IPv6 Conformance Test For IKE(Aggressive mode)

Tool Version :REL_3_0_8
Test Program Version :V6PC_IKE_1_0_3
Start:2006/03/17 22:17:19
End :2006/03/18 02:30:35
No.Title ResultLogScriptPacketDump
(bin)

Initialize




1InitializationPASSXXXLink0

Initiator Test





1 Phase I





1.1 Aggressive mode





1.1.1 pre-shared key





1.1.1.1 Sending the first message





1.1.1.1.1 Position of payload




2Position of payload ***PASSXXXLink0

1.1.1.1.2 ISAKMP Header




3ISAKMP Header Format ***PASSXXXLink0

1.1.1.1.3 Security Association Payload




4SA Payload Format ***PASSXXXLink0

1.1.1.1.4 Proposal Payload




5Proposal Payload Format ***PASSXXXLink0

1.1.1.1.5 Transform Payload





1.1.1.1.5.1 Transform Payload Format check




6Transform Payload Format ***PASSXXXLink0
7Transform Payload Format(Multiple Transform Payload) ***Not yet supportedXXXLink0

1.1.1.1.5.2 Transform Payload SA Attributes check




8Attributes include MD5 ***Not yet supportedXXXLink0
9Attributes include SHA ***PASSXXXLink0
10Attributes include DES **Not yet supportedXXXLink0
11Attributes include 3DES **PASSXXXLink0
12Attributes include AES **Not yet supportedXXXLink0
13Attributes include PSK ***PASSXXXLink0
14Attributes include RSA sign **Not yet supportedXXXLink0
15Attributes include DH1 ***Not yet supportedXXXLink0
16Attributes include DH2 **PASSXXXLink0
17Attributes include DH5Not yet supportedXXXLink0
18Attributes include DH14Not yet supportedXXXLink0

1.1.1.1.6 Key Exchange Payload.




19Key Exchange Payload Format + DH1 ***Not yet supportedXXXLink0
20Key Exchange Payload Format + DH2 **PASSXXXLink0
21Key Exchange Payload Format + DH5Not yet supportedXXXLink0
22Key Exchange Payload Format + DH14Not yet supportedXXXLink0

1.1.1.1.7 Nonce Payload




23Nonce Payload Format ***PASSXXXLink0

1.1.1.1.8 Identification Payload




24Identification Payload Format ***PASSXXXLink0

1.1.1.2 Sending the third message





1.1.1.2.1 HASH Payload




25HASH Payload Format ***PASSXXXLink0

1.1.1.3 Implementation of Aggressive mode with pre-shared key




26Implementation of Aggressive mode with pre-shared key **PASSXXXLink0

1.1.2 RSA signature





1.1.2.1 Sending the first message





1.1.2.1.1 Certificate Request Payload




27Certificate Request Payload Format ***Not yet supportedXXXLink0

1.1.2.2 Sending the third message





1.1.2.2.1 Signature Payload




28Signature Payload Format ***Not yet supportedXXXLink0

1.1.2.2.2 Certificate Payload




29Certificate Payload Format ***Not yet supportedXXXLink0

1.1.2.3 Implementation of Aggressive Mode with RSA signatures




30Implementation of Aggressive Mode with RSA signatures **Not yet supportedXXXLink0

1.2 Payload Processing





1.2.1 General Message Processing




31Processing invalid ISAKMP Payload Length *PASSXXXLink0

1.2.2 ISKAMP Header Processing




32Processing invalid Responder Cookie field *PASSXXXLink0
33Processing invalid Next Payload field *PASSXXXLink0
34Processing invalid Major Version field(major 15, minor 0) *FAILXXXLink0
35Processing invalid Minor Version field(major 1, minor 15) *FAILXXXLink0
36Processing invalid Exchange Type field *PASSXXXLink0
37Processing invalid Flags field *PASSXXXLink0
38Processing invalid Message ID field *PASSXXXLink0

1.2.3 Generic Payload Header Processing




39Processing invalid Next Payload field *PASSXXXLink0
40Processing invalid RESERVED field *FAILXXXLink0

