AuthSendWithChunkAuth.seq - Send all requested chunks that have been authenticated where this has been requested by the peer
To verify that Endpoints will send all requested chunks that have been authenticated where this has been requested by the peer.
./AuthSendIgnoreChunkTypes.seq [-tooloption ...] -pkt ./AuthSendIgnoreChunkTypes.def
-tooloption : v6eval tool option
See Also: ../common/STD_PKT_COMMON.def
../common/SCTP_COMMON.def
Association is not established between endpoint A and B. Arrange data in endpoint A such that INIT chunk with CHUNKS parameter. The chunk types for DATA, SACK, ABORT, SHUTDOWN, SHUTDOWN-ACK, COOKIE-ECHO and COOKIE-ACK chunks be listed in CHUNKS parameter.
Endpoint A Endpoint B ULP (CLOSED) (CLOSED)
INIT ------------------>
(with CHUNKS parameter)
<------------------ INIT-ACK
(with AUTH capable)
COOKIE-ECHO ------------------>
<------------------ AUTH + COOKIE-ACK
DATA ------------------>
<------------------ AUTH + SACK
<------------------ AUTH + SHUTDOWN
SHUTDOWN-ACK ------------------>
<------------------ SHUTDOWN-COMPLETE
TEST DESCRIPTION:
1. Attempt to make an association from endpoint A to B. Send INIT
message containing CHUNKS Parameter. The chunk types for DATA,
SACK, ABORT, SHUTDOWN, SHUTDOWN-ACK, COOKIE-ECHO and COOKIE-ACK
chunks be listed in CHUNKS parameter.
2. Check A: Association is established between endpoint A and B
with AUTH capable.
3. Check B: DATA, SACK, ABORT, SHUTDOWN, SHUTDOWN-ACK, COOKIE-ECHO
and COOKIE-ACK chunks should be received at endpoint A in
authenticated way.
None
RFC 4895
6.2. Sending Authenticated Chunks
Endpoints MUST send all requested chunks that have been authenticated
where this has been requested by the peer. The other chunks MAY be
sent whether or not they have been authenticated. If endpoint pair
shared keys are used, one of them MUST be selected for
authentication.
To send chunks in an authenticated way, the sender MUST include these
chunks after an AUTH chunk. This means that a sender MUST bundle
chunks in order to authenticate them.
If the endpoint has no endpoint pair shared key for the peer, it MUST
use Shared Key Identifier zero with an empty endpoint pair shared
key. If there are multiple endpoint shared keys the sender selects
one and uses the corresponding Shared Key Identifier.
The sender MUST calculate the Message Authentication Code (MAC) (as
described in RFC 2104 [2]) using the hash function H as described by
the HMAC Identifier and the shared association key K based on the
endpoint pair shared key described by the Shared Key Identifier. The
'data' used for the computation of the AUTH-chunk is given by the
AUTH chunk with its HMAC field set to zero (as shown in Figure 6)
followed by all the chunks that are placed after the AUTH chunk in
the SCTP packet.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type = 0x0F | Flags=0 | Chunk Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Shared Key Identifier | HMAC Identifier |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
\ 0 /
/ +-------------------------------\
| | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 6
Please note that all fields are in network byte order and that the
field that will contain the complete HMAC is filled with zeroes. The
length of the field shown as zero is the length of the HMAC described
by the HMAC Identifier. The padding of all chunks being
authenticated MUST be included in the HMAC computation.
The sender fills the HMAC into the HMAC field and sends the packet.
zz