Synopsys Completes Acquisition of WhiteHat Security Learn More

close search bar

Sorry, not available in this language yet

close language selection
IPsec Test Suite Data Sheet
Test Suite:
IPsec Test Suite
Direction:
NA

Internet Protocol Security (IPsec) is framework that offers capabilities for securing IP packets. This test suite can be used to test IPsec implementations for security flaws and robustness problems.

Used specifications

Specification
Title
Notes
RFC768
User Datagram Protocol
RFC791
Internet Protocol Specification
RFC792
Internet Control Message Protocol
RFC2402
IP Authentication Header
Obsoleted by RFC4302
RFC2406
IP Encapsulating Security Payload (ESP)
Obsoleted by RFC4303
RFC3173
IP Payload Compression Protocol (IPComp)
RFC3948
UDP Encapsulation of IPsec ESP Packets
RFC4106
The use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
RFC4302
IP Authentication Header
Obsoletes RFC2402
RFC4303
IP Encapsulating Security Payload (ESP)
Obsoletes RFC2406
RFC4304
Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association
RFC4305
Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
RFC4868
Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
RFC4494
The AES-CMAC-96 Algorithm and Its Use with IPsec
RFC4891
Using IPsec to Secure IPv6-in-IPv4 Tunnels

Tool-specific information

Tested message elements
Specifications
IPv4 header
RFC791
ICMP header
RFC792
IPComp header
RFC3173
Authentication header
RFC4302
Encapsulated Security Payload
RFC4303

Interoperability not verified with the following message groups
Sub-Group
NAT-Traversal Transport
ESP, Keep-Alive
NAT-Traversal Tunnel
ESP, Keep-Alive

Other features
Modes/Algorithms
IPsec tested with:

AH, ESP and AH+ESP both in transport and tunnel modes and with IPComp.

Supported AH authentication algorithms and ESP integrity algorithms:

NULL, HMAC_SHA1-96, HMAC_MD5-96, HMAC_SHA256-128, HMAC_SHA384-192, HMAC_SHA512-256.

Supported ESP crypto algorithms:

NULL, DES, DES3, AES-CBC128, AES-CBC192, AES-CBC256.

NAT traversal for the ESP test cases is supported with UDP encapsulation.

Support for Asymmetric Security Association configuration. Separate SAs can be configured for inbound and outbound packets.

IPComp supports deflate compression. Deflate compression can be executed either with or without GZIP/PKZIP support.

IPsec SA for the test suite can be negotiated with ISAKMP Server Test Suite 5.0.0 or later.

IPsec SA for the test suite can be negotiated with IKEv2 Server Test Suite 5.1.0 or later.

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis