"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code
We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.
If you're serious about implementing protocols correctly, you need the Codenomicon tools."
-- Jeremy Allison,
Co Creator of Samba
Products by Protocol
IPsec Test Suite Data Sheet
- Test Suite: IPsec Test Suite
- Direction: NA
Internet Protocol Security (IPsec) is framework that offers
capabilities for securing IP packets. This test suite can be used
to test IPsec implementations for security flaws and robustness problems.
Used specifications
| Specification | Title |
|---|---|
| RFC768 | User Datagram Protocol |
| RFC791 | Internet Protocol Specification |
| RFC792 | Internet Control Message Protocol |
| RFC2402 | IP Authentication Header |
| RFC2406 | IP Encapsulating Security Payload (ESP) |
| RFC3173 | IP Payload Compression Protocol (IPComp) |
| RFC3948 | UDP Encapsulation of IPsec ESP Packets |
| RFC4302 | IP Authentication Header |
| RFC4303 | IP Encapsulating Security Payload (ESP) |
| RFC4305 | Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH) |
Test tool general features
- Fully automated black-box negative testing
- Ready-made test cases
- Written in Java(tm)
- GUI, command line, remote interface modes
- Instrumentation (health-check) capability
- Support and maintenance
- Comprehensive user documentation
- Results reporting and analysis
Tool-specific information
| Tested message elements | Specifications | |
|---|---|---|
| IPv4 header | RFC791 | |
| ICMP header | RFC792 | |
| IPComp header | RFC3173 | |
| Authentication header | RFC4302 | |
| Encapsulated Security Payload | RFC4303 | Interoperability not verified with the following message groups | Sub-Group |
| NAT-Traversal Transport | ESP, Keep-Alive | |
| NAT-Traversal Tunnel | ESP, Keep-Alive | Other features | Modes/Algorithms |
| IPsec tested with: | AH, ESP and AH+ESP both in transport and tunnel modes and with IPComp. | |
| Supported AH authentication algorithms and ESP integrity algorithms: | NULL, HMAC_SHA1-96, HMAC_MD5-96. | |
| Supported ESP crypto algorithms: | ESP-NULL, ESP-DES-CBC, ESP-DES3-CBC, ESP-AES-CBC128, ESP-AES-CBC192, ESP-AES-CBC256. | |
| NAT traversal for the ESP test cases is supported with UDP encapsulation. | ||
| Support for Asymmetric Security Association configuration. Separate SAs can be configured for inbound and outbound packets. | ||
| IPComp supports deflate compression. Deflate compression can be executed either with or without GZIP/PKZIP support. | ||
| IPsec SA for the test suite can be negotiated with ISAKMP Server Test Suite 3.0.0 or later. |
Select Protocol:
List of available test suites. Please note that the information in these sheets is subject to periodical change.
Test Tool Datasheet:
Contact Us:
Contact us for more information