idnits 2.17.1 draft-ietf-behave-stun-test-vectors-04.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 16. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 379. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 390. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 397. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 403. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 18, 2008) is 5636 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 5389 (Obsoleted by RFC 8489) -- Obsolete informational reference (is this intentional?): RFC 4013 (Obsoleted by RFC 7613) Summary: 2 errors (**), 0 flaws (~~), 1 warning (==), 8 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Behavior Engineering for Hindrance R. Denis-Courmont 3 Avoidance Nokia 4 Internet-Draft November 18, 2008 5 Intended status: Informational 6 Expires: May 22, 2009 8 Test vectors for STUN 9 draft-ietf-behave-stun-test-vectors-04 11 Status of This Memo 13 By submitting this Internet-Draft, each author represents that any 14 applicable patent or other IPR claims of which he or she is aware 15 have been or will be disclosed, and any of which he or she becomes 16 aware will be disclosed, in accordance with Section 6 of BCP 79. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt. 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This Internet-Draft will expire on May 22, 2009. 36 Abstract 38 The Session Traversal Utilities for NAT (STUN) protocol defines 39 several STUN attributes. The content of some of these -- 40 FINGERPRINT, MESSAGE-INTEGRITY and XOR-MAPPED-ADDRESS -- involve 41 binary-logical operations (hashing, xor). This document provides 42 test vectors for those attributes. 44 Table of Contents 46 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 47 2. Test vectors . . . . . . . . . . . . . . . . . . . . . . . . . 3 48 2.1. Sample request . . . . . . . . . . . . . . . . . . . . . . 3 49 2.2. Sample IPv4 response . . . . . . . . . . . . . . . . . . . 4 50 2.3. Sample IPv6 response . . . . . . . . . . . . . . . . . . . 5 51 2.4. Sample request with long-term authentication . . . . . . . 6 52 3. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 53 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 54 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 55 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8 56 6.1. Normative References . . . . . . . . . . . . . . . . . . . 8 57 6.2. Informative References . . . . . . . . . . . . . . . . . . 8 58 Appendix A. Source code for test vectors . . . . . . . . . . . . . 8 60 1. Introduction 62 The Session Traversal Utilities for NAT (STUN)[RFC5389] protocol 63 defines two different hashes that may be included in messages 64 exchanged by peers implementing that protocol: 66 FINGERPRINT attribute: a 32-bits Circular Redundancy Check. 68 MESSAGE-INTEGRITY attribute: a HMAC-SHA1[RFC2104] authentication 69 code. 71 This document provides samples of properly-formatted STUN messages 72 including these hashes, for the sake of testing implementations of 73 the STUN protocol. 75 2. Test vectors 77 All included vectors are represented as a series of hexadecimal 78 values in network byte order. Each pair of hexadecimal digits 79 represents one byte. 81 Messages follow the ICE Connectivity Checks use case of STUN, (see 82 [I-D.ietf-mmusic-ice]). These messages include FINGERPRINT, MESSAGE- 83 INTEGRITY and XOR-MAPPED-ADDRESS STUN attributes. These attributes 84 are considered to be most prone to implementation errors. An 85 additional message is provided to test STUN authentication with long- 86 term credentials (which is not used by ICE). 