Test Specification:
Conformance Test For IPv4 IPsec
(for router)

No.Title

Host Transport Mode

Initialize for Host
1Set Global Address and Check (Host)

Host Transport AH Outbound

Host Transport AH Outbound with authentication
2Outbound AH packet (HMAC-MD5)
3Outbound AH packet (HMAC-SHA1)

Host Transport AH Outbound Header Order
4Outbound Header Order (Fragment Header vs AH)

Host Transport AH Outbound Connect SA bundles
5Connect two SA bundles with different spi, different IPdst
6Connect two SA bundles with same spi, different IPdst

Host Transport AH Inbound

Host Transport AH Inbound with authentication
7Inbound AH packet (HMAC-MD5)
8Inbound AH packet (HMAC-SHA1)

Host Transport AH Inbound Header Order
9Inbound Header Order (Fragment Header vs AH)

Host Transport AH Inbound Connect SA bundles
10Connect two SA bundles with different spi, different IPsrc
11Connect two SA bundles with different spi, same IPsrc

Host Transport AH Inbound, Detect modification of packet with AH
12Detect modification of IPv4 header IP dst address with AH
13Detect modification of IPv4 header IP src address with AH
14Undetect modification of IPv4 header TTL with AH
15Detect modification of payload with AH

Host Transport ESP Outbound

ESP Outbound without authentication
16Outbound ESP packet (DES-CBC)
17Outbound ESP packet (3DES-CBC)

ESP Outbound with authentication
18Outbound ESP packet (NULL, HMAC-MD5)
19Outbound ESP packet (NULL, HMAC-SHA1)
20Outbound ESP packet (DES-CBC, HMAC-MD5)
21Outbound ESP packet (DES-CBC, HMAC-SHA1)
22Outbound ESP packet (3DES-CBC, HMAC-MD5)
23Outbound ESP packet (3DES-CBC, HMAC-SHA1)

ESP Outbound Padding
24Outbound Padding (NULL, HMAC-MD5)
25Outbound Padding (DES-CBC, HMAC-MD5)
26Outbound Padding (3DES-CBC, HMAC-MD5)

ESP Outbound Header Order
27Header Order (Fragment Header vs ESP)

ESP Outbound Connect SA bundles
28Connect two SA bundles with different spi, different IPdst
29Connect two SA bundles with same spi, different IPdst

Host Transport ESP Inbound

ESP Inbound without authentication
30Inbound ESP packet (DES-CBC)
31Inbound ESP packet (3DES-CBC)
32Inbound ESP packet (Invalid Encryption Key)

ESP Inbound with authentication
33Inbound ESP packet (NULL, HMAC-MD5)
34Inbound ESP packet (NULL, HMAC-SHA1)
35Inbound ESP packet (DES-CBC, HMAC-MD5)
36Inbound ESP packet (DES-CBC, HMAC-SHA1)
37Inbound ESP packet (3DES-CBC, HMAC-MD5)
38Inbound ESP packet (3DES-CBC, HMAC-SHA1)
39Inbound ESP packet (Invalid Authentication Key)

ESP Inbound Padding
40Inbound Padding (NULL, HMAC-MD5)
41Inbound Padding (DES-CBC, HMAC-MD5)
42Inbound Padding (3DES-CBC, HMAC-MD5)
43Padding Length is 255 (max)
44Invalid Padding

ESP Inbound Header Order
45Header Order (Fragment Header vs ESP)

ESP Inbound Connect SA bundles
46Connect two SA bundles with different spi, different IPsrc
47Connect two SA bundles with different spi, same IPsrc

Host Transport AH-ESP Outbound
48Outbound AH-ESP combination

Host Transport AH-ESP Inbound
49Inbound AH-ESP combination

Host Transport Common Outbound
50Select SPD entry (policy=discard,none)

Host Transport Common Inbound

Inbound Connect SA bundles
51Connect two SA bundles with same spi, same IPsrc, different protocol
52Select SPD entry (policy=discard,none)

Router Tunnel Mode

Initialize for Router
53Set Global Address and Check (Router)

Router Tunnel AH Outbound

Router Tunnel AH Outbound with authentication
54Outbound AH packet (HMAC-MD5)
55Outbound AH packet (HMAC-SHA1)

Router Tunnel AH Outbound Connect SA bundles
56Connect two SA bundles with different spi, different IPdst
57Connect two SA bundles with same spi, different IPdst

Router Tunnel AH Inbound

Router Tunnel AH Inbound with authentication
58Inbound AH Tunnel packet (with SPD entry)
59Inbound AH packet (HMAC-MD5)
60Inbound AH packet (HMAC-SHA1)

Router Tunnel AH Inbound Connect SA bundles
61Connect two SA bundles with different spi, different IPsrc
62Connect two SA bundles with different spi, same IPsrc

Router Tunnel AH Inbound, Detect modification of packet with AH
63Detect modification of IPv4 header IP dst address with AH
64Detect modification of IPv4 header IP src address with AH
65Undetect modification of IPv4 header TTL with AH
66Detect modification of inner IPv4 header TTL of AH tunnel
67Detect modification of inner payload of AH tunnel

Router Tunnel ESP Outbound

ESP Outbound without authentication
68Outbound ESP packet (DES-CBC)
69Outbound ESP packet (3DES-CBC)

ESP Outbound with authentication
70Outbound ESP packet (NULL, HMAC-MD5)
71Outbound ESP packet (NULL, HMAC-SHA1)
72Outbound ESP packet (DES-CBC, HMAC-MD5)
73Outbound ESP packet (DES-CBC, HMAC-SHA1)
74Outbound ESP packet (3DES-CBC, HMAC-MD5)
75Outbound ESP packet (3DES-CBC, HMAC-SHA1)

ESP Outbound Padding
76Outbound Padding (NULL)
77Outbound Padding (DES-CBC)
78Outbound Padding (3DES-CBC)

ESP Outbound Connect SA bundles
79Connect two SA bundles with different spi, different IPdst
80Connect two SA bundles with same spi, different IPdst

Router Tunnel ESP Inbound
81Inbound ESP Tunnel packet (with SPD entry)

ESP Inbound without authentication
82Inbound ESP packet (DES-CBC)
83Inbound ESP packet (3DES-CBC)
84Inbound ESP packet (Invalid Encryption Key)

ESP Inbound with authentication
85Inbound ESP packet (NULL, HMAC-MD5)
86Inbound ESP packet (NULL, HMAC-SHA1)
87Inbound ESP packet (DES-CBC, HMAC-MD5)
88Inbound ESP packet (DES-CBC, HMAC-SHA1)
89Inbound ESP packet (3DES-CBC, HMAC-MD5)
90Inbound ESP packet (3DES-CBC, HMAC-SHA1)
91Inbound ESP packet (Invalid Authentication Key)

ESP Inbound Padding
92Inbound Padding (NULL)
93Inbound Padding (DES-CBC)
94Inbound Padding (3DES-CBC)
95Padding Length is 255 (max)
96Invalid Padding

ESP Inbound Connect SA bundles
97Connect two SA bundles with different spi, different IPsrc
98Connect two SA bundles with different spi, same IPsrc

Router Tunnel Common Inbound

Inbound Connect SA bundles
99Connect two SA bundles with same spi, same IPsrc, different protocol