| No. |
Title |
Category
|
Detail
|
|
Responder Test |
|
|
|
1 Phase I |
|
|
|
1.1 Aggressive mode |
|
|
|
1.1.1 pre-shared key |
|
|
|
1.1.1.1 Sending the second message |
|
|
|
1.1.1.1.1 Position of payload |
|
|
| 1 |
Position of payload *** |
BASIC |
|
|
1.1.1.1.2 ISAKMP Header |
|
|
| 2 |
ISAKMP
Header Format *** |
BASIC |
|
|
1.1.1.1.3 Security Association Payload |
|
|
| 3 |
SA Payload Format
*** |
BASIC |
|
|
1.1.1.1.4 Proposal Payload |
|
|
| 4 |
Proposal
Payload Format *** |
BASIC |
|
|
1.1.1.1.5 Transform Payload |
|
|
|
1.1.1.1.5.1 Transform Payload Format check |
|
|
| 5 |
Transform
Payload Format *** |
BASIC |
|
|
1.1.1.1.5.2 Transform Payload SA Attributes check |
|
|
| 6 |
DES,MD5,PSK,DH1 *** |
ADVANCED
|
DES-CBC,MD5,DH1
|
| 7 |
DES,SHA,PSK,DH2 ** |
ADVANCED
|
DES-CBC
|
| 8 |
AES,SHA,PSK,DH2 |
ADVANCED
|
AES-CBC
|
| 9 |
3DES,MD5,PSK,DH2 ** |
ADVANCED
|
MD5
|
| 10 |
3DES,SHA,PSK,DH2 |
BASIC
|
|
| 11 |
3DES,SHA,RSA sign,DH2
** |
ADVANCED
|
Digital Signature (RSA)
|
| 12 |
3DES,SHA,PSK,DH1 ** |
ADVANCED
|
DH1
|
| 13 |
3DES,SHA,PSK,DH5 |
ADVANCED
|
DH5
|
| 14 |
3DES,SHA,PSK,DH14 |
ADVANCED
|
DH14
|
|
1.1.1.1.5.3 Select proposal |
|
|
| 15 |
Multiple
Transform Payloads (Select proposal) *** |
BASIC |
|
|
1.1.1.1.6 Key Exchange Payload |
|
|
| 16 |
Key Exchange Payload
Format + DH1 *** |
ADVANCED
|
DH1
|
| 17 |
Key Exchange
Payload Format + DH2 ** |
BASIC |
|
| 18 |
Key Exchange
Payload Format + DH5 |
ADVANCED
|
DH5
|
| 19 |
Key Exchange
Payload Format + DH14 |
ADVANCED
|
DH14
|
|
1.1.1.1.7 Nonce Payload |
|
|
| 20 |
Nonce Payload Format
*** |
BASIC
|
|
|
1.1.1.1.8 Identification Payload |
|
|
| 21 |
Identification
Payload Format *** |
BASIC
|
|
|
1.1.1.1.9 HASH Payload |
|
|
| 22 |
HASH Payload Format
*** |
BASIC |
|
|
1.1.1.2 Implementation of Aggressive mode with pre-shared
key |
|
|
| 23 |
Implementation of
Aggressive mode with pre-shared key *** |
BASIC |
|
|
1.1.1.3 Modification of ISAKMP SA |
|
|
| 24 |
cookie field ** |
BASIC |
|
|
1.1.2 RSA signature |
|
|
|
1.1.2.1 Sending the second message |
|
|
|
1.1.2.1.1 Signature Payload |
|
|
| 25 |
Signature
Payload Format *** |
ADVANCED
|
Digital Signature (RSA)
|
|
1.1.2.1.2 Certificate Request Payload |
|
|
| 26 |
Certificate
Request Payload Format *** |
ADVANCED
|
Digital Signature (RSA)
|
|
1.1.2.1.3 Certificate Payload |
|
|
| 27 |
Certificate
Payload Format *** |
ADVANCED
|
Digital Signature (RSA)
|
|
1.1.2.2 Implementation of Aggressive mode with RSA
signatures |
|
|
| 28 |
Implementation of
Aggressive Mode with RSA signatures ** |
ADVANCED
|
Digital Signature (RSA)
|
|
1.2 Payload Processing |
|
|
|
1.2.1 General Message Processing |
|
|
| 29 |
Processing
invalid ISAKMP Payload Length * |
BASIC |
|
|
1.2.2 ISKAMP Header Processing |
|
|
| 30 |
Processing
invalid Initiator Cookie field * |
BASIC |
|
| 31 |
Processing
invalid Next Payload field * |
BASIC |
|
| 32 |
Processing
invalid Major Version field (major 15, minor 0) * |
