#!/usr/bin/perl
#
# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006 Yokogawa Electric Corporation.
# All rights reserved.
#
# Redistribution and use of this software in source and binary
# forms, with or without modification, are permitted provided that
# the following conditions and disclaimer are agreed and accepted
# by the user:
#
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with
# the distribution.
#
# 3. Neither the names of the copyrighters, the name of the project
# which is related to this software (hereinafter referred to as
# "project") nor the names of the contributors may be used to
# endorse or promote products derived from this software without
# specific prior written permission.
#
# 4. No merchantable use may be permitted without prior written
# notification to the copyrighters.
#
# 5. The copyrighters, the project and the contributors may prohibit
# the use of this software at any time.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHTERS, THE PROJECT AND
# CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING
# BUT NOT LIMITED THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHTERS, THE PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
# IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# $TAHI: ct-dhcpv6/dhcpv6.tahi/auth/S_RFC3315_21.5.1_ReconfigAuthProto.seq,v 1.12 2006/03/22 05:49:32 mnaoki Exp $
########################################################################
BEGIN { $V6evalTool::TestVersion = '$Name: DHCPv6_1_0 $';
}
use strict;
use V6evalTool;
use DHCPv6_common;
use Server_pktdesc;
dhcpExitNS if ChkFuncSupport('AUTHENTICATION');
dhcpExitNS if ChkFuncSupport('RECONFIGURE_AUTH');
#--------------------------------------------------------------#
# Initialization
#--------------------------------------------------------------#
vLogHTML('==== NUT Initialization ====
');
my $IF0 = "Link0";
#initial NUT config parameters,
# Configure authentication parametor
vLogHTML("Authentication Information
");
my $auth_realm = "DHCPv6.TEST.EXAMPLE.COM";
my $hex_auth_realm = Ascii2Hex($auth_realm);
my $auth_key_id = "1";
my $auth_sharedsecretkey = "TAHITEST_VALID12";
vLogHTML(" REALM: $auth_realm
");
vLogHTML(" Key ID: $auth_key_id
");
vLogHTML(" Shared Secret Key: $auth_sharedsecretkey");
my $SHARED_SECRET_KEY_TYPE = ChkConfig('SHARED_SECRET_KEY_TYPE');
my $enc_auth_sharedsecretkey = SharedSecretKeyCheck($SHARED_SECRET_KEY_TYPE, $auth_sharedsecretkey);
vLogHTML(" Device's Key Type: $SHARED_SECRET_KEY_TYPE, Encoded value: $enc_auth_sharedsecretkey
");
my %NUT_Server_Config = (
'if_nut0'=> "$V6evalTool::NutDef{Link0_device}",
'init_opcode' => "vRemote(".
"\"dhcp6s.rmt\", ".
"\"start\" , ".
"\"authentication=reconfigure\", ".
"\"auth_realm=$auth_realm\", ".
"\"auth_keyid=$auth_key_id\", ".
"\"auth_sharedsecretkey=$enc_auth_sharedsecretkey\", ".
"\"link0=$V6evalTool::NutDef{Link0_device}\",".
"\"startaddr=3ffe:ffff:100::10\",".
