#!/usr/bin/perl # # Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Yokogawa Electric Corporation. # All rights reserved. # # Redistribution and use of this software in source and binary # forms, with or without modification, are permitted provided that # the following conditions and disclaimer are agreed and accepted # by the user: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with # the distribution. # # 3. Neither the names of the copyrighters, the name of the project # which is related to this software (hereinafter referred to as # "project") nor the names of the contributors may be used to # endorse or promote products derived from this software without # specific prior written permission. # # 4. No merchantable use may be permitted without prior written # notification to the copyrighters. # # 5. The copyrighters, the project and the contributors may prohibit # the use of this software at any time. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHTERS, THE PROJECT AND # CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING # BUT NOT LIMITED THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. IN NO EVENT SHALL THE # COPYRIGHTERS, THE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, # INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR # SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING # IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # $TAHI: ct-dhcpv6/dhcpv6.tahi/auth/S_RFC3315_21.4.5.2_RebindReplyInvalid.seq,v 1.8 2006/03/14 01:16:33 mnaoki Exp $ ######################################################################## BEGIN { $V6evalTool::TestVersion = '$Name: DHCPv6_1_0 $'; push(@INC, '..'); } use strict; use V6evalTool; use DHCPv6_common; use Server_pktdesc; dhcpExitNS if ChkFuncSupport('AUTHENTICATION'); #--------------------------------------------------------------# # Initialization #--------------------------------------------------------------# vLogHTML('==== NUT Initialization ====
'); my $IF0 = "Link0"; #initial NUT config parameters, # Configure authentication parametor vLogHTML("Authentication Information
"); my $auth_realm = "DHCPv6.TEST.EXAMPLE.COM"; my $hex_auth_realm = Ascii2Hex($auth_realm); my $auth_key_id = "1"; my $auth_sharedsecretkey = "TAHITEST_VALID12"; vLogHTML("  REALM: $auth_realm
"); vLogHTML("  Key ID: $auth_key_id
"); vLogHTML("  Shared Secret Key: $auth_sharedsecretkey"); my $SHARED_SECRET_KEY_TYPE = ChkConfig('SHARED_SECRET_KEY_TYPE'); my $enc_auth_sharedsecretkey = SharedSecretKeyCheck($SHARED_SECRET_KEY_TYPE, $auth_sharedsecretkey); vLogHTML("  Device's Key Type: $SHARED_SECRET_KEY_TYPE, Encoded value: $enc_auth_sharedsecretkey
"); my %NUT_Server_Config = ( 'if_nut0'=> "$V6evalTool::NutDef{Link0_device}", 'init_opcode' => "vRemote(\"dhcp6s.rmt\", \"start\" , \"authentication=delayed\", \"auth_realm=$auth_realm\", \"auth_keyid=$auth_key_id\", \"auth_sharedsecretkey=$enc_auth_sharedsecretkey\", \"link0=$V6evalTool::NutDef{Link0_device}\",\"startaddr=3ffe:ffff:100::10\",\"endaddr=3ffe:ffff:100::11\")", ); dhcpSvrInit(\%NUT_Server_Config); #--------------------------------------------------------------# # Main Procedure #--------------------------------------------------------------# vLogHTML('==== DHCP Client-Initiated Configuration Exchange using Delayed Authentication Protocol ====
'); my $cpp = undef; # This is requried when Authentication option is used, otherwise not required. $AUTH_OPTION_REQUIRED = $TRUE; # 1. send DHCPv6 Solicit Message $CID_OPTION = "opt_CID_LLT_client1"; $IA_NA_OPTION = "opt_IA_NA"; $Authentication_OPTION = "opt_Auth"; $cpp = "-DAUTH_COUNTER=hexstr\\$\\\"0000000000000000\\\",8\\$ "; $cpp .= "-DNO_AUTH_INFO "; my ($ret1, %sol1) = send_solicit($IF0, "solicit_client1_to_alldhcp", $cpp); if (0 != $ret1){ dhcpExitFail(); } # 2.wait for DHCPv6 Advertise Message my ($ret2, %adv2) = wait_for_advertise($IF0, 5); if (0 != $ret2){ dhcpExitFail("Can't receive correct DHCPv6 Advertise message"); } # check options in Advertise Message if (0 != options_exist(\%adv2, ($CMP_CID|$CMP_SID|$CMP_AUTH))){ dhcpExitError("Do not include necessary options!"); } # compare Options if (0 != compare_options(\%sol1, \%adv2, ($CMP_CID|$CMP_TRANS_ID))){ dhcpExitError("Option Error"); } # Increment replay detection field (64bit) my $auth_counter = undef; $auth_counter = ReplayDetectCounter($adv2{'Recv_ReplayDetection'}); # 3.send DHCPv6 Request Message $CID_OPTION = "opt_CID_LLT_client1"; $IA_NA_OPTION = "opt_IA_NA"; $SID_OPTION = "opt_SID_ANY"; $Authentication_OPTION = "opt_Auth"; $cpp = "-DAUTH_COUNTER=hexstr\\$\\\"$auth_counter\\\",8\\$ "; $cpp .= "-DAUTH_REALM=hexstr\\$\\\"$hex_auth_realm\\\"\\$ "; $cpp .= "-DAUTH_KEY_ID=$auth_key_id "; $cpp .= "-DAUTH_KEY_VALUE=\\\"$auth_sharedsecretkey\\\" "; my ($ret3, %req3) = send_request($IF0, "request_client1_to_alldhcp", \%adv2, $cpp); if (0 != $ret3) { dhcpExitFail(); } # 4.wait for DHCPv6 Reply Message my ($ret4, %rep4) = wait_for_reply($IF0, 5); if (0 != $ret4){ dhcpExitFail("Can't receive correct DHCPv6 Reply message"); } # check options in Reply Message if (0 != options_exist(\%rep4, ($CMP_IA_NA|$CMP_CID|$CMP_SID|$CMP_AUTH))){ dhcpExitError("Do not include necessary options!"); } # compare Client ID Options if (0 != compare_options(\%req3, \%rep4, ( $CMP_CID|$CMP_TRANS_ID))){ dhcpExitError("The client ID option in Reply Msg is error!"); } # Increment replay detection field (64bit) $auth_counter = undef; $auth_counter = ReplayDetectCounter($rep4{'Recv_ReplayDetection'}); # 5.send DHCPv6 Rebind Message (INVARID KEY ID) $auth_key_id = "2"; $CID_OPTION = "opt_CID_LLT_client1"; $IA_NA_OPTION = "opt_IA_NA_Addr_woStatus"; $SID_OPTION = undef; $Authentication_OPTION = "opt_Auth"; $cpp = "-DAUTH_COUNTER=hexstr\\$\\\"$auth_counter\\\",8\\$ "; $cpp .= "-DAUTH_REALM=hexstr\\$\\\"$hex_auth_realm\\\"\\$ "; $cpp .= "-DAUTH_KEY_ID=$auth_key_id "; $cpp .= "-DAUTH_KEY_VALUE=\\\"$auth_sharedsecretkey\\\" "; my ($ret5, %rebind5) = send_rebind($IF0, "rebind_client1_to_alldhcp", \%rep4, $cpp); if (0 != $ret5) { dhcpExitFail(); } # 6.wait for DHCPv6 Reply Message my ($ret6, %rep6) = wait_for_reply($IF0, 5); if (0 == $ret6) { dhcpExitFail("Can't receive correct DHCPv6 Reply message"); } #------------------------------------------------------------------- vLogHTML('Message validation test is correct
'); #------------------------------------------------------------------- dhcpExitPass; #NOTREACHED ######################################################################## __END__ =head1 NAME S_RFC3315_21.4.5.2_RebindReplyInvalid.seq - Receiving invalid rebind message and discard =head1 TARGET Server =head1 SYNOPSIS =begin html

