Title

  Test IKEv2.EN.R.1.3.3.1: Non RESERVED fields in INFORMATIONAL request
  Part A: (BASIC)


Purpose

  To verify an IKEv2 device ignores the content of RESERVED filed in IKE messages.


References

  * [RFC 4306] - Sections 2.5


Test Setup

  * Network Topology
     Connect the devices according to the Common Topology.
  * Configuration
     In each part, configure the devices according to the Common Configuration.In addition,
     set IKE_SA Lifetime to 300 seconds and set CHILD_SA Lifetime to 30 seconds.
  * Pre-Sequence and Cleanup Sequence
     IKEv2 on the NUT is disabled after each part.


Procedure

   NUT                  TN1
(End-Node)           (End-Node)
    |                    |
    |<-------------------| IKE_SA_INIT request (HDR, SAi1, KEi, Ni)
    |                    | (Packet #1)
    |------------------->| IKE_SA_INIT response (HDR, SAr1, KEr, Nr)
    |                    | (Judgement #1)
    |                    |
    |<-------------------| IKE_AUTH request (HDR, SK {IDi, AUTH, N, SAi2, TSi, TSr})
    |                    | (Packet #2)
    |------------------->| IKE_AUTH response (HDR, SK {IDr, AUTH, N, SAr2, TSi, TSr})
    |                    | (Judgement #2)
    |                    |
    |<-------------------| INFORMATIONAL request (HDR, SK {})
    |                    | (Packet #3)
    |------------------->| INFORMATIONAL response (HDR, SK {})
    |                    | (Judgement #3)
    |                    |
    V                    V

N: USE_TRANSPORT_MODE
Packet #1 See Common Packet #1
Packet #2 See Common Packet #3
Packet #3 See Common Packet #17
All RESERVED fields are set to one.

  Part A: (BASIC)
     1. TN1 starts to negotiate with NUT by sending IKE_SA_INIT request.
     2. Observe the messages transmitted on Link A.
     3. After reception of IKE_AUTH response from the NUT, TN1 transmits an IKE_AUTH
        request to the NUT.
     4. Observe the messages transmitted on Link A.
     5. After reception of IKE_AUTH response from the NUT, TN1 transmits an
        INFORMATIONAL request with no payloads. All RESERVED fields in the message are set
        to one.
     6. Observe the messages transmitted on Link A.


Observable Result

  Part A
       Step 2: Judgment #1
       The NUT transmits an IKE_SA_INIT response including "ENCR_3DES",
       "PRF_HMAC_SHA1", "AUTH_HMAC_SHA1_96" and "D-H group 2" as accepted
       algorithms.
       Step 4: Judgment #2
       The NUT transmits an IKE_AUTH response including "ENCR_3DES",
       "AUTH_HMAC_SHA1_96" and "No Extended Sequence Numbers" as accepted algorithms.
       Step 6: Judgment #3
       The NUT transmits an INFORMATIONAL Response followed by an Encrypted payload with
       no payloads contained in it.


Possible Problems

  * None.