ETSI TS 102 594-2008 Methods for Testing and Specification (MTS) Internet Protocol Testing (IPT) IPv6 Security Conformance Abstract Test Suite (ATS) and partial Protocol Implementao.pdf

1、 ETSI TS 102 594 V1.2.0 (2008-04)Technical Specification Methods for Testing and Specification (MTS);Internet Protocol Testing (IPT): IPv6 Security;Conformance Abstract Test Suite (ATS) and partial ProtocolImplementation eXtra Information for Testing (PIXIT) proformafloppy3 ETSI ETSI TS 102 594 V1.2

2、.0 (2008-04) 2 Reference RTS/MTS-IPT-0112-IPv6-SecA Keywords IP, IPv6, security, testing, TTCN ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N 348 623 562 00017 - NAF 742 C Association but non lucratif enregistre la Sous-Prfe

3、cture de Grasse (06) N 7803/88 Important notice Individual copies of the present document can be downloaded from: http:/www.etsi.org The present document may be made available in more than one electronic version or in print. In any case of existing or perceived difference in contents between such ve

4、rsions, the reference version is the Portable Document Format (PDF). In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to

5、 revision or change of status. Information on the current status of this and other ETSI documents is available at http:/portal.etsi.org/tb/status/status.asp If you find errors in the present document, please send your comment to one of the following services: http:/portal.etsi.org/chaircor/ETSI_supp

6、ort.asp Copyright Notification Reproduction is only permitted for the purpose of standardization work undertaken within ETSI. The copyright and the foregoing restrictions extend to reproduction in all media. European Telecommunications Standards Institute 2008. All rights reserved. DECTTM, PLUGTESTS

7、TM, UMTSTM, TIPHONTM, the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered for the benefit of its Members. 3GPPTM is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners. ETSI ETSI TS 102 594 V1.2.0 (2008-04) 3 Contents Intellectual P

8、roperty Rights5 Foreword.5 1 Scope 6 2 References 6 2.1 Normative references .6 2.2 Informative references7 3 Definitions and abbreviations.7 3.1 Definitions7 3.2 Abbreviations .8 4 Abstract Test Method (ATM).8 4.1 IKEv2/AH/ESP Tunnel Mode8 4.2 IKEv2/AH/ESP Transport Mode9 5 Untestable Test Purposes

9、 (TP) .10 6 ATS implementation details.10 6.1 Mobility Test Cleanup10 6.1.1 Mobility Test Cleanup for MNUT10 6.1.2 Mobility Test Cleanup for HAUT.11 6.1.3 Mobility Test Cleanup for CNUT.11 7 PCTR conformance 12 8 PIXIT conformance12 9 ATS conformance 12 Annex A (normative): Abstract Test Suite (ATS)

10、 .13 A.1 The ATS in TTCN-3 core (text) format .13 Annex B (normative): Partial PIXIT proforma 14 B.1 Identification summary.14 B.2 ATS summary 14 B.3 Test laboratory14 B.4 Client identification14 B.5 SUT 15 B.6 Protocol layer information15 B.6.1 Protocol identification 15 B.6.2 UDP ports.15 B.6.3 Se

11、curity Parameters16 B.6.3.1 AH and ESP testing 16 B.6.3.2 IKEv2 testing16 B.6.4 Unknown IDs .17 Annex C (normative): PCTR proforma .18 C.1 Identification summary.18 C.1.1 Protocol conformance test report18 C.1.2 IUT identification.18 C.1.3 Testing environment.18 C.1.4 Limits and reservation19 C.1.5

12、Comments.19 ETSI ETSI TS 102 594 V1.2.0 (2008-04) 4 C.2 IUT Conformance status 19 C.3 Static conformance summary .19 C.4 Dynamic conformance summary20 C.5 Static conformance review report.20 C.6 Test campaign report21 C.7 Observations.23 History 24 ETSI ETSI TS 102 594 V1.2.0 (2008-04) 5 Intellectua

13、l Property Rights IPRs essential or potentially essential to the present document may have been declared to ETSI. The information pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found in ETSI SR 000 314: “Intellectual Property Rights (IP

14、Rs); Essential, or potentially Essential, IPRs notified to ETSI in respect of ETSI standards“, which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web server (http:/webapp.etsi.org/IPR/home.asp). Pursuant to the ETSI IPR Policy, no investigation, including IPR sear

15、ches, has been carried out by ETSI. No guarantee can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web server) which are, or may be, or may become, essential to the present document. Foreword This Technical Specification (TS) has been produc

16、ed by ETSI Technical Committee Methods for Testing and Specification (MTS). ETSI ETSI TS 102 594 V1.2.0 (2008-04) 6 1 Scope The present document specifies the Abstract Test Suite (ATS) for the mobility functions of the Internet Protocol, Version 6, as defined in the specifications 11 through to 14.

