| No. |
Title |
Category |
Detail
|
|
Initiator Test |
|
|
|
1 Phase I |
|
|
|
1.1 Aggressive mode |
|
|
|
1.1.1 pre-shared key |
|
|
|
1.1.1.1 Sending the first message |
|
|
|
1.1.1.1.1 Position of payload |
|
|
| 1 |
Position of payload *** |
BASIC |
|
|
1.1.1.1.2 ISAKMP Header |
|
|
| 2 |
ISAKMP
Header Format *** |
BASIC |
|
|
1.1.1.1.3 Security Association Payload |
|
|
| 3 |
SA Payload Format
*** |
BASIC |
|
|
1.1.1.1.4 Proposal Payload |
|
|
| 4 |
Proposal
Payload Format *** |
BASIC |
|
|
1.1.1.1.5 Transform Payload |
|
|
|
1.1.1.1.5.1 Transform Payload Format check |
|
|
| 5 |
Transform
Payload Format *** |
BASIC |
|
| 6 |
Transform
Payload Format (Multiple Transform Payload) *** |
ADVANCED |
Phase-1
sending multiple proposal |
|
1.1.1.1.5.2 Transform Payload SA Attributes check |
|
|
| 7 |
Attributes include MD5
*** |
ADVANCED |
MD5 |
| 8 |
Attributes include SHA
*** |
BASIC |
|
| 9 |
Attributes include
DES ** |
ADVANCED |
DES-CBC
|
| 10 |
Attributes include
3DES ** |
BASIC |
|
| 11 |
Attributes include AES
** |
ADVANCED |
AES-CBC
|
| 12 |
Attributes include
PSK *** |
BASIC |
|
| 13 |
Attributes include
RSA sign ** |
ADVANCED |
Digital
Signature (RSA)
|
| 14 |
Attributes include
DH1 *** |
ADVANCED |
DH1 |
| 15 |
Attributes include
DH2 ** |
BASIC |
|
| 16 |
Attributes include DH5 |
ADVANCED |
DH5 |
| 17 |
Attributes include DH14 |
ADVANCED |
DH14 |
|
1.1.1.1.6 Key Exchange Payload. |
|
|
| 18 |
Key Exchange Payload
Format + DH1 *** |
ADVANCED |
DH1 |
| 19 |
Key Exchange
Payload Format + DH2 ** |
BASIC |
|
| 20 |
Key Exchange
Payload Format + DH5 |
ADVANCED |
DH5 |
| 21 |
Key Exchange
Payload Format + DH14 |
ADVANCED |
DH14 |
|
1.1.1.1.7 Nonce Payload |
|
|
| 22 |
Nonce Payload Format
*** |
BASIC |
|
|
1.1.1.1.8 Identification Payload |
|
|
| 23 |
Identification
Payload Format *** |
BASIC |
|
|
1.1.1.2 Sending the third message |
|
|
|
1.1.1.2.1 HASH Payload |
|
|
| 24 |
HASH Payload Format
*** |
BASIC |
|
|
1.1.1.3 Implementation of Aggressive mode with pre-shared
key |
|
|
| 25 |
Implementation of
Aggressive mode with pre-shared key ** |
BASIC |
|
|
1.1.2 RSA signature |
|
|
|
1.1.2.1 Sending the first message |
|
|
|
1.1.2.1.1 Certificate Request Payload |
|
|
| 26 |
Certificate
Request Payload Format *** |
ADVANCED |
Digital
Signature (RSA) |
|
1.1.2.2 Sending the third message |
|
|
|
1.1.2.2.1 Signature Payload |
|
|
| 27 |
Signature
Payload Format *** |
ADVANCED |
Digital
Signature (RSA) |
|
1.1.2.2.2 Certificate Payload |
|
|
| 28 |
Certificate
Payload Format *** |
ADVANCED |
Digital
Signature (RSA) |
|
1.1.2.3 Implementation of Aggressive Mode with RSA
signatures |
|
|
| 29 |
Implementation of
Aggressive Mode with RSA signatures ** |
ADVANCED |
Digital
Signature (RSA) |
|
1.2 Payload Processing |
|
|
|
1.2.1 General Message Processing |
|
|
| 30 |
Processing
invalid ISAKMP Payload Length * |
BASIC |
|
|
1.2.2 ISKAMP Header Processing |
|
|
| 31 |
Processing
invalid Responder Cookie field * |
BASIC |
|
| 32 |
Processing
invalid Next Payload field * |
BASIC |
|
| 33 |
Processing
invalid Major Version field (major 15, minor 0) * |
BASIC |
|
| 34 |
Processing
invalid Minor Version field (major 1, minor 15) * |
BASIC |
|
| 35 |
Processing
invalid Exchange Type field * |
BASIC |
|
| 36 |
Processing
invalid Flags field * |
BASIC |
|
| 37 |
Processing
invalid Message ID field * |
BASIC |
|
|
1.2.3 Generic Payload Header Processing |
|
|
| 38 |
Processing
invalid Next Payload field * |
BASIC |
|
| 39 |
Processing
invalid RESERVED field * |
BASIC |
|
|
1.2.4 Security Association Payload Processing |
|
|
| 40 |
Processing
invalid Next Payload field * |
BASIC |
|
| 41 |
Processing
invalid DOI field * |
BASIC |
|
| 42 |
Processing
invalid Situation field * |
BASIC |
|
| 43 |
Processing
invalid proposal (Encryption Algorithm) * |
BASIC |
|
| 44 |
Processing
invalid proposal (Hash Algorithm) * |
BASIC |
|
| 45 |
Processing
invalid proposal (Authentication method) * |
BASIC |
|
| 46 |
Processing
invalid proposal (Diffie-Hellman Group) * |
BASIC |
|
| 47 |
Processing
invalid proposal (Life Type) * |
BASIC |
|
|
1.2.5 Proposal Payload Processing |
|
|
| 48 |
Processing
invalid Protocol-ID field * |
BASIC |
|
| 49 |
Processing
invalid SPI field * |
BASIC |
|
| 50 |
Processing
invalid proposal * |
BASIC |
|
|
1.2.6 Transform Payload Processing |
|
|
| 51 |
Processing
invalid Transform-ID field * |
BASIC |
|
| 52 |
Processing
invalid Transform Payload * |
BASIC |
|
| 53 |
Processing invalid
Transform Payload (Receiving modified proposal) * |
BASIC |
|
|
1.2.7 Key Exchange Payload Processing |
|
|
| 54 |
Processing
invalid Key Exchange Data field * |
BASIC |
|
|
1.2.8 Identification Payload Processing |
|
|
| 55 |
Processing
invalid ID type field * |
BASIC |
|
| 56 |
Not include
Identification Payload * |
BASIC |
|
| 57 |
Invalid
Identification Payload recieve * |
BASIC |
|
|
1.2.9 Hash Payload Processing |
|
|
| 58 |
Processing
invalid Hash Payload * |
BASIC |
|
| 59 |
Processing
invalid Hash Data field * |
BASIC |
|
|
1.2.10 Signature Payload Processing |
|
|
| 60 |
Processing
invalid Signature Payload * |
ADVACNED |
Digital
Signature (RSA) |
| 61 |
Processing
invalid Signature Data field * |
ADVACNED |
Digital
Signature (RSA) |
|
1.2.11 Certificate Request Payload Processing |
|
|
| 62 |
Processing
invalid Certificate Encoding field * |
ADVACNED |
Digital
Signature (RSA) |
| 63 |
Processing
invalid Certificate Authority field * |
ADVACNED |
Digital
Signature (RSA) |
| 64 |
Processing
invalid Certificate Type with Certificate Authority * |
ADVACNED |
Digital
Signature (RSA) |
|
1.2.12 Certificate Payload Processing |
|
|
| 65 |
Processing
invalid Certificate Encoding field * |
ADVACNED |
Digital
Signature (RSA) |
| 66 |
Processing
invalid Certificate Data field * |
ADVACNED |
Digital
Signature (RSA) |
|
2 Phase II |
|
|
|
2.1 quick mode |
|
|
|
2.1.1 Sending the first message |
|
|
|
2.1.1.1 Encryption of payload |
|
|
| 67 |
Encryption of ISAKMP
payload *** |
BASIC |
|
|
2.1.1.2 Position of payload |
|
|
