ETSI TS 102 594 V1.2.0 (2008-04)

ETSI TS 102 594 V1.2.0 (2008-04)
Technical Specification


Methods for Testing and Specification (MTS);
Internet Protocol Testing (IPT): IPv6 Security;
Conformance Abstract Test Suite (ATS) and partial Protocol
Implementation eXtra Information for Testing (PIXIT) proforma


�

---------------------- Page: 1 ----------------------
2 ETSI TS 102 594 V1.2.0 (2008-04)



Reference
RTS/MTS-IPT-011[2]-IPv6-SecA
Keywords
IP, IPv6, security, testing, TTCN
ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
Individual copies of the present document can be downloaded from:
http://www.etsi.org
The present document may be made available in more than one electronic version or in print. In any case of existing or
perceived difference in contents between such versions, the reference version is the Portable Document Format (PDF).
In case of dispute, the reference shall be the printing on ETSI printers of the PDF version kept on a specific network drive
within ETSI Secretariat.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
http://portal.etsi.org/tb/status/status.asp
If you find errors in the present document, please send your comment to one of the following services:
http://portal.etsi.org/chaircor/ETSI_support.asp
Copyright Notification
Reproduction is only permitted for the purpose of standardization work undertaken within ETSI.
The copyright and the foregoing restrictions extend to reproduction in all media.


© European Telecommunications Standards Institute 2008.
All rights reserved.

TM TM TM TM
DECT , PLUGTESTS , UMTS , TIPHON , the TIPHON logo and the ETSI logo are Trade Marks of ETSI registered
for the benefit of its Members.
TM
3GPP is a Trade Mark of ETSI registered for the benefit of its Members and of the 3GPP Organizational Partners.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI TS 102 594 V1.2.0 (2008-04)
Contents
Intellectual Property Rights.5
Foreword.5
1 Scope.6
2 References.6
2.1 Normative references.6
2.2 Informative references.7
3 Definitions and abbreviations.7
3.1 Definitions.7
3.2 Abbreviations.8
4 Abstract Test Method (ATM).8
4.1 IKEv2/AH/ESP Tunnel Mode.8
4.2 IKEv2/AH/ESP Transport Mode.9
5 Untestable Test Purposes (TP) .10
6 ATS implementation details.10
6.1 Mobility Test Cleanup.10
6.1.1 Mobility Test Cleanup for MNUT.10
6.1.2 Mobility Test Cleanup for HAUT.11
6.1.3 Mobility Test Cleanup for CNUT.11
7 PCTR conformance.12
8 PIXIT conformance.12
9 ATS conformance.12
Annex A (normative): Abstract Test Suite (ATS) .13
A.1 The ATS in TTCN-3 core (text) format .13
Annex B (normative): Partial PIXIT proforma .14
B.1 Identification summary.14
B.2 ATS summary.14
B.3 Test laboratory.14
B.4 Client identification.14
B.5 SUT.15
B.6 Protocol layer information.15
B.6.1 Protocol identification.15
B.6.2 UDP ports.15
B.6.3 Security Parameters.16
B.6.3.1 AH and ESP testing .16
B.6.3.2 IKEv2 testing.16
B.6.4 Unknown IDs.17
Annex C (normative): PCTR proforma .18
C.1 Identification summary.18
C.1.1 Protocol conformance test report.18
C.1.2 IUT identification.18
C.1.3 Testing environment.18
C.1.4 Limits and reservation.19
C.1.5 Comments.19
ETSI

---------------------- Page: 3 ----------------------
4 ETSI TS 102 594 V1.2.0 (2008-04)
C.2 IUT Conformance status .19
C.3 Static conformance summary.19
C.4 Dynamic conformance summary.20
C.5 Static conformance review report.20
C.6 Test campaign report.21
C.7 Observations.23
History .24

ETSI

---------------------- Page: 4 ----------------------
5 ETSI TS 102 594 V1.2.0 (2008-04)
Intellectual Property Rights
IPRs essential or potentially essential to the present document may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (http://webapp.etsi.org/IPR/home.asp).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Foreword
This Technical Specification (TS) has been produced by ETSI Technical Committee Methods for Testing and
Specification (MTS).
ETSI