1.2.4 Security Association Payload Processing




41Processing invalid Next Payload field *PASSXXXLink0
42Processing invalid DOI field *PASSXXXLink0
43Processing invalid Situation field *PASSXXXLink0
44Processing invalid proposal(Encryption Algorithm) *PASSXXXLink0
45Processing invalid proposal(Hash Algorithm) *PASSXXXLink0
46Processing invalid proposal(Authentication method) *PASSXXXLink0
47Processing invalid proposal(Diffie-Hellman Group) *PASSXXXLink0
48Processing invalid proposal(Life Type) *PASSXXXLink0

1.2.5 Proposal Payload Processing




49Processing invalid Protocol-ID field *PASSXXXLink0
50Processing invalid SPI field *FAILXXXLink0
51Processing invalid proposal *FAILXXXLink0

1.2.6 Transform Payload Processing




52Processing invalid Transform-ID field *PASSXXXLink0
53Processing invalid Transform Payload *PASSXXXLink0
54Multiple Transform Payloads check(modify proposal) *PASSXXXLink0

1.2.7 Key Exchange Payload Processing




55Processing invalid Key Exchange Data field *FAILXXXLink0

1.2.8 Identification Payload Processing




56Processing invalid ID type field *PASSXXXLink0
57Not include Identification Payload *PASSXXXLink0
58Invalid Identification Payload recieve *PASSXXXLink0

1.2.9 Hash Payload Processing




59Processing invalid Hash Payload *PASSXXXLink0
60Processing invalid Hash Data field *PASSXXXLink0

1.2.10 Signature Payload Processing




61Processing invalid Signature Payload *Not yet supportedXXXLink0
62Processing invalid Signature Data field *Not yet supportedXXXLink0

1.2.11 Certificate Request Payload Processing




63Processing invalid Certificate Encoding field *Not yet supportedXXXLink0
64Processing invalid Certificate Authority field *Not yet supportedXXXLink0
65Processing invalid Certificate Type with Certificate Authority *Not yet supportedXXXLink0

1.2.12 Certificate Payload Processing




66Processing invalid Certificate Encoding field *Not yet supportedXXXLink0
67Processing invalid Certificate Data field *Not yet supportedXXXLink0

2 Phase II





2.1 quick mode





2.1.1 Sending the first message





2.1.1.1 Encryption of payload




68Encryption of ISAKMP payload ***PASSXXXLink0

2.1.1.2 Position of payload




69Position of payload ***PASSXXXLink0

2.1.1.3 ISAKMP Header




70ISAKMP Header Format ***PASSXXXLink0

2.1.1.4 HASH(1) Payload




71HASH Payload Format ***PASSXXXLink0

2.1.1.5 Security Association Payload




72SA Payload Format ***PASSXXXLink0

2.1.1.6 Proposal Payload




73Proposal Payload Format ***PASSXXXLink0

2.1.1.7 Transform Payload





2.1.1.7.1 Transform Payload Format check




74Transform Payload Format ***PASSXXXLink0
75Transform Payload Format(Multiple Transform) ***Not yet supportedXXXLink0

2.1.1.7.2 Transform Payload SA Attributes check




76ESP_DES,HMAC-MD5 ***Not yet supportedXXXLink0
77ESP_3DES,HMAC-MD5 **Not yet supportedXXXLink0
78ESP_3DES,HMAC-SHAPASSXXXLink0
79ESP_3DES,AES-XCBC-MACNot yet supportedXXXLink0
80ESP_AES,HMAC-SHANot yet supportedXXXLink0
81ESP_NULL,HMAC-MD5 ***Not yet supportedXXXLink0
82ESP_NULL,HMAC-SHA ***Not yet supportedXXXLink0
83ESP_NULL,AES-XCBC-MACNot yet supportedXXXLink0
84ESP without Authentication Algorithm(ESP_DES) ***Not yet supportedXXXLink0
85ESP without Authentication Algorithm(ESP_3DES) ***Not yet supportedXXXLink0
86ESP without Authentication Algorithm(ESP_AES)Not yet supportedXXXLink0

