Synopsys Software Integrity Group is now operating as Black Duck Software, Inc., a subsidiary of Synopsys. Click to learn more.

close search bar

Sorry, not available in this language yet

close language selection
IPsec Test Suite Data Sheet
Test Suite:
IPsec Test Suite
Direction:
Client or Server

Internet Protocol security (IPsec) is a protocol framework that offers methods for securing and authenticating the IP packets that are traversing through the Internet network. IPsec supports peer authentication, data origin authentication, data integrity and data confidentiality. This test suite can be used to test IPsec implementations for security flaws and robustness problems. This test suite cannot be used in IPv6 networks, instead IPv6 test suite is the suite that can be used to test IPv6 IPsec implementations.

Used specifications

Specification
Title
Notes
RFC768
User Datagram Protocol
RFC791
Internet Protocol Specification
RFC792
Internet Control Message Protocol
RFC2402
IP Authentication Header
Obsoleted by RFC4302
RFC2406
IP Encapsulating Security Payload (ESP)
Obsoleted by RFC4303
RFC3173
IP Payload Compression Protocol (IPComp)
RFC3948
UDP Encapsulation of IPsec ESP Packets
RFC4106
The use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
RFC4302
IP Authentication Header
Obsoletes RFC2402
RFC4303
IP Encapsulating Security Payload (ESP)
Obsoletes RFC2406
RFC4304
Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association
RFC4305
Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
RFC4868
Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec
RFC4494
The AES-CMAC-96 Algorithm and Its Use with IPsec
RFC4891
Using IPsec to Secure IPv6-in-IPv4 Tunnels

Tool-specific information

Tested message elements
Specifications
IPv4 header

RFC791

ICMP header

RFC792

IPComp header

RFC3173

Authentication header

RFC4302

Encapsulated Security Payload

RFC4303

Interoperability not verified with the following message groups
Sub-Group
NAT-Traversal Transport

ESP, Keep-Alive

NAT-Traversal Tunnel

ESP, Keep-Alive

Other features
Modes/Algorithms
IPsec tested with:

AH, ESP and AH+ESP both in transport and tunnel modes and with IPComp.

Supported AH authentication algorithms and ESP integrity algorithms:

NULL, HMAC_SHA1-96, HMAC_MD5-96, HMAC_SHA256-128, HMAC_SHA384-192, HMAC_SHA512-256.

Supported ESP crypto algorithms:

NULL, DES, DES3, AES-CBC128, AES-CBC192, AES-CBC256.

NAT traversal for the ESP test cases is supported with UDP encapsulation.

Support for Asymmetric Security Association configuration. Separate SAs can be configured for inbound and outbound packets.

IPComp supports deflate compression. Deflate compression can be executed either with or without GZIP/PKZIP support.

IPsec SA for the test suite can be negotiated with ISAKMP Server Test Suite 5.0.0 or later.

IPsec SA for the test suite can be negotiated with IKEv2 Server Test Suite 5.1.0 or later.

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis