idnits 2.17.1 draft-ietf-behave-stun-test-vectors-03.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 16. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 367. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 378. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 385. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 391. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (July 27, 2008) is 5745 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Outdated reference: A later version (-18) exists of draft-ietf-behave-rfc3489bis-17 Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 7 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Behavior Engineering for Hindrance R. Denis-Courmont 3 Avoidance Nokia 4 Internet-Draft July 27, 2008 5 Intended status: Informational 6 Expires: January 28, 2009 8 Test vectors for STUN 9 draft-ietf-behave-stun-test-vectors-03 11 Status of This Memo 13 By submitting this Internet-Draft, each author represents that any 14 applicable patent or other IPR claims of which he or she is aware 15 have been or will be disclosed, and any of which he or she becomes 16 aware will be disclosed, in accordance with Section 6 of BCP 79. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as Internet- 21 Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six months 24 and may be updated, replaced, or obsoleted by other documents at any 25 time. It is inappropriate to use Internet-Drafts as reference 26 material or to cite them other than as "work in progress." 28 The list of current Internet-Drafts can be accessed at 29 http://www.ietf.org/ietf/1id-abstracts.txt. 31 The list of Internet-Draft Shadow Directories can be accessed at 32 http://www.ietf.org/shadow.html. 34 This Internet-Draft will expire on January 28, 2009. 36 Abstract 38 The Session Traversal Utilities for NAT (STUN) protocol defines two 39 STUN attributes -- FINGERPRINT and MESSAGE-INTEGRITY -- that may be 40 included in STUN messages. This document provides test vectors for 41 those two attributes. 43 Table of Contents 45 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 46 2. Test vectors . . . . . . . . . . . . . . . . . . . . . . . . . 3 47 2.1. Sample request . . . . . . . . . . . . . . . . . . . . . . 3 48 2.2. Sample IPv4 response . . . . . . . . . . . . . . . . . . . 4 49 2.3. Sample IPv6 response . . . . . . . . . . . . . . . . . . . 5 50 2.4. Sample request with long-term authentication . . . . . . . 6 51 3. Security Considerations . . . . . . . . . . . . . . . . . . . . 7 52 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7 53 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 54 6. Normative References . . . . . . . . . . . . . . . . . . . . . 7 55 Appendix A. Source code for test vectors . . . . . . . . . . . . . 8 57 1. Introduction 59 The Session Traversal Utilities for NAT 60 (STUN)[I-D.ietf-behave-rfc3489bis] protocol defines two different 61 hashes that may be included in messages exchanged by peers 62 implementing that protocol: 64 FINGERPRINT attribute: a 32-bits Circular Redundancy Check. 66 MESSAGE-INTEGRITY attribute: a HMAC-SHA1 authentication code. 68 This document provides samples of properly-formatted STUN messages 69 including these hashes, for the sake of testing implementations of 70 the STUN protocol. 