88 In the following sample messages, two types of plain UTF-8 text 89 attributes are included. The values of certain of these attributes 90 were purposedly sized to require padding. Non-ASCII characters are 91 represented as where xxxx is the hexadecimal number of their 92 Unicode code point. 94 In this document, ASCII white spaces (U+0020) are used for padding 95 within the first three messages - this is arbitrary. Similarly, the 96 last message uses nul bytes for padding. As per [RFC5389], padding 97 bytes may take any value. 99 2.1. Sample request 101 This request uses the following parameters: 103 Software name: "STUN test client" (without quotes) 104 Username: "evtj:h6vY" (without quotes) 106 Password: "VOkJxbRl1RmTxUk/WvJxBt" (without quotes) 108 00 01 00 58 Request type and message length 109 21 12 a4 42 Magic cookie 110 b7 e7 a7 01 } 111 bc 34 d6 86 } Transaction ID 112 fa 87 df ae } 113 80 22 00 10 SOFTWARE attribute header 114 53 54 55 4e } 115 20 74 65 73 } User-agent... 116 74 20 63 6c } ...name 117 69 65 6e 74 } 118 00 24 00 04 PRIORITY attribute header 119 6e 00 01 ff ICE priority value 120 80 29 00 08 ICE-CONTROLLED attribute header 121 93 2f f9 b1 } Pseudo-random tie breaker... 122 51 26 3b 36 } ...for ICE control 123 00 06 00 09 USERNAME attribute header 124 65 76 74 6a } 125 3a 68 36 76 } Username (9 bytes) and padding (3 bytes) 126 59 20 20 20 } 127 00 08 00 14 MESSAGE-INTEGRITY attribute header 128 9a ea a7 0c } 129 bf d8 cb 56 } 130 78 1e f2 b5 } HMAC-SHA1 fingerprint 131 b2 d3 f2 49 } 132 c1 b5 71 a2 } 133 80 28 00 04 FINGERPRINT attribute header 134 e5 7a 3b cf CRC32 fingerprint 136 2.2. Sample IPv4 response 138 This response used the following parameter: 140 Password: "VOkJxbRl1RmTxUk/WvJxBt" (without quotes) 142 Software name: "test vector" (without quotes) 144 Mapped address: 192.0.2.1 port 32853 145 01 01 00 3c Response type and message length 146 21 12 a4 42 Magic cookie 147 b7 e7 a7 01 } 148 bc 34 d6 86 } Transaction ID 149 fa 87 df ae } 150 80 22 00 0b SOFTWARE attribute header 151 74 65 73 74 } 152 20 76 65 63 } UTF-8 server name 153 74 6f 72 20 } 154 00 20 00 08 XOR-MAPPED-ADDRESS attribute header 155 00 01 a1 47 Address family (IPv4) and xor'd mapped port number 156 e1 12 a6 43 Xor'd mapped IPv4 address 157 00 08 00 14 MESSAGE-INTEGRITY attribute header 158 2b 91 f5 99 } 159 fd 9e 90 c3 } 160 8c 74 89 f9 } HMAC-SHA1 fingerprint 161 2a f9 ba 53 } 162 f0 6b e7 d7 } 163 80 28 00 04 FINGERPRINT attribute header 164 c0 7d 4c 96 CRC32 fingerprint 166 2.3. Sample IPv6 response 168 This response used the following parameter: 170 Password: "VOkJxbRl1RmTxUk/WvJxBt" (without quotes) 172 Software name: "test vector" (without quotes) 174 Mapped address: 2001:db8:1234:5678:11:2233:4455:6677 port 32853 175 01 01 00 48 Response type and message length 176 21 12 a4 42 Magic cookie 177 b7 e7 a7 01 } 178 bc 34 d6 86 } Transaction ID 179 fa 87 df ae } 180 80 22 00 0b SOFTWARE attribute header 181 74 65 73 74 } 182 20 76 65 63 } UTF-8 server name 183 74 6f 72 20 } 184 00 20 00 14 XOR-MAPPED-ADDRESS attribute header 185 00 02 a1 47 Address family (IPv6) and xor'd mapped port number 186 01 13 a9 fa } 187 a5 d3 f1 79 } Xor'd mapped IPv6 address 188 bc 25 f4 b5 } 189 be d2 b9 d9 } 190 00 08 00 14 MESSAGE-INTEGRITY attribute header 191 a3 82 95 4e } 192 4b e6 7b f1 } 193 17 84 c9 7c } HMAC-SHA1 fingerprint 194 82 92 c2 75 } 195 bf e3 ed 41 } 196 80 28 00 04 FINGERPRINT attribute header 197 c8 fb 0b 4c CRC32 fingerprint 199 2.4. Sample request with long-term authentication 201 This request uses the following parameters: 203 Username: "" 204 (without quotes) unaffected by SASLprep[RFC4013] processing 206 Password: "TheMtr" resp "TheMatrIX" (without 207 quotes) before resp after SASLprep processing 209 Nonce: "f//499k954d6OL34oL9FSTvy64sA" (without quotes) 211 Realm: "example.org" (without quotes) 212 00 01 00 60 Request type and message length 213 21 12 a4 42 Magic cookie 214 78 ad 34 33 } 215 c6 ad 72 c0 } Transaction ID 216 29 da 41 2e } 217 00 06 00 12 USERNAME attribute header 218 e3 83 9e e3 } 219 83 88 e3 83 } 220 aa e3 83 83 } Username value (18 bytes) and padding (2 bytes) 221 e3 82 af e3 } 222 82 b9 00 00 } 223 00 15 00 1c NONCE attribute header 224 66 2f 2f 34 } 225 39 39 6b 39 } 226 35 34 64 36 } 227 4f 4c 33 34 } Nonce value 228 6f 4c 39 46 } 229 53 54 76 79 } 230 36 34 73 41 } 231 00 14 00 0b REALM attribute header 232 65 78 61 6d } 233 70 6c 65 2e } Realm value (11 bytes) and padding (1 byte) 234 6f 72 67 00 } 235 00 08 00 14 MESSAGE-INTEGRITY attribute header 236 f6 70 24 65 } 237 6d d6 4a 3e } 238 02 b8 e0 71 } HMAC-SHA1 fingerprint 239 2e 85 c9 a2 } 240 8c a8 96 66 } 242 3. Security Considerations 244 There are no security considerations. 246 4. IANA Considerations 248 This document raises no IANA considerations. 250 5. Acknowledgements 252 The author would like to thank Marc Petit-Huguenin, Philip Matthews 253 and Dan Wing for their inputs, and Brian Korver, Alfred E. Heggestad 254 and Gustavo Garcia for their reviews. 256 6. References 257 6.1. Normative References 259 [RFC5389] Rosenberg, J., Mahy, R., Matthews, P., and D. 260 Wing, "Session Traversal Utilities for NAT 261 (STUN)", RFC 5389, October 2008. 263 [I-D.ietf-mmusic-ice] Rosenberg, J., "Interactive Connectivity 264 Establishment (ICE): A Protocol for Network 265 Address Translator (NAT) Traversal for Offer/ 266 Answer Protocols", draft-ietf-mmusic-ice-19 267 (work in progress), October 2007. 269 6.2. Informative References 271 [RFC2104] Krawczyk, H., Bellare, M., and R. Canetti, 272 "HMAC: Keyed-Hashing for Message 273 Authentication", RFC 2104, February 1997. 275 [RFC4013] Zeilenga, K., "SASLprep: Stringprep Profile 276 for User Names and Passwords", RFC 4013, 277 February 2005. 279 Appendix A. Source code for test vectors 281 const unsigned char req[] = 282 "\x00\x01\x00\x58" 283 "\x21\x12\xa4\x42" 284 "\xb7\xe7\xa7\x01\xbc\x34\xd6\x86\xfa\x87\xdf\xae" 285 "\x80\x22\x00\x10" 286 "STUN test client" 287 "\x00\x24\x00\x04" 288 "\x6e\x00\x01\xff" 289 "\x80\x29\x00\x08" 290 "\x93\x2f\xf9\xb1\x51\x26\x3b\x36" 291 "\x00\x06\x00\x09" 292 "\x65\x76\x74\x6a\x3a\x68\x36\x76\x59\x20\x20\x20" 293 "\x00\x08\x00\x14" 294 "\x9a\xea\xa7\x0c\xbf\xd8\xcb\x56\x78\x1e\xf2\xb5" 295 "\xb2\xd3\xf2\x49\xc1\xb5\x71\xa2" 296 "\x80\x28\x00\x04" 297 "\xe5\x7a\x3b\xcf"; 299 Request message 301 const unsigned char respv4[] = 302 "\x01\x01\x00\x3c" 303 "\x21\x12\xa4\x42" 304 "\xb7\xe7\xa7\x01\xbc\x34\xd6\x86\xfa\x87\xdf\xae" 305 "\x80\x22\x00\x0b" 306 "\x74\x65\x73\x74\x20\x76\x65\x63\x74\x6f\x72\x20" 307 "\x00\x20\x00\x08" 308 "\x00\x01\xa1\x47\xe1\x12\xa6\x43" 309 "\x00\x08\x00\x14" 310 "\x2b\x91\xf5\x99\xfd\x9e\x90\xc3\x8c\x74\x89\xf9" 311 "\x2a\xf9\xba\x53\xf0\x6b\xe7\xd7" 312 "\x80\x28\x00\x04" 313 "\xc0\x7d\x4c\x96"; 315 IPv4 response message 317 const unsigned char respv6[] = 318 "\x01\x01\x00\x48" 319 "\x21\x12\xa4\x42" 320 "\xb7\xe7\xa7\x01\xbc\x34\xd6\x86\xfa\x87\xdf\xae" 321 "\x80\x22\x00\x0b" 322 "\x74\x65\x73\x74\x20\x76\x65\x63\x74\x6f\x72\x20" 323 "\x00\x20\x00\x14" 324 "\x00\x02\xa1\x47" 325 "\x01\x13\xa9\xfa\xa5\xd3\xf1\x79" 326 "\xbc\x25\xf4\xb5\xbe\xd2\xb9\xd9" 327 "\x00\x08\x00\x14" 328 "\xa3\x82\x95\x4e\x4b\xe6\x7b\xf1\x17\x84\xc9\x7c" 329 "\x82\x92\xc2\x75\xbf\xe3\xed\x41" 330 "\x80\x28\x00\x04" 331 "\xc8\xfb\x0b\x4c"; 333 IPv6 response message 335 const unsigned char reqltc[] = 336 "\x00\x01\x00\x60" 337 "\x21\x12\xa4\x42" 338 "\x78\xad\x34\x33\xc6\xad\x72\xc0\x29\xda\x41\x2e" 339 "\x00\x06\x00\x12" 340 "\xe3\x83\x9e\xe3\x83\x88\xe3\x83\xaa\xe3\x83\x83" 341 "\xe3\x82\xaf\xe3\x82\xb9\x00\x00" 342 "\x00\x15\x00\x1c" 343 "\x66\x2f\x2f\x34\x39\x39\x6b\x39\x35\x34\x64\x36" 344 "\x4f\x4c\x33\x34\x6f\x4c\x39\x46\x53\x54\x76\x79" 345 "\x36\x34\x73\x41" 346 "\x00\x14\x00\x0b" 347 "\x65\x78\x61\x6d\x70\x6c\x65\x2e\x6f\x72\x67\x00" 348 "\x00\x08\x00\x14" 349 "\xf6\x70\x24\x65\x6d\xd6\x4a\x3e\x02\xb8\xe0\x71" 350 "\x2e\x85\xc9\xa2\x8c\xa8\x96\x66"; 352 Request with long-term credentials 354 Author's Address 356 Remi Denis-Courmont 357 Nokia Corporation 358 P.O. Box 407 359 NOKIA GROUP 00045 360 FI 362 Phone: +358 50 487 6315 363 EMail: remi.denis-courmont@nokia.com 365 Full Copyright Statement 367 Copyright (C) The IETF Trust (2008). 369 This document is subject to the rights, licenses and restrictions 370 contained in BCP 78, and except as set forth therein, the authors 371 retain all their rights. 373 This document and the information contained herein are provided on an 374 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 375 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 376 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 377 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 378 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 379 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 381 Intellectual Property 383 The IETF takes no position regarding the validity or scope of any 384 Intellectual Property Rights or other rights that might be claimed to 385 pertain to the implementation or use of the technology described in 386 this document or the extent to which any license under such rights 387 might or might not be available; nor does it represent that it has 388 made any independent effort to identify any such rights. Information 389 on the procedures with respect to rights in RFC documents can be 390 found in BCP 78 and BCP 79. 392 Copies of IPR disclosures made to the IETF Secretariat and any 393 assurances of licenses to be made available, or the result of an 394 attempt made to obtain a general license or permission for the use of 395 such proprietary rights by implementers or users of this 396 specification can be obtained from the IETF on-line IPR repository at 397 http://www.ietf.org/ipr. 399 The IETF invites any interested party to bring to its attention any 400 copyrights, patents or patent applications, or other proprietary 401 rights that may cover technology that may be required to implement 402 this standard. Please address the information to the IETF at 403 ietf-ipr@ietf.org.