2.1.1.8 Transform Payload w/ PFS





2.1.1.8.1 PFS with DH




87enable PFS with DH1 ***Not yet supportedXXXLink0
88enable PFS with DH2 **Not yet supportedXXXLink0
89enable PFS with DH5Not yet supportedXXXLink0
90enable PFS with DH14Not yet supportedXXXLink0

2.1.1.8.2 consistent of multiple proposal




91consistent of proposal(Diffie-Hellman Group(Transform Payload)) ***Not yet supportedXXXLink0

2.1.1.9 Key Exchange Payload w/ PFS




92Key Exchange Payload Format +DH1 ***Not yet supportedXXXLink0
93Key Exchange Payload Format +DH2 **Not yet supportedXXXLink0
94Key Exchange Payload Format +DH5Not yet supportedXXXLink0
95Key Exchange Payload Format +DH14Not yet supportedXXXLink0

2.1.1.10 Nonce Payload




96Nonce Payload Format ***PASSXXXLink0

2.1.1.11 Key Exchange Payload w/o PFS




97Key Exchange Payload w/o PFSPASSXXXLink0

2.1.1.12 Identification Payload




98Identification Payload Format(Transport mode) ***PASSXXXLink0
99Identification Payload Format(Tunnel mode vs SGW) ***Not yet supportedXXXLink0
100Identification Payload Format(Tunnel mode vs HOST) ***Not yet supportedXXXLink0

2.1.2 Sending the third message





2.1.2.1 HASH(3) Payload




101HASH Payload Format ***PASSXXXLink0

2.1.3 Receiving the fourth message(Informational Exchange)




102set Commit Bit(CONNECTED Notify Message) ***Not yet supportedXXXLink0

2.1.4 Implementation of Quick Mode




103ESP_3DES(Transport mode)Not yet supportedXXXLink0
104ESP_3DES and HMAC-SHA(Transport mode) ***PASSXXXLink0
105ESP_3DES and HMAC-SHA with PFS ***Not yet supportedXXXLink0
106ESP_3DES(Tunnel mode vs SGW)Not yet supportedXXXLink0
107ESP_3DES and HMAC-SHA(Tunnel mode vs SGW) ***Not yet supportedXXXLink0
108ESP_3DES(Tunnel mode vs HOST)Not yet supportedXXXLink0
109ESP_3DES and HMAC-SHA(Tunnel mode vs HOST) ***Not yet supportedXXXLink0

2.1.5 Modification of IPsec SA




110Re-keying of IPsec SAPASSXXXLink0
111Using new SA for outbound traffic **FAILXXXLink0
112Accept both old and new SA for incoming traffic **FAILXXXLink0

2.1.6 Anti-replay




113Increasing Sequence NumberPASSXXXLink0
114Sequence Number VerificationNot yet supportedXXXLink0

2.2 Payload Processing





2.2.1 General Message Processing




115Processing invalid ISAKMP Payload Length *PASSXXXLink0

2.2.2 ISKAMP Header Processing




116Processing invalid Responder Cookie field *PASSXXXLink0
117Processing invalid Next Payload field *PASSXXXLink0
118Processing invalid Major Version field(major 15, minor 0)*FAILXXXLink0
119Processing invalid Minor Version field(major 1, minor 15) *FAILXXXLink0
120Processing invalid Exchange Type field *PASSXXXLink0
121Processing invalid Flags field *PASSXXXLink0
122Processing invalid Message ID field *PASSXXXLink0

2.2.3 Generic Payload Header Processing




123Processing invalid Next Payload field *PASSXXXLink0
124Processing invalid RESERVED field *FAILXXXLink0

2.2.4 Hash Payload Processing




125Processing invalid Hash Payload *PASSXXXLink0
126Processing invalid Hash Data field *PASSXXXLink0

2.2.5 Security Association Payload Processing




127Processing invalid Next Payload field *PASSXXXLink0
128Processing invalid DOI field *PASSXXXLink0
129Processing invalid Situation field *PASSXXXLink0
130Processing invalid proposal(ESP Authentication) *PASSXXXLink0
131Processing invalid proposal(Diffie-Hellman Group) *PASSXXXLink0
132Processing invalid proposal(Life Type) *PASSXXXLink0
133Processing invalid proposal(Encapsulation Mode) *PASSXXXLink0