---------------------- Page: 5 ----------------------
6 ETSI TS 102 594 V1.2.0 (2008-04)
1 Scope
The present document specifies the Abstract Test Suite (ATS) for the mobility functions of the Internet Protocol,
Version 6, as defined in the specifications [11] through to [14]. The ATS is based on the requirements defined in the
IPv6 requirements catalogue (TS 102 558 [2]) and the IPv6 test purposes (ETSI TS 102 593 [3]) and written according
to the guidelines of TS 102 514 [16], ISO/IEC 9646-2 [5] and ETS 300 406 [9].
The objective of the present document is to provide a basis for conformance tests for IPv6 equipment giving a high
probability of inter-operability between different manufacturers' IPv6 equipments.
• Annex A provides the Tree and Tabular Combined Notation (TTCN-3) part of the ATS.
• Annex B provides the Partial Protocol Implementation Extra Information for Testing (PIXIT) Proforma of the
ATS.
• Annex C provides the Protocol Conformance Test Report (PCTR) Proforma of the ATS.
NOTE: Annex B provides only the PIXIT items relevant for the security functions of IPv6. It is therefore
necessary to also fill the core PIIXT item in TS 102 516 [15] to gain all PIXIT values needed to run the
mobility test campaign.
2 References
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific.
• For a specific reference, subsequent revisions do not apply.
• Non-specific reference may be made only to a complete document or a part thereof and only in the following
cases:
- if it is accepted that it will be possible to use all future changes of the referenced document for the
purposes of the referring document;
- for informative references.
Referenced documents which are not found to be publicly available in the expected location might be found at
http://docbox.etsi.org/Reference.
For online referenced documents, information sufficient to identify and locate the source shall be provided. Preferably,
the primary source of the referenced document should be cited, in order to ensure traceability. Furthermore, the
reference should, as far as possible, remain valid for the expected life of the document. The reference shall include the
method of access to the referenced document and the full network address, with the same punctuation and use of upper
case and lower case letters.
NOTE: While any hyperlinks included in this clause were valid at the time of publication ETSI cannot guarantee
their long term validity.
2.1 Normative references
The following referenced documents are indispensable for the application of the present document. For dated
references, only the edition cited applies. For non-specific references, the latest edition of the referenced document
(including any amendments) applies.
[1] ETSI TS 102 351: "Methods for Testing and Specification (MTS); Internet Protocol Testing (IPT);
IPv6 Testing: Methodology and Framework".
[2] ETSI TS 102 558: "Methods for Testing and Specification (MTS); Internet Protocol Testing (IPT):
IPv6 Security; Requirements Catalogue".
ETSI

---------------------- Page: 6 ----------------------
7 ETSI TS 102 594 V1.2.0 (2008-04)
[3] ETSI TS 102 593: "Methods for Testing and Specification (MTS); Internet Protocol Testing (IPT);
IPv6 Security; Conformance Test Suite Structure and Test Purposes (TSS&TP)".
[4] ISO/IEC 9646-1: "Information technology - Open Systems Interconnection - Conformance testing
methodology and framework - Part 1: General concepts".
[5] ISO/IEC 9646-2: "Information technology - Open Systems Interconnection - Conformance testing
methodology and framework - Part 2: Abstract Test Suite specification".
[6] ISO/IEC 9646-4: "Information technology - Open Systems Interconnection - Conformance testing
methodology and framework - Part 4: Test realization".
[7] ISO/IEC 9646-5: "Information technology - Open Systems Interconnection - Conformance testing
methodology and Framework - Part 5: Requirements on test laboratories and clients for the
conformance assessment process".
[8] ISO/IEC 9646-6: "Information technology - Open Systems Interconnection - Conformance testing
methodology and framework - Part 6: Protocol profile test specification".
[9] ETSI ETS 300 406: "Methods for Testing and Specification (MTS); Protocol and profile
conformance testing specifications; Standardization methodology".
[10] ETSI ES 201 873-1: "Methods for Testing and Specification (MTS); The Testing and Test Control
Notation version 3; Part 1: TTCN-3 Core Language".
[11] IETF RFC 4301: "Security Architecture for the Internet Protocol".
[12] IETF RFC 4302: "IP Authentication Header".
[13] IETF RFC 4303: "IP Encapsulating Security Payload (ESP)".
[14] IETF RFC 4306: "Internet Key Exchange (IKEv2) Protocol".
[15] ETSI TS 102 516: "Methods for Testing and Specification (MTS); Internet Protocol Testing (IPT):
IPv6 Core Protocol; Conformance Abstract Test Suite (ATS) and partial Protocol Implementation
eXtra Information for Testing (PIXIT) proforma".
[16] ETSI TS 102 514: "Methods for Testing and Specification (MTS); Internet Protocol Testing (IPT):
IPv6 Core Protocol; Requirements Catalogue".
2.2 Informative references
The following referenced documents are not essential to the use of the present document but they assist the user with
regard to a particular subject area. For non-specific references, the latest version of the referenced document (including
any amendments) applies.
Not applicable.
3 Definitions and abbreviations
3.1 Definitions
For the purposes of the present document, the following terms and definitions apply:
abstract test case: Refer to ISO/IEC 9646-1 [4].
Abstract Test Method (ATM): Refer to ISO/IEC 9646-1 [4].
Abstract Test Suite (ATS): Refer to ISO/IEC 9646-1 [4].
Implementation Under Test (IUT): Refer to ISO/IEC 9646-1 [4].
ETSI