BASIC |
|
| 33 |
Processing
invalid Minor Version field (major 1, minor 15) * |
BASIC |
|
| 34 |
Processing
invalid Exchange Type field * |
BASIC |
|
| 35 |
Processing
invalid Flags field * |
BASIC |
|
| 36 |
Processing
invalid Message ID field * |
BASIC |
|
|
1.2.3 Generic Payload Header Processing |
|
|
| 37 |
Processing
invalid Next Payload field * |
BASIC |
|
| 38 |
Processing
invalid RESERVED field * |
BASIC |
|
|
1.2.4 Security Association Payload Processing |
|
|
| 39 |
Processing
invalid Next Payload field * |
BASIC |
|
| 40 |
Processing
invalid DOI field * |
BASIC |
|
| 41 |
Processing
invalid Situation field * |
BASIC |
|
| 42 |
Processing
invalid proposal (Encryption Algorithm) * |
BASIC |
|
| 43 |
Processing
invalid proposal (Hash Algorithm) * |
BASIC |
|
| 44 |
Processing
invalid proposal (Authentication method) * |
BASIC |
|
| 45 |
Processing
invalid proposal (Diffie-Hellman Group) * |
BASIC |
|
| 46 |
Processing
invalid proposal (Life Type) * |
BASIC |
|
| 47 |
IPSEC Situation
Definition (SIT_SECRECY) * |
BASIC |
|
| 48 |
IPSEC Situation
Definition (SIT_INTEGRITY) * |
BASIC |
|
|
1.2.5 Proposal Payload Processing |
|
|
| 49 |
Processing
invalid Protocol-ID field * |
BASIC |
|
| 50 |
Processing
invalid SPI field * |
BASIC |
|
| 51 |
Processing
invalid proposal * |
BASIC |
|
|
1.2.6 Transform Payload Processing |
|
|
| 52 |
Processing
invalid Transform-ID field * |
BASIC |
|
| 53 |
Processing
invalid Transform Payload * |
BASIC |
|
| 54 |
Processing
invalid Multiple Proposal (Rejecting proposal) * |
BASIC |
|
|
1.2.7 Key Exchange Payload Processing |
|
|
| 55 |
Processing
invalid Key Exchange Data field * |
BASIC |
|
|
1.2.8 Identification Payload Processing |
|
|
| 56 |
Processing
invalid ID type field * |
BASIC |
|
| 57 |
Not include
Identification Payload * |
BASIC |
|
| 58 |
invalid
Identification Payload recieve * |
BASIC |
|
|
1.2.9 Hash Payload Processing |
|
|
| 59 |
Processing
invalid Hash Payload * |
BASIC |
|
| 60 |
Processing
invalid Hash Data field * |
BASIC |
|
|
1.2.10 Signature Payload Processing |
|
|
| 61 |
Processing
invalid Signature Payload * |
ADVANCED
|
Digital Signature (RSA)
|
| 62 |
Processing
invalid Signature Data field * |
ADVANCED
|
Digital Signature (RSA)
|
|
1.2.11 Certificate Request Payload Processing |
|
|
| 63 |
Processing
invalid Certificate Encoding field * |
ADVANCED
|
Digital Signature (RSA)
|
| 64 |
Processing
invalid Certificate Authority field * |
ADVANCED
|
Digital Signature (RSA)
|
| 65 |
Processing
invalid Certificate Type with Certificate Authority * |
ADVANCED
|
Digital Signature (RSA)
|
|
1.2.12 Certificate Payload Processing |
|
|
| 66 |
Processing
invalid Certificate Encoding field * |
ADVANCED
|
Digital Signature (RSA)
|
| 67 |
Processing
invalid Certificate Data field * |
ADVANCED
|
Digital Signature (RSA)
|
|
2 Phase II |
|
|
|
2.1 quick mode |
|
|
|
2.1.1 Sendign the second message |