"\"endaddr=3ffe:ffff:100::11\")",
);
dhcpSvrInit(\%NUT_Server_Config);
#--------------------------------------------------------------#
# Main Procedure
#--------------------------------------------------------------#
vLogHTML('==== DHCP Client-Initiated Configuration Exchange using Reconfigure Key Authentication Protocol ====
');
my $cpp = undef;
# 1. send DHCPv6 Solicit Message
$CID_OPTION = "opt_CID_LLT_client1";
$IA_NA_OPTION = "opt_IA_NA";
#$ReconfigureAccept_OPTION = "opt_ReconfigureAccept";
my ($ret1, %sol1) = send_solicit($IF0, "solicit_client1_to_alldhcp", "");
if (0 != $ret1){
dhcpExitFail();
}
# 2.wait for DHCPv6 Advertise Message
my ($ret2, %adv2) = wait_for_advertise($IF0, 5);
if (0 != $ret2){
dhcpExitFail("Can't receive correct DHCPv6 Advertise message");
}
# check options in Advertise Message
#if (0 != options_exist(\%adv2, ($CMP_CID|$CMP_SID|$CMP_RECONF_ACCEPT))){
if (0 != options_exist(\%adv2, ($CMP_CID|$CMP_SID))){
dhcpExitError("Do not include necessary options!");
}
# compare Options
if (0 != compare_options(\%sol1, \%adv2, ($CMP_CID|$CMP_TRANS_ID))){
dhcpExitError("Option Error");
}
# 3.send DHCPv6 Request Message
$CID_OPTION = "opt_CID_LLT_client1";
$IA_NA_OPTION = "opt_IA_NA";
$SID_OPTION = "opt_SID_ANY";
$ReconfigureAccept_OPTION = "opt_ReconfigureAccept";
my ($ret3, %req3) = send_request($IF0, "request_client1_to_alldhcp", \%adv2, "");
if (0 != $ret3) {
dhcpExitFail();
}
# 4.wait for DHCPv6 Reply Message
my ($ret4, %rep4) = wait_for_reply($IF0, 5);
if (0 != $ret4){
dhcpExitFail("Can't receive correct DHCPv6 Reply message");
}
# check options in Reply Message
if (0 != options_exist(\%rep4, ($CMP_IA_NA|$CMP_CID|$CMP_SID|$CMP_RECONF_ACCEPT|$CMP_AUTH))){
dhcpExitError("Do not include necessary options!");
}
# compare Client ID Options
if (0 != compare_options(\%req3, \%rep4, ( $CMP_CID|$CMP_TRANS_ID))){
dhcpExitError("The client ID option in Reply Msg is error!");
}
#-----------------------------------------------------------------
vLogHTML('==== Server configuration is changed ====
');
#-----------------------------------------------------------------
%NUT_Server_Config = (
'if_nut0'=> "$V6evalTool::NutDef{Link0_device}",
'init_opcode' => "vRemote(\"dhcp6s.rmt\", \"restart\" , \"authentication=reconfigure\", \"auth_realm=$auth_realm\", \"auth_keyid=$auth_key_id\", \"auth_sharedsecretkey=$enc_auth_sharedsecretkey\", \"link0=$V6evalTool::NutDef{Link0_device}\",\"startaddr=3ffe:ffff:200::10\",\"endaddr=3ffe:ffff:200::20\")",
);
dhcpSvrInit(\%NUT_Server_Config);
# 6.wait for DHCPv6 Reconfigure Message
my ($ret6, %rec6) = wait_for_reconfigure($IF0, 5);
if (0 != $ret6) {
dhcpExitFail("Can't receive correct DHCPv6 Reconfigure message");
}
# check options in Reconfigure Message
if (0 != options_exist(\%rec6, ($CMP_CID|$CMP_SID|$CMP_RECONF_MSG|$CMP_AUTH|$CMP_ORO))){
dhcpExitError("Do not include necessary options!");
}
# compare Client ID Options
if (0 != compare_options(\%req3, \%rec6, ( $CMP_CID|$CMP_SID))){
dhcpExitError("The client ID option in Reply Msg is error!");
}
#check Authenticator
my $retauth = check_Auth_MD5(\%rec6,$auth_sharedsecretkey);
if($retauth != 0){
dhcpExitFail("Authenticator does not match");
}
my $msgtype = $rec6{"Frame_Ether.Packet_IPv6.Upp_UDP.Udp_DHCPv6_Reconfigure.Opt_DHCPv6_ReconfigureMessage.Type"};
clear_options();
$cpp = '';
my ($ret7, %ret7) = (undef,());
if($msgtype eq "5"){
#7. send Renew message
$IA_NA_OPTION = "opt_IA_NA";
$OptionRequest_OPTION = "opt_OptionRequest_IA_NA";
$CID_OPTION = "opt_CID_LLT_client1";
$SID_OPTION = "opt_SID_LLT_server1";
($ret7, %ret7) = send_renew($IF0, "renew_client1_to_nut", \%rec6, $cpp);
if (0 != $ret7) {
dhcpExitFail();
}
# }elsif($msgtype eq "11"){
# #7. send Infor-mation request message
# $OptionRequest_OPTION = "opt_OptionRequest_IA_NA";
# $CID_OPTION = "opt_CID_LLT_client1";
# $SID_OPTION = "opt_SID_LLT_server1";
# ($ret7, %ret7) = send_information_request($IF0, "information_request_client1_to_alldhcp", \%rec6, $cpp);
# if (0 != $ret7){
# dhcpExitFail();
# }
}else{
dhcpExitFail("Unexpected msg-type:$msgtype");
}
# 8. wait for DHCPv6 Reply Message
my ($ret8, %rep8) = wait_for_reply($IF0, 5);
if (0 != $ret2){
dhcpExitFail("Can't receive correct DHCPv6 Reply message");
}
# check options in Reply Message
if (0 != options_exist(\%rep8, ($CMP_CID|$CMP_SID|$CMP_IA_NA))){
dhcpExitError("Do not include necessary options!");
}
# compare Client ID Options
if (0 != compare_options(\%ret7, \%rep8, ( $CMP_CID|$CMP_TRANS_ID))){
dhcpExitError("The client ID option in Reply Msg is error!");