| 68 |
Position of payload *** |
BASIC |
|
|
2.1.1.3 ISAKMP Header |
|
|
| 69 |
ISAKMP Header Format *** |
BASIC |
|
|
2.1.1.4 HASH(1) Payload |
|
|
| 70 |
HASH Payload Format
*** |
BASIC |
|
|
2.1.1.5 Security Association Payload |
|
|
| 71 |
SA Payload Format
*** |
BASIC |
|
|
2.1.1.6 Proposal Payload |
|
|
| 72 |
Proposal
Payload Format *** |
BASIC |
|
|
2.1.1.7 Transform Payload |
|
|
|
2.1.1.7.1 Transform Payload Format check |
|
|
| 73 |
Transform
Payload Format *** |
BASIC |
|
| 74 |
Transform
Payload Format (Multiple Transform) *** |
ADVANCED |
Phase-2
sending multiple proposal |
|
2.1.1.7.2 Transform Payload SA Attributes check |
|
|
| 75 |
ESP_DES,HMAC-MD5
*** |
ADVANCED |
DES-CBC,
HMAC-MD5
|
| 76 |
ESP_3DES,HMAC-MD5
** |
ADVANCED |
HMAC-MD5 |
| 77 |
ESP_3DES,HMAC-SHA |
BASIC |
|
| 78 |
ESP_3DES,AES-XCBC-MAC |
ADVANCED |
AES-XCBC-MAC |
| 79 |
ESP_AES,HMAC-SHA |
ADVANCED |
AES-CBC (128bit) |
| 80 |
ESP_NULL,HMAC-MD5
*** |
ADVANCED |
ESP_NULL,
HMAC-MD5 |
| 81 |
ESP_NULL,HMAC-SHA
*** |
ADVANCED |
ESP_NULL |
| 82 |
ESP_NULL,AES-XCBC-MAC |
ADVANCED |
ESP_NULL,
AES-XCBC-MAC |
| 83 |
ESP without
Authentication Algorithm (ESP_DES) *** |
ADVANCED |
ESP (without
Authentication), DES-CBC |
| 84 |
ESP without
Authentication Algorithm (ESP_3DES) *** |
ADVANCED |
ESP (without
Authentication) |
| 85 |
ESP without
Authentication Algorithm (ESP_AES) |
ADVANCED |
ESP (without
Authentication), AES-CBC (128bit) |
|
2.1.1.8 Transform Payload w/ PFS |
|
|
|
2.1.1.8.1 PFS with DH |
|
|
| 86 |
enable PFS with DH1 *** |
ADVANCED |
PFS, DH1 |
| 87 |
enable PFS with DH2 ** |
ADVANCED |
PFS |
| 88 |
enable PFS with DH5 |
ADVANCED |
PFS, DH5 |
| 89 |
enable PFS with DH14 |
ADVANCED |
PFS, DH14 |
|
2.1.1.8.2 consistent of multiple proposal |
|
|
| 90 |
consistent of proposal
(Diffie-Hellman Group (Transform Payload)) *** |
ADVANCED |
Phase-2
sending multiple proposal |
|
2.1.1.9 Key Exchange Payload w/ PFS |
|
|
| 91 |
Key Exchange Payload
Format +DH1 *** |
ADVANCED |
PFS, DH1 |
| 92 |
Key Exchange Payload
Format +DH2 ** |
ADVANCED |
PFS |
| 93 |
Key Exchange Payload
Format +DH5 |
ADVANCED |
PFS, DH5 |
| 94 |
Key Exchange Payload
Format +DH14 |
ADVANCED |
PFS, DH14 |
|
2.1.1.10 Nonce Payload |
|
|
| 95 |
Nonce Payload Format *** |
BASIC |
|
|
2.1.1.11 Key Exchange Payload w/o PFS |
|
|
| 96 |
Key Exchange
Payload w/o PFS |
BASIC |
|
|
2.1.1.12 Identification Payload |
|
|
| 97 |
Identification Payload
Format (Transport mode) *** |
BASIC |
|
| 98 |
Identification
Payload Format (Tunnel mode vs SGW) *** |
ADVANCED |
Tunnel mode |
| 99 |
Identification
Payload Format (Tunnel mode vs HOST) *** |
ADVANCED |
Tunnel mode |
|
2.1.2 Sending the third message |
|
|
|
2.1.2.1 HASH(3) Payload |
|
|
| 100 |
HASH Payload Format
*** |
BASIC |
|
|
2.1.3 Receiving the fourth message (Informational
Exchange) |
|
|
| 101 |
set Commit Bit
(CONNECTED Notify Message) *** |
ADVANCED |
Commit bit
|
|
2.1.4 Implementation of Quick Mode |
|
|
| 102 |
ESP_3DES (Transport
mode) |
ADVANCED |
ESP (without
Authentication) |
| 103 |
ESP_3DES and HMAC-SHA
(Transport mode) *** |
BASIC |
|
| 104 |
ESP_3DES and
HMAC-SHA with PFS *** |
ADVANCED |
PFS |
| 105 |
ESP_3DES (Tunnel
mode vs SGW) |
ADVANCED |
Tunnel mode,
ESP (without Authentication)
|
| 106 |
ESP_3DES and HMAC-SHA
(Tunnel mode vs SGW) *** |
ADVANCED |
Tunnel mode |
| 107 |
ESP_3DES (Tunnel
mode vs HOST) |
ADVANCED |
Tunnel mode,
ESP (without Authentication) |
| 108 |
ESP_3DES and HMAC-SHA
(Tunnel mode vs HOST) *** |
ADVANCED |
Tunnel mode |
|
2.1.5 Modification of IPsec SA |
|
|
| 109 |
Re-keying of IPsec SA |
BASIC |
|
| 110 |
Using new SA for
outbound traffic ** |
BASIC |
|
| 111 |
Accept both old and
new SA for incoming traffic ** |
BASIC |
|
|
2.1.6 Anti-replay |
|
|
| 112 |
Increasing Sequence
Number |
BASIC |
|
| 113 |
Sequence Number
Verification |
ADVANCED |
Receiver
|
|
2.2 Payload Processing |
|
|
|
2.2.1 General Message Processing |
|
|
| 114 |
Processing
invalid ISAKMP Payload Length * |
BASIC |
|
|
2.2.2 ISKAMP Header Processing |
|
|
| 115 |
Processing
invalid Responder Cookie field * |
BASIC |
|
| 116 |
Processing
invalid Next Payload field * |
BASIC |
|
| 117 |
Processing
invalid Major Version field (major 15, minor 0)* |
BASIC |
|
| 118 |
Processing
invalid Minor Version field (major 1, minor 15) * |
BASIC |
|
| 119 |
Processing
invalid Exchange Type field * |
BASIC |
|
| 120 |
Processing
invalid Flags field * |
BASIC |
|
| 121 |
Processing
invalid Message ID field * |
BASIC |
|
|
2.2.3 Generic Payload Header Processing |
|
|
| 122 |
Processing
invalid Next Payload field * |
BASIC |
|
| 123 |
Processing
invalid RESERVED field * |
BASIC |
|
|
2.2.4 Hash Payload Processing |
|
|
| 124 |
Processing
invalid Hash Payload * |
BASIC |
|
| 125 |
Processing
invalid Hash Data field * |
BASIC |
|
|
2.2.5 Security Association Payload Processing |
|
|
| 126 |
Processing
invalid Next Payload field * |
BASIC |
|
| 127 |
Processing
invalid DOI field * |
BASIC |
|
| 128 |
Processing
invalid Situation field * |
BASIC |
|
| 129 |
Processing
invalid proposal (ESP Authentication) * |
BASIC |
|
| 130 |
Processing
invalid proposal (Diffie-Hellman Group) * |
BASIC |
|
| 131 |
Processing
invalid proposal (Life Type) * |
BASIC |
|
| 132 |
Processing
invalid proposal (Encapsulation Mode) * |
BASIC |
|
|
2.2.6 Proposal Payload Processing |
|
|
| 133 |
Processing
invalid Protocol-ID field * |
BASIC |
|
| 134 |
Processing
invalid SPI field * |
BASIC |
|
| 135 |
Processing
invalid proposal * |
BASIC |
|
|
2.2.7 Transform Payload Processing |
|
|
| 136 |
Processing
invalid Transform-ID field * |
BASIC |
|
| 137 |
Processing
invalid Transform Payload * |
BASIC |
|
| 138 |
Processing invalid
Transform Payloads (Receiving modified proposal) * |
BASIC |
|
|
2.2.8 Key Exchange Payload Processing |
|
|
| 139 |
Processing
invalid Key Exchange Data field * |
BASIC |
|
|
2.2.9 Identification Payload Processing |
|
|
| 140 |
Processing
invalid ID type field * |
BASIC |
|
| 141 |
Invalid Identification
Payload * |
BASIC |
|