|
|
|
2.1.1.1 Encryption of payload |
|
|
| 68 |
Encryption of ISAKMP
payload *** |
BASIC |
|
|
2.1.1.2 Position of payload |
|
|
| 69 |
Position of payload *** |
BASIC |
|
|
2.1.1.3 ISAKMP Header |
|
|
| 70 |
ISAKMP Header Format *** |
BASIC |
|
|
2.1.1.4 HASH(2) Payload |
|
|
| 71 |
HASH Payload Format
*** |
BASIC |
|
|
2.1.1.5 Security Association Payload |
|
|
| 72 |
SA Payload Format
*** |
BASIC |
|
|
2.1.1.6 Proposal Payload |
|
|
| 73 |
Proposal
Payload Format *** |
BASIC |
|
|
2.1.1.7 Transform Payload |
|
|
|
2.1.1.7.1 Transform Payload Format check |
|
|
| 74 |
Transform
Payload Format *** |
BASIC |
|
|
2.1.1.7.2 Transform Payload SA Attributes check |
|
|
| 75 |
ESP_DES,HMAC-MD5
*** |
ADVANCED
|
DES-CBC, HMAC-MD5
|
| 76 |
ESP_3DES,HMAC-MD5
** |
ADVANCED
|
HMAC-MD5
|
| 77 |
ESP_3DES,HMAC-SHA |
BASIC
|
|
| 78 |
ESP_3DES,AES-XCBC-MAC |
ADVANCED
|
AES-XCBC-MAC
|
| 79 |
ESP_AES,HMAC-SHA |
ADVANCED
|
AES-CBC
|
| 80 |
ESP_NULL,HMAC-MD5
*** |
ADVANCED
|
ESP_NULL, HMAC-MD5
|
| 81 |
ESP_NULL,HMAC-SHA
*** |
ADVANCED
|
ESP_NULL
|
| 82 |
ESP_NULL,AES-XCBC-MAC |
ADVANCED
|
ESP_NULL, AES-XCBC-MAC
|
| 83 |
ESP without
Authentication Algorithm (ESP_DES) *** |
ADVANCED
|
ESP (without Authentication), DES-CBC
|
| 84 |
ESP without
Authentication Algorithm (ESP_3DES) *** |
ADVANCED
|
ESP (without Authentication)
|
| 85 |
ESP without
Authentication Algorithm (ESP_AES) |
ADVANCED
|
ESP (without Authentication), AES-CBC
|
|
2.1.1.7.3 Select proposal |
|
|
| 86 |
Multiple Proposal
and Transform Payloads (select proposal) *** |
BASIC |
|
|
2.1.1.8 Transform Payload w/ PFS |
|
|
| 87 |
enable PFS with DH1 *** |
ADVANCED
|
PFS, DH1
|
| 88 |
enable PFS with DH2 ** |
ADVANCED
|
PFS
|
| 89 |
enable PFS with DH5 |
ADVANCED
|
PFS, DH5
|
| 90 |
enable PFS with DH14 |
ADVANCED
|
PFS, DH14
|
|
2.1.1.9 Key Exchange Payload w/ PFS |
|
|
| 91 |
Key Exchange Payload
Format + DH1 *** |
ADVANCED
|
PFS, DH1
|
| 92 |
Key Exchange Payload
Format +DH2 ** |
ADVANCED
|
PFS
|
| 93 |
Key Exchange Payload
Format +DH5 |
ADVANCED
|
PFS, DH5
|
| 94 |
Key Exchange Payload
Format +DH14 |
ADVANCED
|
PFS, DH14
|
|
2.1.1.10 Nonce Payload |
|
|
| 95 |
Nonce Payload Format *** |
BASIC
|
|
|
2.1.1.11 Key Exchange Payload w/o PFS |
|
|
| 96 |
Key Exchange
Payload w/o PFS |
BASIC
|
|
|
2.1.1.12 Identification Payload |
|
|
| 97 |
Identification Payload
Format (Transport mode) *** |
BASIC
|
|
| 98 |
Identification
Payload Format (Tunnel mode vs SGW) *** |
ADVANCED
|
Tunnel mode
|
| 99 |
Identification
Payload Format (Tunnel mode vs HOST) *** |
ADVANCED
|
Tunnel mode
|
|
2.1.2 Receiving the fourth message (Informational
Exchange) |
|
|
| 100 |
set Commit
Bit (CONNECTED Notify Message) *** |
ADVANCED
|
Commit Bit
|
|
2.1.3 Implementation of Quick Mode |
|
|
| 101 |
ESP_3DES (Transport
mode) |
ADVANCED
|
ESP (without Authentication)
|
| 102 |
ESP_3DES and
HMAC-SHA (Transport mode) *** |
BASIC |
|
| 103 |
ESP_3DES and
