close search bar

Sorry, not available in this language yet

close language selection
IKEv2 Client Test Suite Data Sheet
Test Suite:
IKEv2 Client Test Suite
Direction:
Client

Defensics Internet Key Exchange v2 Test Suite tests the robustness of IKEv2 Client implementations. It attempts to discover bugs in tested implementations by sending invalid, incorrect and malformed data and data structures. The test suite is intended strictly for automated black-box negative testing in an isolated lab environment.

Used specifications

Specification
Title
Notes
RFC7296
Internet Key Exchange Protocol Version 2 (IKEv2)
RFC3748
Extensible Authentication Protocol (EAP), EAP-MD5, EAP-OTP and EAP-AKA are supported.
RFC4306
Internet Key Exchange (IKEv2) Protocol
RFC4307
Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
RFC4187
Extensible Authentication Protocol Method for 3rd Generation Authentication and Key Agreement (EAP-AKA)
3gpp 35.206 (Milenage) and 3gpp2 S.S0055 supported
RFC4478
Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
RFC4718
Clarifications and Implementation Guidelines
RFC4754
IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA)
RFC4945
The Internet IP Security PKI Profile of IKEv1/ISAKMP, IKEv2, and PKIX
RFC5106
The Extensible Authentication Protocol-Internet Key Exchange Protocol version 2 (EAP-IKEv2) Method
RFC5247
Extensible Authentication Protocol (EAP) Key Management Framework
RFC5282
Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol
Only AES-GCM with 16 bytes Authentication Tag implemented
RFC5903
Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2
RFC5996
Internet Key Exchange Protocol Version 2 (IKEv2)
RFC6090
Fundamental Elliptic Curve Cryptography Algorithms

Tool-specific information

Supported SafeGuard Checks

Authentication Bypass

Certificate Validation

Information Leakage

Unexpected Data

Weak Cryptography

Tested messages

Initialize response

Authenticate response

Authenticate response (EAP Identity)

Authenticate response (EAP Challenge)

Authenticate response (EAP Success)

Rekeying Child SA request

Delete Child SA request/response

Delete IKE SA request/response

Delete First Child SA request/response

Create Child SA request/response

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis