CookieEchoBadMD5.seq - COOKIE-ECHO chunk is received with wrong MD5 signature
To check that if COOKIE-ECHO chunk is received with wrong MD5 signature
then the endpoint should silent discard the COOKIE-ECHO chunk.
./CookieEchoBadMD5.seq [-tooloption ...] -pkt ./CookieEchoBadMD5.def
-tooloption : v6eval tool option
See Also: ../common/STD_PKT_COMMON.def
../common/SCTP_COMMON.def
Association is not established between endpoint A and B. Arrange the data
in endpoint A such that COOKIE-ECHO message is sent with MD5 signature
different from received cookie in INIT-ACK.
Endpoint A Endpoint B ULP
(CLOSED) (CLOSED)
<----- Associate
INIT ----------------->
<----------------- INIT-ACK
COOKIE-ECHO -----------------> Silently discarded
(with wrong MD5 signature)
COOKIE-ECHO ----------------->
<----------------- COOKIE-ACK
TEST DESCRIPTION:
1. Try to initiate an association from endpoint A to B.Send COOKIE-ECHO
message containing different MD5 signature from the one received in
INIT-ACK.
Record the message sequence using a signal emulator.
2. Check A: COOKIE-ECHO message is discarded.
3. Check B: Association remains in closed state.
4. Check C: COOKIE-ACK will not be sent from endpoint B.
None
RFC 4960
5.1.5. State Cookie Authentication
When an endpoint receives a COOKIE ECHO chunk from another endpoint
with which it has no association, it shall take the following
actions:
1) Compute a MAC using the TCB data carried in the State Cookie and
the secret key (note the timestamp in the State Cookie MAY be
used to determine which secret key to use). [RFC2104] can be
used as a guideline for generating the MAC,
2) Authenticate the State Cookie as one that it previously generated
by comparing the computed MAC against the one carried in the
State Cookie. If this comparison fails, the SCTP packet,
including the COOKIE ECHO and any DATA chunks, should be silently
discarded,
3) Compare the port numbers and the Verification Tag contained
within the COOKIE ECHO chunk to the actual port numbers and the
Verification Tag within the SCTP common header of the received
packet. If these values do not match, the packet MUST be
silently discarded.