  S_RFC3315_21.4.5.2_RebindReplyInvalid.seq [-tooloption ...]
  -pkt S_RFC3315_21.4.5.2_RebindReplyInvalid.def 
  -tooloption: v6eval tool option. See also DHCPv6.def

=head1 INITIALIZATION =begin html

Network Topology

          TN(Client1)  
             |
Link0 -------+-----------+--------------- 3ffe:501:ffff:100::/64
                         |
                       NUT(Server1)

Verification Points

  The server uses the key identified in the message and validates the
  message as specified in section 21.4.2.  If the message fails to pass
  the validation test or the server does not know the key identified by
  the 'key ID' field, the server MUST discard the message and MAY
  choose to log the validation failure.

Configuration

DHCP realm: DHCPv6.TEST.EXAMPLE.COM
Client DUID: 00:01:00:01:00:04:93:e0:00:00:00:00:a2:a2
Key id: 1
Shared secret key: TAHITEST_VALID12

Device Name Device Type I/F Assigned Prefix Link Local Addr MAC Addr

Server1 NUT Link0 3ffe:501:ffff:100::/64 NUT's Linklocal address NUT's MAC address

Client1 TN Link0 3ffe:501:ffff:100::/64 fe80::200:ff:fe00:a2a2 00:00:00:00:a2:a2

=end html =head1 TEST PROCEDURE =begin html

       NUT     TN
        |       | 
        |       | initialize NUT (as a DHCPv6 Server)
        |       | 
        | <---- | Solicit w/ Authtication Option
        | ----> | Advertise w/ Authtication Option
        | <---- | Request w/ Authtication Option
        | ----> | Reply w/ Authtication Option
        |       | 
        | <---- | Rebind (w/ Authentication Option key id = 2)
        | --->X | No Reply (w/ Authentication Optin that includes Authentication information) (*1)
        |       |

=end html =head1 JUDGEMENT =begin html

  (*1) PASS: If NUT received Rebind message, the message faild the validation test,
             the NUT MUST discard the message.

=end html =head1 TERMINATION N/A =head1 REFERENCE =begin html

  see also RFC3315
  21.4.5 Server Considerations for Delayed Authentication protocol
  21.4.5.2. Receiving Request, Confirm, Renew, Rebind or Release Messages
         and Sending Reply Messages
  22.11 Authentication Option

=end html =head1 SEE ALSO perldoc V6evalTool =cut

`Device Name`	`Device Type`	`I/F`	`Assigned Prefix`	`Link Local Addr`	`MAC Addr`
`Server1`	`NUT`	`Link0`	`3ffe:501:ffff:100::/64`	`NUT's Linklocal address`	`NUT's MAC address`
`Client1`	`TN`	`Link0`	`3ffe:501:ffff:100::/64`	`fe80::200:ff:fe00:a2a2`	`00:00:00:00:a2:a2`