---------------------- Page: 7 ----------------------
8 ETSI TS 102 594 V1.2.0 (2008-04)
Lower Tester (LT): Refer to ISO/IEC 9646-1 [4].
Test Purpose (TP): Refer to ISO/IEC 9646-1 [4].
3.2 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AH Authentication Header
ATM Abstract Test Method
ATS Abstract Test Suite
ESP Encapsulating Security Payload
ETS Executable Test Suite
IETF Internet Engineering Task Force
IKE Internet Key Exchange
IPv6 Internet Protocol version 6
IUT Implementation Under Test
MOT Means Of Testing
PCTR Protocol Conformance Test Report
PICS Protocol Implementation Conformance Statement
PIXIT Protocol Implementation eXtra Information for Testing
SUT System Under Test
TC Test Case
TP Test Purpose
TSS Test Suite Structure
TTCN-3 Testing and Test Control Notation version 3
UDP User Datagram Protocol
4 Abstract Test Method (ATM)
The present clause describes the ATM used to test the IPv6 security functions as defined in the RFC specifications [11]
through [14]. The two following configurations have been developed to test the two different modes for packet
exchange, tunnel mode and transport mode.
4.1 IKEv2/AH/ESP Tunnel Mode
CF_CORE_01 (TS 102 516 [15], clause 4) is extended with HS02 and used for IKEv2/AH/ESP Tunnel Mode. PTC01
simulates HS02 and RT01. The endpoints of communication are HS02 and NUT. Tunnel Start is RT01, Tunnel End is
NUT. In the case where security parameters are negotiated with IKEv2, it is RT01 which negotiates the IKE security
association.
ETSI

---------------------- Page: 8 ----------------------
9 ETSI TS 102 594 V1.2.0 (2008-04)
Test System PTC01
Communication
HS02
Endpoints
RT01
NUT
IKE negotiator
IKE negotiator
Net A
secured
connection

Figure 1: Tunnel Mode
4.2 IKEv2/AH/ESP Transport Mode
CF_CORE_01 (TS 102 516 [15], clause 4) is extended with HS02 and used for IKEv2/AH/ESP Transport Mode.
PTC01 simulates HS02 and RT01. The endpoints of communication are HS02 and NUT. In the case where security
parameters are negotiated with IKEv2, it is HS02 which negotiates the IKE security association. RT01 forwards all
communication from and to HS02.
Test System PTC01
HS02 Communication
Ike negotiator
Endpoints
RT01
NUT
Ike negotiator
Net A
secured
connection

Figure 2: Transport Mode
ETSI

---------------------- Page: 9 ----------------------
10 ETSI TS 102 594 V1.2.0 (2008-04)
5 Untestable Test Purposes (TP)
The ATS is comprised of 90 TC. Those were derived from a total of 103 TP.
The following 13 TP are not implemented in the ATS due to the chosen ATM or other restrictions:
TP_SEC_2042_01, TP_SEC_3059_01, TP_SEC_3107_01, TP_SEC_3107_02, TP_SEC_3108_01, TP_SEC_3108_02,
TP_SEC_3077_01, TP_SEC_3078_01, TC_SEC_6153_01, TC_SEC_6161_01, TC_SEC_6162_01,
TC_SEC_6164_01, TC_SEC_6164_02.
6 ATS implementation details
The following clauses describe the cleanup procedures used in this ATS.
Descriptions of the ATS conventions are found in TS 102 351 [1]. The ATS implementation details for the IPv6 core
test suite, including mapping procedures and ATS value conventions are found in TS 102 516 [15].
6.1 Mobility Test Cleanup
6.1.1 Mobility Test Cleanup for MNUT
At the end of each MNUT test case, the MNUT is brought back home as shown in figure 3. In addition, the MNUT's
neighbor cache regarding the HA is emptied with the Core Test Cleanup procedure.
MSC MNUT_TestCleanup
CN RT/HA MNUT
RA - visited net
RA - home net
(HA Flag is set
MIP-RA options )
BU
( H-bit is set
Lifetime =0)
BA
BU
(H-bit not set
Lifetime = 0)
BA

Figure 3: MNUT Test Cleanup
ETSI

---------------------- Page: 10 ----------------------
11 ETSI TS 102 594 V1.2.0 (2008-04)
6.1.2 Mobility Test Cleanup for HAUT
In order to empty the HAUT's binding cache, the MN sends a BU as shown in figure 4. In addition, the HAUT's
neighbor cache regarding the MN is emptied with the Core Test Cleanup procedure.
MSC HAUT_TestCleanup
MN HAUT
BU
(H-bit set
Lifetime = 0)
BA

Figure 4: HAUT Test Cleanup
6.1.3 Mobility Test Cleanup for CNUT
In order to deregister the MN from the CNUT, the CNUT's binding cache is emptied, by sending a BU from the home
network as shown in figure 5. In addition, the CNUT's neighbor cache regarding the HA is emptied with the Core Test
Cleanup procedure.
MSC CNUT_TestCleanup
MN CNUT
BU
(H-bit not set
Lifetime = 0 )
BA

Figur
...