2.2.6 Proposal Payload Processing




134Processing invalid Protocol-ID field *PASSXXXLink0
135Processing invalid SPI field *FAILXXXLink0
136Processing invalid proposal *FAILXXXLink0

2.2.7 Transform Payload Processing




137Processing invalid Transform-ID field *PASSXXXLink0
138Processing invalid Transform Payload *PASSXXXLink0
139Multiple Transform Payloads check(modify proposal) *PASSXXXLink0

2.2.8 Key Exchange Payload Processing




140Processing invalid Key Exchange Data field *FAILXXXLink0

2.2.9 Identification Payload Processing




141Processing invalid ID type field *PASSXXXLink0
142Invalid Identification Payload *PASSXXXLink0

Responder Test





1 Phase I





1.1 Aggressive mode





1.1.1 pre-shared key





1.1.1.1 Sending the second message





1.1.1.1.1 Position of payload




143Position of payload ***PASSXXXLink0

1.1.1.1.2 ISAKMP Header




144ISAKMP Header Format ***PASSXXXLink0

1.1.1.1.3 Security Association Payload




145SA Payload Format ***PASSXXXLink0

1.1.1.1.4 Proposal Payload




146Proposal Payload Format ***PASSXXXLink0

1.1.1.1.5 Transform Payload





1.1.1.1.5.1 Transform Payload Format check




147Transform Payload Format ***PASSXXXLink0

1.1.1.1.5.2 Transform Payload SA Attributes check




148DES,MD5,PSK,DH1 ***Not yet supportedXXXLink0
149DES,SHA,PSK,DH2 **Not yet supportedXXXLink0
150AES,SHA,PSK,DH2Not yet supportedXXXLink0
1513DES,MD5,PSK,DH2 **Not yet supportedXXXLink0
1523DES,SHA,PSK,DH2PASSXXXLink0
1533DES,SHA,RSA sign,DH2 **Not yet supportedXXXLink0
1543DES,SHA,PSK,DH1 **Not yet supportedXXXLink0
1553DES,SHA,PSK,DH5Not yet supportedXXXLink0
1563DES,SHA,PSK,DH14Not yet supportedXXXLink0

1.1.1.1.5.3 Select proposal




157Multiple Transform Payloads(Select proposal) ***PASSXXXLink0

1.1.1.1.6 Key Exchange Payload




158Key Exchange Payload Format + DH1 ***Not yet supportedXXXLink0
159Key Exchange Payload Format + DH2 **PASSXXXLink0
160Key Exchange Payload Format + DH5Not yet supportedXXXLink0
161Key Exchange Payload Format + DH14Not yet supportedXXXLink0

1.1.1.1.7 Nonce Payload




162Nonce Payload Format ***PASSXXXLink0

1.1.1.1.8 Identification Payload




163Identification Payload Format ***PASSXXXLink0

1.1.1.1.9 HASH Payload




164HASH Payload Format ***PASSXXXLink0

1.1.1.2 Implementation of Aggressive mode with pre-shared key




165Implementation of Aggressive mode with pre-shared key ***PASSXXXLink0

1.1.1.3 Modification of ISAKMP SA




166cookie field **PASSXXXLink0

1.1.2 RSA signature





1.1.2.1 Sending the second message





1.1.2.1.1 Signature Payload




167Signature Payload Format ***Not yet supportedXXXLink0

1.1.2.1.2 Certificate Request Payload




168Certificate Request Payload Format ***Not yet supportedXXXLink0

1.1.2.1.3 Certificate Payload




169Certificate Payload Format ***Not yet supportedXXXLink0

1.1.2.2 Implementation of Aggressive mode with RSA signatures




170Implementation of Aggressive Mode with RSA signatures **Not yet supportedXXXLink0

1.2 Payload Processing





1.2.1 General Message Processing




171Processing invalid ISAKMP Payload Length *PASSXXXLink0

1.2.2 ISKAMP Header Processing




172Processing invalid Initiator Cookie field *PASSXXXLink0
173Processing invalid Next Payload field *PASSXXXLink0
174Processing invalid Major Version field(major 15, minor 0) *PASSXXXLink0
175Processing invalid Minor Version field(major 1, minor 15) *PASSXXXLink0
176Processing invalid Exchange Type field *PASSXXXLink0
177Processing invalid Flags field *PASSXXXLink0
178Processing invalid Message ID field *PASSXXXLink0

