"The Codenomicon tools are amazing. Using them is like being attacked by the most relentless adversary who uses every possible method to find flaws in your code
We fixed subtle crash bugs in Samba that had been in the code for over ten years. We would never have found those bugs without the Codenomicon tools.
If you're serious about implementing protocols correctly, you need the Codenomicon tools."
-- Jeremy Allison,
Co Creator of Samba
Products by Protocol
ISAKMP Server Test Suite Data Sheet
- Test Suite: ISAKMP Server Test Suite
- Direction: Server
ISAKMP is a generic key management and security association creation protocol
for use in TCP/IP networks. IKE is an implementation of ISAKMP used for IPSEC
key management. This test suite can be used to
test ISAKMP server implementations for security flaws and
robustness problems.
Used specifications
| Specification | Title |
|---|---|
| RFC2407 | The Internet IP Security Domain of Interpretation for ISAKMP |
| RFC2408 | Internet Security Association and Key Management Protocol |
| RFC2409 | Internet Key Exchange |
| RFC2857 | The Use of HMAC-RIPEMD-160-96 within ESP and AH |
| RFC3051 | IP Payload Compression Using ITU-T V.44 Packet Method |
| RFC3526 | More Modular Exponential Diffie-Hellman Groups for IKE |
| RFC3547 | The Group Domain of Interpretation |
| RFC3554 | On the Use of Stream Control Transmission Protocol (SCTP) with IPsec |
| RFC3566 | The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec |
| RFC3602 | The AES-CBC Cipher Algorithm and Its Use with IPsec |
| RFC3686 | Using Advanced Encryption Standard (AES) Counter Mode With IPsec Encapsulating Security Payload (ESP) |
| RFC3706 | A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers |
| RFC3947 | Negotiation of NAT Traversal in IKE |
| RFC4106 | The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP) |
| RFC4196 | The SEED Cipher Algorithm and Its Use with IPsec |
| RFC4304 | Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP) |
| RFC4312 | The Camellia Cipher Algorithm and Its Use With IPsec |
| RFC4359 | The Use of RSA/SHA-1 Signatures within Encapsulating Security Payload (ESP) and Authentication Header (AH) |
| RFC4705 | GigaBeam High-Speed Radio Link Encryption |
| RFC4868 | Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec |
| RFC5114 | Additional Diffie-Hellman Groups for Use with IETF Standards |
| Draft-beaulieu-ike-xauth | Extended Authentication within IKE (XAUTH) |
| Draft-dukes-ike-mode-cfg | Configuration mode for IKE |
Test tool general features
- Fully automated black-box negative testing
- Ready-made test cases
- Written in Java(tm)
- GUI, command line, remote interface modes
- Instrumentation (health-check) capability
- Support and maintenance
- Comprehensive user documentation
- Results reporting and analysis
Tool-specific information
| Tested messages | Notes | Specifications |
|---|---|---|
| Exchange types specified in ISAKMP and IKE | ||
| MODE_CFG and DPD exchanges | ||
| Payloads specified in ISAKMP |
Select Protocol:
List of available test suites. Please note that the information in these sheets is subject to periodical change.
Test Tool Datasheet:
Contact Us:
Contact us for more information