72 2. Test vectors 74 All included vectors are represented as a series of hexadecimal 75 values in network byte order. Each pair of hexadecimal digits 76 represents one byte. 78 Messages follow the ICE Connectivity Checks use case of STUN, (see 79 [I-D.ietf-mmusic-ice]). These messages include FINGERPRINT, MESSAGE- 80 INTEGRITY and XOR-MAPPED-ADDRESS STUN attributes. These attributes 81 are considered to be most prone to implementation errors. An 82 additional message is provided to test STUN authentication with long- 83 term credentials (which is not used by ICE). 85 In the following sample messages, two types of plain UTF-8 text 86 attributes are included. The values of certain of these attributes 87 were purposedly sized to require padding. 89 In this document, ASCII white spaces (U+0020) are used for padding 90 within the first three messages - this is arbitrary. Similarly, the 91 last message uses nul bytes for padding. As per 92 [I-D.ietf-behave-rfc3489bis], padding bytes can have any value. 94 2.1. Sample request 96 This request uses the following parameters: 98 Software name: "STUN test client" (without quotes) 100 Username: "evtj:h6vY" (without quotes) 101 Password: "VOkJxbRl1RmTxUk/WvJxBt" (without quotes) 103 00 01 00 58 Request type and message length 104 21 12 a4 42 Magic cookie 105 b7 e7 a7 01 } 106 bc 34 d6 86 } Transaction ID 107 fa 87 df ae } 108 80 22 00 10 SOFTWARE attribute header 109 53 54 55 4e } 110 20 74 65 73 } User-agent... 111 74 20 63 6c } ...name 112 69 65 6e 74 } 113 00 24 00 04 PRIORITY attribute header 114 6e 00 01 ff ICE priority value 115 80 29 00 08 ICE-CONTROLLED attribute header 116 93 2f f9 b1 } Pseudo-random tie breaker... 117 51 26 3b 36 } ...for ICE control 118 00 06 00 09 USERNAME attribute header 119 65 76 74 6a } 120 3a 68 36 76 } Username (9 bytes) and padding (3 bytes) 121 59 20 20 20 } 122 00 08 00 14 MESSAGE-INTEGRITY attribute header 123 9a ea a7 0c } 124 bf d8 cb 56 } 125 78 1e f2 b5 } HMAC-SHA1 fingerprint 126 b2 d3 f2 49 } 127 c1 b5 71 a2 } 128 80 28 00 04 FINGERPRINT attribute header 129 e5 7a 3b cf CRC32 fingerprint 131 2.2. Sample IPv4 response 133 This response used the following parameter: 135 Password: "VOkJxbRl1RmTxUk/WvJxBt" (without quotes) 137 Software name: "test vector" (without quotes) 139 Mapped address: 192.0.2.1 port 32853 140 01 01 00 3c Response type and message length 141 21 12 a4 42 Magic cookie 142 b7 e7 a7 01 } 143 bc 34 d6 86 } Transaction ID 144 fa 87 df ae } 145 80 22 00 0b SOFTWARE attribute header 146 74 65 73 74 } 147 20 76 65 63 } UTF-8 server name 148 74 6f 72 20 } 149 00 20 00 08 XOR-MAPPED-ADDRESS attribute header 150 00 01 a1 47 Address family (IPv4) and xor'd mapped port number 151 e1 12 a6 43 Xor'd mapped IPv4 address 152 00 08 00 14 MESSAGE-INTEGRITY attribute header 153 2b 91 f5 99 } 154 fd 9e 90 c3 } 155 8c 74 89 f9 } HMAC-SHA1 fingerprint 156 2a f9 ba 53 } 157 f0 6b e7 d7 } 158 80 28 00 04 FINGERPRINT attribute header 159 c0 7d 4c 96 CRC32 fingerprint 161 2.3. Sample IPv6 response 163 This response used the following parameter: 165 Password: "VOkJxbRl1RmTxUk/WvJxBt" (without quotes) 167 Software name: "test vector" (without quotes) 169 Mapped address: 2001:db8:1234:5678:11:2233:4455:6677 port 32853 170 01 01 00 48 Response type and message length 171 21 12 a4 42 Magic cookie 172 b7 e7 a7 01 } 173 bc 34 d6 86 } Transaction ID 174 fa 87 df ae } 175 80 22 00 0b SOFTWARE attribute header 176 74 65 73 74 } 