1.2.3 Generic Payload Header Processing




179Processing invalid Next Payload field *PASSXXXLink0
180Processing invalid RESERVED field *FAILXXXLink0

1.2.4 Security Association Payload Processing




181Processing invalid Next Payload field *PASSXXXLink0
182Processing invalid DOI field *PASSXXXLink0
183Processing invalid Situation field *PASSXXXLink0
184Processing invalid proposal(Encryption Algorithm) *PASSXXXLink0
185Processing invalid proposal(Hash Algorithm) *PASSXXXLink0
186Processing invalid proposal(Authentication method) *PASSXXXLink0
187Processing invalid proposal(Diffie-Hellman Group) *PASSXXXLink0
188Processing invalid proposal(Life Type) *PASSXXXLink0
189IPSEC Situation Definition(SIT_SECRECY) *PASSXXXLink0
190IPSEC Situation Definition(SIT_INTEGRITY) *PASSXXXLink0

1.2.5 Proposal Payload Processing




191Processing invalid Protocol-ID field *PASSXXXLink0
192Processing invalid SPI field *PASSXXXLink0
193Processing invalid proposal *FAILXXXLink0

1.2.6 Transform Payload Processing




194Processing invalid Transform-ID field *PASSXXXLink0
195Processing invalid Transform Payload *PASSXXXLink0
196Multiple Transform Payloads check(reject proposal) *PASSXXXLink0

1.2.7 Key Exchange Payload Processing




197Processing invalid Key Exchange Data field *FAILXXXLink0

1.2.8 Identification Payload Processing




198Processing invalid ID type field *FAILXXXLink0
199Not include Identification Payload *PASSXXXLink0
200invalid Identification Payload recieve *FAILXXXLink0

1.2.9 Hash Payload Processing




201Processing invalid Hash Payload *PASSXXXLink0
202Processing invalid Hash Data field *PASSXXXLink0

1.2.10 Signature Payload Processing




203Processing invalid Signature Payload *Not yet supportedXXXLink0
204Processing invalid Signature Data field *Not yet supportedXXXLink0

1.2.11 Certificate Request Payload Processing




205Processing invalid Certificate Encoding field *Not yet supportedXXXLink0
206Processing invalid Certificate Authority field *Not yet supportedXXXLink0
207Processing invalid Certificate Type with Certificate Authority *Not yet supportedXXXLink0

1.2.12 Certificate Payload Processing




208Processing invalid Certificate Encoding field *Not yet supportedXXXLink0
209Processing invalid Certificate Data field *Not yet supportedXXXLink0

2 Phase II





2.1 quick mode





2.1.1 Sendign the second message





2.1.1.1 Encryption of payload




210Encryption of ISAKMP payload ***PASSXXXLink0

2.1.1.2 Position of payload




211Position of payload ***PASSXXXLink0

2.1.1.3 ISAKMP Header




212ISAKMP Header Format ***PASSXXXLink0

2.1.1.4 HASH(2) Payload




213HASH Payload Format ***PASSXXXLink0

2.1.1.5 Security Association Payload




214SA Payload Format ***PASSXXXLink0

2.1.1.6 Proposal Payload




215Proposal Payload Format ***PASSXXXLink0

2.1.1.7 Transform Payload





2.1.1.7.1 Transform Payload Format check




216Transform Payload Format ***PASSXXXLink0

2.1.1.7.2 Transform Payload SA Attributes check




217ESP_DES,HMAC-MD5 ***Not yet supportedXXXLink0
218ESP_3DES,HMAC-MD5 **Not yet supportedXXXLink0
219ESP_3DES,HMAC-SHAPASSXXXLink0
220ESP_3DES,AES-XCBC-MACNot yet supportedXXXLink0
221ESP_AES,HMAC-SHANot yet supportedXXXLink0
222ESP_NULL,HMAC-MD5 ***Not yet supportedXXXLink0
223ESP_NULL,HMAC-SHA ***Not yet supportedXXXLink0
224ESP_NULL,AES-XCBC-MACNot yet supportedXXXLink0
225ESP without Authentication Algorithm(ESP_DES) ***Not yet supportedXXXLink0
226ESP without Authentication Algorithm(ESP_3DES) ***Not yet supportedXXXLink0
227ESP without Authentication Algorithm(ESP_AES)Not yet supportedXXXLink0

