconfigure message.

Configurations

    Enable Reconfigure Key Authenticaion Protocol Service
    

    
    
    Device Name
    Device Type
    Interface
    Assigned Prefix
    Link Local Addr
    MAC Addr
    
    
    Client
    NUT
    Link0
    3ffe:501:ffff:101::/64
    NUT's Linklocal address
    NUT's MAC address
    
    
    Server
    TN
    Link0
    3ffe:501:ffff:101::/64
    fe80::200:ff:fe00:a1a1
    00:00:00:00:a1:a1

=end html =head1 TEST PROCEDURE =begin html



       NUT     TN
        |       | 
        |       | Initialize NUT (as a DHCPv6 client)
        |       | 
        | ----> | Solicit w/Rapid Commit Option w/Authentication Accept Option(*1)
        | <---- | Reply with Authentication Option
        |       | 
        |       | Host address prefix is changed from 3ffe:501:ffff:100:: to 3ffe:501:ffff:200:: 
        |       | Reload server configuration 
        |       | 
        | <---- | Reconfigure with comptuted Authentication(w/Authentication Option)
        |       | w/Option Request Option(IA_NA) w/IA_NA w/Reconfigure Message Option(msg-type=5) 
        |       | 
        | ----> | Renew w/Option Request Option(IA_NA) w/IA_NA (*4)
        |       |

=end html =head1 JUDGEMENT =begin html

 (*1) PASS: TN receive Solicit message with Authenticaion Accept option and Rapid Commit Option
 (*4) PASS: TN receive Renew message with Option Request Option(IA_NA) and IA_NA Option.

=end html =head1 TERMINATION =begin html

N/A

=end html =head1 REFERENCE =begin html

   see also RFC3315
   19.4.2. Creation and Transmission of Renew Messages
   21.5. Reconfigure Key Authentication Protocol
   21.5.3. Client considerations for Reconfigure Key protocol

=end html =head1 SEE ALSO =begin html



  perldoc  V6evalTool

=end html

`Device Name`	`Device Type`	`Interface`	`Assigned Prefix`	`Link Local Addr`	`MAC Addr`
`Client`	`NUT`	`Link0`	`3ffe:501:ffff:101::/64`	`NUT's Linklocal address`	`NUT's MAC address`
`Server`	`TN`	`Link0`	`3ffe:501:ffff:101::/64`	`fe80::200:ff:fe00:a1a1`	`00:00:00:00:a1:a1`