#!/usr/bin/perl # # SCTP Conformance Test Suite Implementation # (C) Copyright Fujitsu Ltd. 2008, 2009 # # This file is part of the SCTP Conformance Test Suite implementation. # # The SCTP Conformance Test Suite implementation is free software; # you can redistribute it and/or modify it under the terms of # the GNU General Public License version 2 as published by # the Free Software Foundation. # # The SCTP Conformance Test Suite implementation is distributed in the # hope that it will be useful, but WITHOUT ANY WARRANTY; without even # the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR # PURPOSE. See the GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with GNU CC; see the file COPYING. If not, write to # the Free Software Foundation, 59 Temple Place - Suite 330, # Boston, MA 02111-1307, USA. # # Please send any bug reports or fixes you make to the # email address(es): # networktest sctp # # Or submit a bug report through the following website: # http://networktest.sourceforge.net/ # # Written or modified by: # Hiroaki Kago # Wei Yongjun # # Any bugs reported given to us we will try to fix... any fixes shared will # be incorporated into the next SCTP release. # ############################################################################## BEGIN { $V6evalTool::TestVersion = '$Name: REL_1_0_0 $'; } use lib "../common"; use V6evalTool; use SCTP; %pktdesc = ( sctp_chunk_cookie_echo_bad_md5 => "Send CHUNK_COOKIE_ECHO (with wrong MD5 signature)" ); $IF0 = Link0; vCapture($IF0); sctpCheckEnv($IF0); sctpStartServer($IF0); vLogHTML('================ Main Test ================='); vSend($IF0, sctp_chunk_init_snd); %ret = vWarpRecv3($IF0, 10, 0, 0, sctp_chunk_init_ack_rcv); if($ret{status} != 0 || $ret{recvFrame} ne sctp_chunk_init_ack_rcv) { vLogHTML('Cannot receive SCTP CHUNK_INIT_ACK
'); vLogHTML('NG'); exit $V6evalTool::exitFail; } sctpFetchInitField(\%ret); $BADCOOKIE = sctpMakeBadMD5Cookie($SCTP::CONF{'COOKIE'}); vWarpCPP("-DBADCOOKIE=hexstr\\\(\\\"$BADCOOKIE\\\"\\\) -DCOOKIE=hexstr\\\(\\\"$SCTP::CONF{'COOKIE'}\\\"\\\)"); vSend($IF0, sctp_chunk_cookie_echo_bad_md5); %ret = vWarpRecv($IF0, 10, 0, 0, sctp_chunk_cookie_ack_rcv); if($ret{status} == 0 && $ret{recvFrame} eq sctp_chunk_cookie_ack_rcv) { vLogHTML('Received unexpected SCTP CHUNK_COOKIE_ACK
'); vLogHTML('NG'); exit $V6evalTool::exitFail; } vSend($IF0, sctp_chunk_cookie_echo_snd); %ret = vWarpRecv($IF0, 10, 0, 0, sctp_chunk_cookie_ack_rcv); if($ret{status} != 0 || $ret{recvFrame} ne sctp_chunk_cookie_ack_rcv) { vLogHTML('Cannot receive SCTP CHUNK_COOKIE_ACK
'); vLogHTML('NG'); exit $V6evalTool::exitFail; } vSendMsg($IF0); vClose($IF0); vLogHTML(OK); exit $V6evalTool::exitPass; ###################################################################### __END__ =head1 NAME CookieEchoBadMD5.seq - COOKIE-ECHO chunk is received with wrong MD5 signature =head1 PURPOSE To check that if COOKIE-ECHO chunk is received with wrong MD5 signature then the endpoint should silent discard the COOKIE-ECHO chunk. =head1 SYNOPSIS =begin html
  ./CookieEchoBadMD5.seq [-tooloption ...] -pkt ./CookieEchoBadMD5.def
    -tooloption : v6eval tool option
  See Also: ../common/STD_PKT_COMMON.def
            ../common/SCTP_COMMON.def
=end html =head1 PRE-TEST CONDITION Association is not established between endpoint A and B. Arrange the data in endpoint A such that COOKIE-ECHO message is sent with MD5 signature different from received cookie in INIT-ACK. =head1 TEST PROCEDURE Endpoint A Endpoint B ULP (CLOSED) (CLOSED) <----- Associate INIT -----------------> <----------------- INIT-ACK COOKIE-ECHO -----------------> Silently discarded (with wrong MD5 signature) COOKIE-ECHO -----------------> <----------------- COOKIE-ACK TEST DESCRIPTION: 1. Try to initiate an association from endpoint A to B.Send COOKIE-ECHO message containing different MD5 signature from the one received in INIT-ACK. Record the message sequence using a signal emulator. 2. Check A: COOKIE-ECHO message is discarded. 3. Check B: Association remains in closed state. 4. Check C: COOKIE-ACK will not be sent from endpoint B. =head1 NOTE None =head1 REFERENCE RFC 4960 5.1.5. State Cookie Authentication When an endpoint receives a COOKIE ECHO chunk from another endpoint with which it has no association, it shall take the following actions: 1) Compute a MAC using the TCB data carried in the State Cookie and the secret key (note the timestamp in the State Cookie MAY be used to determine which secret key to use). [RFC2104] can be used as a guideline for generating the MAC, =begin html
    2)  Authenticate the State Cookie as one that it previously generated
        by comparing the computed MAC against the one carried in the
        State Cookie.  If this comparison fails, the SCTP packet,
        including the COOKIE ECHO and any DATA chunks, should be silently
        discarded,
=end html 3) Compare the port numbers and the Verification Tag contained within the COOKIE ECHO chunk to the actual port numbers and the Verification Tag within the SCTP common header of the received packet. If these values do not match, the packet MUST be silently discarded.