}
#
# XXXX Please refer S_RFC3315_BasicRenewRep.seq and S_RFC3315_BasicInfoReqRep.se
#
# TN sends Renew or Information-Request according to server sent Reconfigure message's msg-type field
# If msg-type is 5, TN send Renew message.
# If msg-type is 11, TN send Infor-mation request message.
#
#-------------------------------------------------------------------
vLogHTML('DHCP Client-Initiated Configuration Exchange using Reconfigure Key Authentication Protocol is coorect
');
#-------------------------------------------------------------------
dhcpExitPass();
#NOTREACHED
########################################################################
__END__
=head1 NAME
S_RFC3315_21.5.1_ReconfigAuthProto - Checking Reconfigure Authentication Protocol for Server
=head1 TARGET
Server
=head1 SYNOPSIS
=begin html
S_RFC3315_21.5.1_ReconfigAuthProto.seq [-tooloption ...] -pkt S_RFC3315_21.5.1_ReconfigAuthProto.def -tooloption: v6eval tool option
See Also DHCPv6.def
=head1 INITIALIZATION
=begin html
TN(Client1)
|
Link0 -------+-----------+--------------- 3ffe:501:ffff:100::/64
|
NUT(Server1)
The server selects a Reconfigure Key for a client during the
Request/Reply, Solicit/Reply or Information-request/Reply message
exchange. The server records the Reconfigure Key and transmits that
key to the client in an Authentication option in the Reply message.
To provide authentication for a Reconfigure message, the server
selects a replay detection value according to the RDM selected by the
server, and computes an HMAC-MD5 of the Reconfigure message using the
Reconfigure Key for the client.
The server computes the HMAC-MD5 over the entire DHCP Reconfigure message,
including the Authentication option; the HMAC-MD5 field in the Authentication
option is set to zero for the HMAC-MD5 computation. The server
includes the HMAC-MD5 in the authentication information field in an
Authentication option included in the Reconfigure message sent to the
client.
Enable Reconfigure Authenticaion Protocol Service
| Device Name |
Device Type |
I/F |
Assigned Prefix |
Link Local Addr |
MAC Addr |
Op1 |
Op2 |
| Server1 |
NUT |
Link0 |
3ffe:501:ffff:100::/64 |
NUT's Linklocal address |
NUT's MAC address |
N/A |
N/A |
| Client1 |
TN |
Link0 |
3ffe:501:ffff:100::/64 |
fe80::200:ff:fe00:a2a2 |
00:00:00:00:a2:a2 |
N/A |
Yes |
Op1: Server ID Option
Op2: Client ID Option
=end html
=head1 TEST PROCEDURE
=begin html
NUT TN
| |
| | Initialize NUT (as a DHCPv6 Server)
| |
| <---- | Solicit
| ----> | Advertise
| <---- | Request with Authentication Accept Option
| ----> | Reply with Authentication Option (*1)
| |
| | Host address prefix is changed from 3ffe:501:ffff:100:: to 3ffe:501:ffff:200::
| | Reload server configuration
| |
| ----> | Reconfigure with comptuted Authentication(w/Authentication Option) (*2)
| | w/Option Request Option(IA_NA) w/IA_NA w/Reconfigure Message Option(msg-type=5)
| |
| <---- | Renew w/Option Request Option(IA_NA) w/IA_NA
| |
| ----> | Reply w/IA_NA w/IA_Address (*3)
| |
=end html
=head1 JUDGEMENT
(*1) PASS: TN receive Reply message with Authenticaion option including key-ID.
(*2) PASS: TN receive Reconfigure message with Authentication option.
(*3) PASS: TN receive Reply message including updated IA_NA option.
=head1 TERMINATION
N/A
=head1 REFERENCE
=begin html
see also RFC3315
19.1.1. Creation and Transmission of Reconfigure Messages
21.5. Reconfigure Key Authentication Protocol
21.5.1. Use of the Authentication Option in the Reconfigure Key
Authentication Protocol
=end html
=head1 SEE ALSO
perldoc V6evalTool
=cut