NAME

  S_RFC3315_21.4.1_DelayedAuthProto.seq - Checking Delayed Authentication Protocol for Server

TARGET

  Server

SYNOPSIS

  S_RFC3315_21.4.1_DelayedAuthProto.seq [-tooloption ...]
  -pkt S_RFC3315_21.4.1_DelayedAuthProto.def
  -tooloption: v6eval tool option. See also DHCPv6.def

INITIALIZATION

Network Topology

          TN(Client1)  
             |
Link0 -------+-----------+--------------- 3ffe:501:ffff:100::/64
                         |
                       NUT(Server1)

Verification Points

  To validate an incoming message, the receiver first checks that the
  value in the replay detection field is acceptable according to the
  replay detection method specified by the RDM field.  Next, the
  receiver computes the MAC as described in [8].  The entire DHCP
  message (setting the MAC field of the authentication option to 0) is
  used as input to the HMAC-MD5 computation function.  If the MAC
  computed by the receiver does not match the MAC contained in the
  authentication option, the receiver MUST discard the DHCP message.
  

  After receiving a Solicit message that contains an Authentication
  option, the server selects a key for the client, based on the
  client's DUID and key selection policies with which the server has
  been configured.  The server identifies the selected key in the
  Advertise message and uses the key to validate subsequent messages
  between the client and the server.
  

  If the message passes the validation test, the server responds to the
  specific message as described in section 18.2.  The server MUST
  include authentication information generated using the key identified
  in the received message, as specified in section 21.4.

Configuration

DHCP realm: DHCPv6.TEST.EXAMPLE.COM
Client DUID: 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2
Key id: 1
Shared secret key: TAHITEST_VALID12

Device Name Device Type I/F Assigned Prefix Link Local Addr MAC Addr

Server1 NUT Link0 3ffe:501:ffff:100::/64 NUT's Linklocal address NUT's MAC address

Client1 TN Link0 3ffe:501:ffff:100::/64 fe80::200:ff:fe00:a2a2 00:00:00:00:a2:a2

TEST PROCEDURE

       NUT     TN
        |       | 
        |       | initialize NUT (as a DHCPv6 Server)
        |       | 
        | <---- | Solicit w/ Authtication Option
        | ----> | Advertise w/ Authtication Option
        | <---- | Request w/ Authtication Option
        | ----> | Reply(*1) w/ Authtication Option
        |       |

JUDGEMENT

(*1) PASS:The Solicit & Advertise & Request message must exchanged correctly. 
	  NUT will respond with Reply message. The Reply message must include 
	  Server ID option, Client ID and Authentication option, and check its
          'msg-type' and 'transaction ID' OK.

TERMINATION

N/A

REFERENCE

   see also RFC3315
   21.4.5 Server Considerations for Delayed Authentication protocol
   22.11 Authentication Option

`Device Name`	`Device Type`	`I/F`	`Assigned Prefix`	`Link Local Addr`	`MAC Addr`
`Server1`	`NUT`	`Link0`	`3ffe:501:ffff:100::/64`	`NUT's Linklocal address`	`NUT's MAC address`
`Client1`	`TN`	`Link0`	`3ffe:501:ffff:100::/64`	`fe80::200:ff:fe00:a2a2`	`00:00:00:00:a2:a2`