#!/usr/bin/perl # # SCTP Conformance Test Suite Implementation # (C) Copyright Fujitsu Ltd. 2008, 2009 # # This file is part of the SCTP Conformance Test Suite implementation. # # The SCTP Conformance Test Suite implementation is free software; # you can redistribute it and/or modify it under the terms of # the GNU General Public License version 2 as published by # the Free Software Foundation. # # The SCTP Conformance Test Suite implementation is distributed in the # hope that it will be useful, but WITHOUT ANY WARRANTY; without even # the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR # PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU CC; see the file COPYING. If not, write to # the Free Software Foundation, 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. # # Please send any bug reports or fixes you make to the # email address(es): # networktest sctp # # Or submit a bug report through the following website: # http://networktest.sourceforge.net/ # # Written or modified by: # Hiroaki Kago # Wei Yongjun # # Any bugs reported given to us we will try to fix... any fixes shared will # be incorporated into the next SCTP release. # ############################################################################## BEGIN { $V6evalTool::TestVersion = '$Name: REL_1_0_0 $'; } use lib "../common"; use V6evalTool; use SCTP; %pktdesc = ( sctp_chunk_cookie_ack_rcv => "Recv SCTP CHUNK_COOKIE_ACK (with AUTH chunk)", sctp_chunk_sack_auth_rcv => "Recv SCTP CHUNK_SACK (with AUTH chunk)", sctp_chunk_shutdown_ack_rcv => "Recv SCTP CHUNK_SHUTDOWN_ACK (with AUTH chunk)", ); $IF0 = Link0; vCapture($IF0); sctpCheckEnv($IF0); sctpStartServer($IF0); vConnectAuth($IF0); vSendMsg($IF0, sctp_chunk_data_snd, sctp_chunk_sack_auth_rcv); vClose($IF0); vLogHTML(OK); exit $V6evalTool::exitPass; ###################################################################### __END__ =head1 NAME AuthSendWithChunkAuth.seq - Send all requested chunks that have been authenticated where this has been requested by the peer =head1 PURPOSE To verify that Endpoints will send all requested chunks that have been authenticated where this has been requested by the peer. =head1 SYNOPSIS =begin html

  ./AuthSendIgnoreChunkTypes.seq [-tooloption ...] -pkt ./AuthSendIgnoreChunkTypes.def
    -tooloption : v6eval tool option
  See Also: ../common/STD_PKT_COMMON.def
            ../common/SCTP_COMMON.def

=end html =head1 PRE-TEST CONDITION Association is not established between endpoint A and B. Arrange data in endpoint A such that INIT chunk with CHUNKS parameter. The chunk types for DATA, SACK, ABORT, SHUTDOWN, SHUTDOWN-ACK, COOKIE-ECHO and COOKIE-ACK chunks be listed in CHUNKS parameter. =head1 TEST PROCEDURE Endpoint A Endpoint B ULP (CLOSED) (CLOSED) INIT ------------------> (with CHUNKS parameter) <------------------ INIT-ACK (with AUTH capable) COOKIE-ECHO ------------------> <------------------ AUTH + COOKIE-ACK DATA ------------------> <------------------ AUTH + SACK <------------------ AUTH + SHUTDOWN SHUTDOWN-ACK ------------------> <------------------ SHUTDOWN-COMPLETE TEST DESCRIPTION: 1. Attempt to make an association from endpoint A to B. Send INIT message containing CHUNKS Parameter. The chunk types for DATA, SACK, ABORT, SHUTDOWN, SHUTDOWN-ACK, COOKIE-ECHO and COOKIE-ACK chunks be listed in CHUNKS parameter. 2. Check A: Association is established between endpoint A and B with AUTH capable. 3. Check B: DATA, SACK, ABORT, SHUTDOWN, SHUTDOWN-ACK, COOKIE-ECHO and COOKIE-ACK chunks should be received at endpoint A in authenticated way. =head1 NOTE None =head1 REFERENCE RFC 4895 6.2. Sending Authenticated Chunks =begin html

    Endpoints MUST send all requested chunks that have been authenticated
    where this has been requested by the peer.  The other chunks MAY be
    sent whether or not they have been authenticated.  If endpoint pair
    shared keys are used, one of them MUST be selected for
    authentication.

=end html To send chunks in an authenticated way, the sender MUST include these chunks after an AUTH chunk. This means that a sender MUST bundle chunks in order to authenticate them. If the endpoint has no endpoint pair shared key for the peer, it MUST use Shared Key Identifier zero with an empty endpoint pair shared key. If there are multiple endpoint shared keys the sender selects one and uses the corresponding Shared Key Identifier. The sender MUST calculate the Message Authentication Code (MAC) (as described in RFC 2104 [2]) using the hash function H as described by the HMAC Identifier and the shared association key K based on the endpoint pair shared key described by the Shared Key Identifier. The 'data' used for the computation of the AUTH-chunk is given by the AUTH chunk with its HMAC field set to zero (as shown in Figure 6) followed by all the chunks that are placed after the AUTH chunk in the SCTP packet. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type = 0x0F | Flags=0 | Chunk Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Shared Key Identifier | HMAC Identifier | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | \ 0 / / +-------------------------------\ | | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 6 Please note that all fields are in network byte order and that the field that will contain the complete HMAC is filled with zeroes. The length of the field shown as zero is the length of the HMAC described by the HMAC Identifier. The padding of all chunks being authenticated MUST be included in the HMAC computation. The sender fills the HMAC into the HMAC field and sends the packet. zz