17、The ATS is based on the requirements defined in the IPv6 requirements catalogue (TS 102 558 2) and the IPv6 test purposes (ETSI TS 102 593 3) and written according to the guidelines of TS 102 514 16, ISO/IEC 9646-2 5 and ETS 300 406 9. The objective of the present document is to provide a basis for

18、conformance tests for IPv6 equipment giving a high probability of inter-operability between different manufacturers IPv6 equipments. Annex A provides the Tree and Tabular Combined Notation (TTCN-3) part of the ATS. Annex B provides the Partial Protocol Implementation Extra Information for Testing (P

19、IXIT) Proforma of the ATS. Annex C provides the Protocol Conformance Test Report (PCTR) Proforma of the ATS. NOTE: Annex B provides only the PIXIT items relevant for the security functions of IPv6. It is therefore necessary to also fill the core PIIXT item in TS 102 516 15 to gain all PIXIT values n

20、eeded to run the mobility test campaign. 2 References References are either specific (identified by date of publication and/or edition number or version number) or non-specific. For a specific reference, subsequent revisions do not apply. Non-specific reference may be made only to a complete documen

21、t or a part thereof and only in the following cases: - if it is accepted that it will be possible to use all future changes of the referenced document for the purposes of the referring document; - for informative references. Referenced documents which are not found to be publicly available in the ex

22、pected location might be found at http:/docbox.etsi.org/Reference. For online referenced documents, information sufficient to identify and locate the source shall be provided. Preferably, the primary source of the referenced document should be cited, in order to ensure traceability. Furthermore, the

23、 reference should, as far as possible, remain valid for the expected life of the document. The reference shall include the method of access to the referenced document and the full network address, with the same punctuation and use of upper case and lower case letters. NOTE: While any hyperlinks incl

24、uded in this clause were valid at the time of publication ETSI cannot guarantee their long term validity. 2.1 Normative references The following referenced documents are indispensable for the application of the present document. For dated references, only the edition cited applies. For non-specific

25、references, the latest edition of the referenced document (including any amendments) applies. 1 ETSI TS 102 351: “Methods for Testing and Specification (MTS); Internet Protocol Testing (IPT); IPv6 Testing: Methodology and Framework“. 2 ETSI TS 102 558: “Methods for Testing and Specification (MTS); I

26、nternet Protocol Testing (IPT): IPv6 Security; Requirements Catalogue“. ETSI ETSI TS 102 594 V1.2.0 (2008-04) 7 3 ETSI TS 102 593: “Methods for Testing and Specification (MTS); Internet Protocol Testing (IPT); IPv6 Security; Conformance Test Suite Structure and Test Purposes (TSS Protocol and profil

27、e conformance testing specifications; Standardization methodology“. 10 ETSI ES 201 873-1: “Methods for Testing and Specification (MTS); The Testing and Test Control Notation version 3; Part 1: TTCN-3 Core Language“. 11 IETF RFC 4301: “Security Architecture for the Internet Protocol“. 12 IETF RFC 430

28、2: “IP Authentication Header“. 13 IETF RFC 4303: “IP Encapsulating Security Payload (ESP)“. 14 IETF RFC 4306: “Internet Key Exchange (IKEv2) Protocol“. 15 ETSI TS 102 516: “Methods for Testing and Specification (MTS); Internet Protocol Testing (IPT): IPv6 Core Protocol; Conformance Abstract Test Sui

29、te (ATS) and partial Protocol Implementation eXtra Information for Testing (PIXIT) proforma“. 16 ETSI TS 102 514: “Methods for Testing and Specification (MTS); Internet Protocol Testing (IPT): IPv6 Core Protocol; Requirements Catalogue“. 2.2 Informative references The following referenced documents

30、are not essential to the use of the present document but they assist the user with regard to a particular subject area. For non-specific references, the latest version of the referenced document (including any amendments) applies. Not applicable. 3 Definitions and abbreviations 3.1 Definitions For t

31、he purposes of the present document, the following terms and definitions apply: abstract test case: Refer to ISO/IEC 9646-1 4. Abstract Test Method (ATM): Refer to ISO/IEC 9646-1 4. Abstract Test Suite (ATS): Refer to ISO/IEC 9646-1 4. Implementation Under Test (IUT): Refer to ISO/IEC 9646-1 4. ETSI

32、 ETSI TS 102 594 V1.2.0 (2008-04) 8 Lower Tester (LT): Refer to ISO/IEC 9646-1 4. Test Purpose (TP): Refer to ISO/IEC 9646-1 4. 3.2 Abbreviations For the purposes of the present document, the following abbreviations apply: AH Authentication Header ATM Abstract Test Method ATS Abstract Test Suite ESP

33、 Encapsulating Security Payload ETS Executable Test Suite IETF Internet Engineering Task Force IKE Internet Key Exchange IPv6 Internet Protocol version 6 IUT Implementation Under Test MOT Means Of Testing PCTR Protocol Conformance Test Report PICS Protocol Implementation Conformance Statement PIXIT

34、Protocol Implementation eXtra Information for Testing SUT System Under Test TC Test Case TP Test Purpose TSS Test Suite Structure TTCN-3 Testing and Test Control Notation version 3 UDP User Datagram Protocol 4 Abstract Test Method (ATM) The present clause describes the ATM used to test the IPv6 secu

35、rity functions as defined in the RFC specifications 11 through 14. The two following configurations have been developed to test the two different modes for packet exchange, tunnel mode and transport mode. 4.1 IKEv2/AH/ESP Tunnel Mode CF_CORE_01 (TS 102 516 15, clause 4) is extended with HS02 and use

36、d for IKEv2/AH/ESP Tunnel Mode. PTC01 simulates HS02 and RT01. The endpoints of communication are HS02 and NUT. Tunnel Start is RT01, Tunnel End is NUT. In the case where security parameters are negotiated with IKEv2, it is RT01 which negotiates the IKE security association. ETSI ETSI TS 102 594 V1.