2.1.1.7.3 Select proposal




228Multiple Proposal and Transform Payloads (select proposal) ***PASSXXXLink0

2.1.1.8 Transform Payload w/ PFS




229enable PFS with DH1 ***Not yet supportedXXXLink0
230enable PFS with DH2 **Not yet supportedXXXLink0
231enable PFS with DH5Not yet supportedXXXLink0
232enable PFS with DH14Not yet supportedXXXLink0

2.1.1.9 Key Exchange Payload w/ PFS




233Key Exchange Payload Format + DH1 ***Not yet supportedXXXLink0
234Key Exchange Payload Format +DH2 **Not yet supportedXXXLink0
235Key Exchange Payload Format +DH5Not yet supportedXXXLink0
236Key Exchange Payload Format +DH14Not yet supportedXXXLink0

2.1.1.10 Nonce Payload




237Nonce Payload Format ***PASSXXXLink0

2.1.1.11 Key Exchange Payload w/o PFS




238Key Exchange Payload w/o PFSPASSXXXLink0

2.1.1.12 Identification Payload




239Identification Payload Format(Transport mode) ***PASSXXXLink0
240Identification Payload Format(Tunnel mode vs SGW) ***Not yet supportedXXXLink0
241Identification Payload Format(Tunnel mode vs HOST) ***Not yet supportedXXXLink0

2.1.2 Receiving the fourth message(Informational Exchange)




242set Commit Bit(CONNECTED Notify Message) ***Not yet supportedXXXLink0

2.1.3 Implementation of Quick Mode




243ESP_3DES(Transport mode)Not yet supportedXXXLink0
244ESP_3DES and HMAC-SHA(Transport mode) ***PASSXXXLink0
245ESP_3DES and HMAC-SHA with PFS ***Not yet supportedXXXLink0
246ESP_3DES(Tunnel mode vs SGW)Not yet supportedXXXLink0
247ESP_3DES and HMAC-SHA(Tunnel mode vs SGW) ***Not yet supportedXXXLink0
248ESP_3DES(Tunnel mode vs HOST)Not yet supportedXXXLink0
249ESP_3DES and HMAC-SHA(Tunnel mode vs HOST) ***Not yet supportedXXXLink0

2.1.4 Modification of IPsec SA




250Using new SA for outbound traffic **FAILXXXLink0
251Accept both old and new SA for incoming traffic **FAILXXXLink0

2.1.5 Anti-replay




252Increasing Sequence NumberPASSXXXLink0
253Sequence Number VerificationNot yet supportedXXXLink0

2.2 Payload Processing





2.2.1 General Message Processing




254Processing invalid ISAKMP Payload Length *PASSXXXLink0

2.2.2 ISKAMP Header Processing




255Processing invalid Initiator Cookie field *PASSXXXLink0
256Processing invalid Next Payload field *PASSXXXLink0
257Processing invalid Major Version field(major 15, minor 0) *FAILXXXLink0
258Processing invalid Minor Version field(major 1, minor 15) *FAILXXXLink0
259Processing invalid Exchange Type field *PASSXXXLink0
260Processing invalid Flags field *PASSXXXLink0
261Processing invalid Message ID field *PASSXXXLink0

2.2.3 Generic Payload Header Processing




262Processing invalid Next Payload field *PASSXXXLink0
263Processing invalid RESERVED field *FAILXXXLink0

2.2.4 Hash Payload Processing




264Processing invalid Hash Payload *PASSXXXLink0
265Processing invalid Hash Data field *PASSXXXLink0

2.2.5 Security Association Payload Processing




266Processing invalid Next Payload field *PASSXXXLink0
267Processing invalid DOI field *PASS