HMAC-SHA with PFS *** |
ADVANCED
|
PFS
|
| 104 |
ESP_3DES (Tunnel
mode vs SGW) |
ADVANCED
|
Tunnel mode, ESP (without Authentication)
|
| 105 |
ESP_3DES and
HMAC-SHA (Tunnel mode vs SGW) *** |
ADVANCED
|
Tunnel mode
|
| 106 |
ESP_3DES (Tunnel
mode vs HOST) |
ADVANCED
|
Tunnel mode, ESP (without Authentication)
|
| 107 |
ESP_3DES and
HMAC-SHA (Tunnel mode vs HOST) *** |
ADVANCED
|
Tunnel mode
|
|
2.1.4 Modification of IPsec SA |
|
|
| 108 |
Using new SA for
outbound traffic ** |
BASIC |
|
| 109 |
Accept both old and
new SA for incoming traffic ** |
BASIC |
|
|
2.1.5 Anti-replay |
|
|
| 110 |
Increasing Sequence
Number |
BASIC |
|
| 111 |
Sequence Number
Verification |
ADVANCED
|
Receiver
|
|
2.2 Payload Processing |
|
|
|
2.2.1 General Message Processing |
|
|
| 112 |
Processing
invalid ISAKMP Payload Length * |
BASIC
|
|
|
2.2.2 ISKAMP Header Processing |
|
|
| 113 |
Processing
invalid Initiator Cookie field * |
BASIC |
|
| 114 |
Processing
invalid Next Payload field * |
BASIC |
|
| 115 |
Processing
invalid Major Version field (major 15, minor 0) * |
BASIC |
|
| 116 |
Processing
invalid Minor Version field (major 1, minor 15) * |
BASIC |
|
| 117 |
Processing
invalid Exchange Type field * |
BASIC |
|
| 118 |
Processing
invalid Flags field * |
BASIC |
|
| 119 |
Processing
invalid Message ID field * |
BASIC |
|
|
2.2.3 Generic Payload Header Processing |
|
|
| 120 |
Processing
invalid Next Payload field * |
BASIC |
|
| 121 |
Processing
invalid RESERVED field * |
BASIC |
|
|
2.2.4 Hash Payload Processing |
|
|
| 122 |
Processing
invalid Hash Payload * |
BASIC |
|
| 123 |
Processing
invalid Hash Data field * |
BASIC |
|
|
2.2.5 Security Association Payload Processing |
|
|
| 124 |
Processing
invalid Next Payload field * |
BASIC |
|
| 125 |
Processing
invalid DOI field * |
BASIC |
|
| 126 |
Processing
invalid Situation field * |
BASIC |
|
| 127 |
Processing
invalid proposal (ESP Authentication) * |
BASIC |
|
| 128 |
Processing
invalid proposal (Diffie-Hellman Group) * |
BASIC |
|
| 129 |
Processing
invalid proposal (Life Type) * |
BASIC |
|
| 130 |
Processing
invalid proposal (Encapsulation Mode) * |
BASIC |
|
|
2.2.6 Proposal Payload Processing |
|
|
| 131 |
Processing
invalid Protocol-ID field * |
BASIC |
|
| 132 |
Processing
invalid SPI field * |
BASIC |
|
| 133 |
Processing
invalid proposal * |
BASIC |
|
|
2.2.7 Transform Payload Processing |
|
|
| 134 |
Processing
invalid Transform-ID field * |
BASIC |
|
| 135 |
Processing
invalid Transform Payload * |
BASIC |
|
| 136 |
Attribute Parsing
Requirement (conflicting attributes) * |
BASIC |
|
| 137 |
Processing invalid
Multiple Proposal (Rejecting proposal) * |
BASIC |
|
|
2.2.8 Key Exchange Payload Processing |
|
|
| 138 |
Processing
invalid Key Exchange Data field * |
BASIC |
|
|
2.2.9 Identification Payload Processing |
|
|
| 139 |
Processing
invalid ID type field * |
BASIC |
|
| 140 |
Invalid Identification
Payload * |
BASIC |
|