NAME

  S_RFC3315_21.5.1_ReconfigAuthProto - Checking Reconfigure Authentication Protocol for Server

TARGET

  Server

SYNOPSIS

 S_RFC3315_21.5.1_ReconfigAuthProto.seq [-tooloption ...] -pkt S_RFC3315_21.5.1_ReconfigAuthProto.def  -tooloption: v6eval tool option
See Also  DHCPv6.def

INITIALIZATION

Network Topology

          TN(Client1)  
             |
Link0 -------+-----------+--------------- 3ffe:501:ffff:100::/64
                         |
                       NUT(Server1)

Verification Points

   The server selects a Reconfigure Key for a client during the
   Request/Reply, Solicit/Reply or Information-request/Reply message
   exchange.  The server records the Reconfigure Key and transmits that
   key to the client in an Authentication option in the Reply message.
   

   To provide authentication for a Reconfigure message, the server
   selects a replay detection value according to the RDM selected by the
   server, and computes an HMAC-MD5 of the Reconfigure message using the
   Reconfigure Key for the client. 
   

   The server computes the HMAC-MD5 over the entire DHCP Reconfigure message,
   including the Authentication option; the HMAC-MD5 field in the Authentication
   option is set to zero for the HMAC-MD5 computation.  The server
   includes the HMAC-MD5 in the authentication information field in an
   Authentication option included in the Reconfigure message sent to the
   client.

Configuration

Enable Reconfigure Authenticaion Protocol Service

Device Name Device Type I/F Assigned Prefix Link Local Addr MAC Addr Op1 Op2

Server1 NUT Link0 3ffe:501:ffff:100::/64 NUT's Linklocal address NUT's MAC address N/A N/A

Client1 TN Link0 3ffe:501:ffff:100::/64 fe80::200:ff:fe00:a2a2 00:00:00:00:a2:a2 N/A Yes

   Op1: Server ID Option
   Op2: Client ID Option

TEST PROCEDURE

       NUT     TN
        |       | 
        |       | Initialize NUT (as a DHCPv6 Server)
        |       | 
        | <---- | Solicit  
        | ----> | Advertise
        | <---- | Request with Authentication Accept Option  
        | ----> | Reply with Authentication Option (*1)
        |       | 
        |       | Host address prefix is changed from 3ffe:501:ffff:100:: to 3ffe:501:ffff:200:: 
        |       | Reload server configuration 
        |       | 
        | ----> | Reconfigure with comptuted Authentication(w/Authentication Option) (*2)
        |       | w/Option Request Option(IA_NA) w/IA_NA w/Reconfigure Message Option(msg-type=5) 
        |       | 
        | <---- | Renew w/Option Request Option(IA_NA) w/IA_NA
        |       | 
        | ----> | Reply w/IA_NA w/IA_Address (*3)
        |       |

JUDGEMENT

(*1) PASS: TN receive Reply message with Authenticaion option including key-ID. (*2) PASS: TN receive Reconfigure message with Authentication option. (*3) PASS: TN receive Reply message including updated IA_NA option.

TERMINATION

N/A

REFERENCE

   see also RFC3315
   19.1.1. Creation and Transmission of Reconfigure Messages
   21.5. Reconfigure Key Authentication Protocol
   21.5.1. Use of the Authentication Option in the Reconfigure Key
        Authentication Protocol

`Device Name`	`Device Type`	`I/F`	`Assigned Prefix`	`Link Local Addr`	`MAC Addr`	`Op1`	`Op2`
`Server1`	`NUT`	`Link0`	`3ffe:501:ffff:100::/64`	`NUT's Linklocal address`	`NUT's MAC address`	`N/A`	`N/A`
`Client1`	`TN`	`Link0`	`3ffe:501:ffff:100::/64`	`fe80::200:ff:fe00:a2a2`	`00:00:00:00:a2:a2`	`N/A`	`Yes`