177 20 76 65 63 } UTF-8 server name 178 74 6f 72 20 } 179 00 20 00 14 XOR-MAPPED-ADDRESS attribute header 180 00 02 a1 47 Address family (IPv6) and xor'd mapped port number 181 01 13 a9 fa } 182 a5 d3 f1 79 } Xor'd mapped IPv6 address 183 bc 25 f4 b5 } 184 be d2 b9 d9 } 185 00 08 00 14 MESSAGE-INTEGRITY attribute header 186 a3 82 95 4e } 187 4b e6 7b f1 } 188 17 84 c9 7c } HMAC-SHA1 fingerprint 189 82 92 c2 75 } 190 bf e3 ed 41 } 191 80 28 00 04 FINGERPRINT attribute header 192 c8 fb 0b 4c CRC32 fingerprint 194 2.4. Sample request with long-term authentication 196 This request uses the following parameters: 198 Username: "" 199 (without quotes) 201 Password: "TheAMtr" (without quotes) before 202 SASLprep processing 204 Nonce: "f//499k954d6OL34oL9FSTvy64sA" (without quotes) 206 Realm: "example.org" (without quotes) 207 00 01 00 60 Request type and message length 208 21 12 a4 42 Magic cookie 209 78 ad 34 33 } 210 c6 ad 72 c0 } Transaction ID 211 29 da 41 2e } 212 00 06 00 12 USERNAME attribute header 213 e3 83 9e e3 } 214 83 88 e3 83 } 215 aa e3 83 83 } Username value (18 bytes) and padding (2 bytes) 216 e3 82 af e3 } 217 82 b9 00 00 } 218 00 15 00 1c NONCE attribute header 219 66 2f 2f 34 } 220 39 39 6b 39 } 221 35 34 64 36 } 222 4f 4c 33 34 } Nonce value 223 6f 4c 39 46 } 224 53 54 76 79 } 225 36 34 73 41 } 226 00 14 00 0b REALM attribute header 227 65 78 61 6d } 228 70 6c 65 2e } Realm value (11 bytes) and padding (1 byte) 229 6f 72 67 00 } 230 00 08 00 14 MESSAGE-INTEGRITY attribute header 231 f6 70 24 65 } 232 6d d6 4a 3e } 233 02 b8 e0 71 } HMAC-SHA1 fingerprint 234 2e 85 c9 a2 } 235 8c a8 96 66 } 237 3. Security Considerations 239 There are no security considerations. 241 4. IANA Considerations 243 This document raises no IANA considerations. 245 5. Acknowledgements 247 The author would like to thank Marc Petit-Huguenin, Philip Matthews 248 and Dan Wing for their inputs, and Brian Korver, Alfred E. Heggestad 249 and Gustavo Garcia for their reviews. 251 6. Normative References 253 [I-D.ietf-behave-rfc3489bis] Rosenberg, J., Mahy, R., Matthews, P., 254 and D. Wing, "Session Traversal 255 Utilities for (NAT) (STUN)", 256 draft-ietf-behave-rfc3489bis-17 (work 257 in progress), July 2008. 259 [I-D.ietf-mmusic-ice] Rosenberg, J., "Interactive 260 Connectivity Establishment (ICE): A 261 Protocol for Network Address 262 Translator (NAT) Traversal for Offer/ 263 Answer Protocols", 264 draft-ietf-mmusic-ice-19 (work in 265 progress), October 2007. 267 Appendix A. Source code for test vectors 269 const unsigned char req[] = 270 "\x00\x01\x00\x58" 271 "\x21\x12\xa4\x42" 272 "\xb7\xe7\xa7\x01\xbc\x34\xd6\x86\xfa\x87\xdf\xae" 273 "\x80\x22\x00\x10" 274 "STUN test client" 275 "\x00\x24\x00\x04" 276 "\x6e\x00\x01\xff" 277 "\x80\x29\x00\x08" 278 "\x93\x2f\xf9\xb1\x51\x26\x3b\x36" 279 "\x00\x06\x00\x09" 280 "\x65\x76\x74\x6a\x3a\x68\x36\x76\x59\x20\x20\x20" 281 "\x00\x08\x00\x14" 282 "\x9a\xea\xa7\x0c\xbf\xd8\xcb\x56\x78\x1e\xf2\xb5" 283 "\xb2\xd3\xf2\x49\xc1\xb5\x71\xa2" 284 "\x80\x28\x00\x04" 285 "\xe5\x7a\x3b\xcf"; 287 Request message 289 const unsigned char respv4[] = 290 "\x01\x01\x00\x3c" 291 "\x21\x12\xa4\x42" 292 "\xb7\xe7\xa7\x01\xbc\x34\xd6\x86\xfa\x87\xdf\xae" 293 "\x80\x22\x00\x0b" 294 "\x74\x65\x73\x74\x20\x76\x65\x63\x74\x6f\x72\x20" 295 "\x00\x20\x00\x08" 296 "\x00\x01\xa1\x47\xe1\x12\xa6\x43" 297 "\x00\x08\x00\x14" 