37、2.0 (2008-04) 9 NUT IKE negotiator RT01 IKE negotiator Net A Test System PTC01 HS02 Communication Endpoints secured connection Figure 1: Tunnel Mode 4.2 IKEv2/AH/ESP Transport Mode CF_CORE_01 (TS 102 516 15, clause 4) is extended with HS02 and used for IKEv2/AH/ESP Transport Mode. PTC01 simulates HS

38、02 and RT01. The endpoints of communication are HS02 and NUT. In the case where security parameters are negotiated with IKEv2, it is HS02 which negotiates the IKE security association. RT01 forwards all communication from and to HS02. NUT Ike negotiator Net A Test System PTC01 HS02 Ike negotiator RT

39、01 Communication Endpoints secured connection Figure 2: Transport Mode ETSI ETSI TS 102 594 V1.2.0 (2008-04) 105 Untestable Test Purposes (TP) The ATS is comprised of 90 TC. Those were derived from a total of 103 TP. The following 13 TP are not implemented in the ATS due to the chosen ATM or other r

40、estrictions: TP_SEC_2042_01, TP_SEC_3059_01, TP_SEC_3107_01, TP_SEC_3107_02, TP_SEC_3108_01, TP_SEC_3108_02, TP_SEC_3077_01, TP_SEC_3078_01, TC_SEC_6153_01, TC_SEC_6161_01, TC_SEC_6162_01, TC_SEC_6164_01, TC_SEC_6164_02. 6 ATS implementation details The following clauses describe the cleanup procedu

41、res used in this ATS. Descriptions of the ATS conventions are found in TS 102 351 1. The ATS implementation details for the IPv6 core test suite, including mapping procedures and ATS value conventions are found in TS 102 516 15. 6.1 Mobility Test Cleanup 6.1.1 Mobility Test Cleanup for MNUT At the e

42、nd of each MNUT test case, the MNUT is brought back home as shown in figure 3. In addition, the MNUTs neighbor cache regarding the HA is emptied with the Core Test Cleanup procedure. MNUTCN RT/HAMSC MNUT_TestCleanupBU( H-bit is setLifetime =0)BABU(H-bit not setLifetime = 0)BARA - home net(HA Flag is

43、 setMIP-RA options )RA - visited netFigure 3: MNUT Test Cleanup ETSI ETSI TS 102 594 V1.2.0 (2008-04) 116.1.2 Mobility Test Cleanup for HAUT In order to empty the HAUTs binding cache, the MN sends a BU as shown in figure 4. In addition, the HAUTs neighbor cache regarding the MN is emptied with the C

44、ore Test Cleanup procedure. MN HAUTMSC HAUT_TestCleanupBU(H-bit setLifetime = 0)BAFigure 4: HAUT Test Cleanup 6.1.3 Mobility Test Cleanup for CNUT In order to deregister the MN from the CNUT, the CNUTs binding cache is emptied, by sending a BU from the home network as shown in figure 5. In addition,

45、 the CNUTs neighbor cache regarding the HA is emptied with the Core Test Cleanup procedure. MN CNUTMSC CNUT_TestCleanupBU(H-bit not setLifetime = 0 )BAFigure 5: CNUT Test Cleanup ETSI ETSI TS 102 594 V1.2.0 (2008-04) 127 PCTR conformance A test laboratory, when requested by a client to produce a PCT

46、R, is required, as specified in ISO/IEC 9646-5 7, to produce a PCTR conformant with the PCTR template given in annex B of ISO/IEC 9646-5 7. Furthermore, a test laboratory, offering testing for the ATS specification contained in annex C, when requested by a client to produce a PCTR, is required to pr

47、oduce a PCTR conformant with the PCTR proforma contained in annex A. A PCTR which conforms to this PCTR proforma specification shall preserve the content and ordering of the clauses contained in annex A. Clause A.6 of the PCTR may contain additional columns. If included, these shall be placed to the

48、 right of the existing columns. Text in italics may be retained by the test laboratory. 8 PIXIT conformance A test realizer, producing an executable test suite for the Abstract Test Suite (ATS) specification contained in annex C, is required, as specified in ISO/IEC 9646-4 6, to produce an augmented

49、 partial PIXIT proforma conformant with this partial PIXIT proforma specification. An augmented partial PIXIT proforma which conforms to this partial PIXIT proforma specification shall, as a minimum, have contents which are technically equivalent to annex B. The augmented partial PIXIT proforma may contain additional questions that need to be answered in order to prepare the Means Of Testing (MOT) for a particular Implementation Under Test (IUT). A test laboratory, offering testing for the ATS s