298 "\x2b\x91\xf5\x99\xfd\x9e\x90\xc3\x8c\x74\x89\xf9" 299 "\x2a\xf9\xba\x53\xf0\x6b\xe7\xd7" 300 "\x80\x28\x00\x04" 301 "\xc0\x7d\x4c\x96"; 303 IPv4 response message 305 const unsigned char respv6[] = 306 "\x01\x01\x00\x48" 307 "\x21\x12\xa4\x42" 308 "\xb7\xe7\xa7\x01\xbc\x34\xd6\x86\xfa\x87\xdf\xae" 309 "\x80\x22\x00\x0b" 310 "\x74\x65\x73\x74\x20\x76\x65\x63\x74\x6f\x72\x20" 311 "\x00\x20\x00\x14" 312 "\x00\x02\xa1\x47" 313 "\x01\x13\xa9\xfa\xa5\xd3\xf1\x79" 314 "\xbc\x25\xf4\xb5\xbe\xd2\xb9\xd9" 315 "\x00\x08\x00\x14" 316 "\xa3\x82\x95\x4e\x4b\xe6\x7b\xf1\x17\x84\xc9\x7c" 317 "\x82\x92\xc2\x75\xbf\xe3\xed\x41" 318 "\x80\x28\x00\x04" 319 "\xc8\xfb\x0b\x4c"; 321 IPv6 response message 323 const unsigned char reqltc[] = 324 "\x00\x01\x00\x60" 325 "\x21\x12\xa4\x42" 326 "\x78\xad\x34\x33\xc6\xad\x72\xc0\x29\xda\x41\x2e" 327 "\x00\x06\x00\x12" 328 "\xe3\x83\x9e\xe3\x83\x88\xe3\x83\xaa\xe3\x83\x83" 329 "\xe3\x82\xaf\xe3\x82\xb9\x00\x00" 330 "\x00\x15\x00\x1c" 331 "\x66\x2f\x2f\x34\x39\x39\x6b\x39\x35\x34\x64\x36" 332 "\x4f\x4c\x33\x34\x6f\x4c\x39\x46\x53\x54\x76\x79" 333 "\x36\x34\x73\x41" 334 "\x00\x14\x00\x0b" 335 "\x65\x78\x61\x6d\x70\x6c\x65\x2e\x6f\x72\x67\x00" 336 "\x00\x08\x00\x14" 337 "\xf6\x70\x24\x65\x6d\xd6\x4a\x3e\x02\xb8\xe0\x71" 338 "\x2e\x85\xc9\xa2\x8c\xa8\x96\x66"; 340 Request with long-term credentials 342 Author's Address 344 Remi Denis-Courmont 345 Nokia Corporation 346 P.O. Box 407 347 NOKIA GROUP 00045 348 FI 350 Phone: +358 50 487 6315 351 EMail: remi.denis-courmont@nokia.com 353 Full Copyright Statement 355 Copyright (C) The IETF Trust (2008). 357 This document is subject to the rights, licenses and restrictions 358 contained in BCP 78, and except as set forth therein, the authors 359 retain all their rights. 361 This document and the information contained herein are provided on an 362 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 363 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND 364 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS 365 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF 366 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 367 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 369 Intellectual Property 371 The IETF takes no position regarding the validity or scope of any 372 Intellectual Property Rights or other rights that might be claimed to 373 pertain to the implementation or use of the technology described in 374 this document or the extent to which any license under such rights 375 might or might not be available; nor does it represent that it has 376 made any independent effort to identify any such rights. Information 377 on the procedures with respect to rights in RFC documents can be 378 found in BCP 78 and BCP 79. 380 Copies of IPR disclosures made to the IETF Secretariat and any 381 assurances of licenses to be made available, or the result of an 382 attempt made to obtain a general license or permission for the use of 383 such proprietary rights by implementers or users of this 384 specification can be obtained from the IETF on-line IPR repository at 385 http://www.ietf.org/ipr. 387 The IETF invites any interested party to bring to its attention any 388 copyrights, patents or patent applications, or other proprietary 389 rights that may cover technology that may be required to implement 390 this standard. Please address the information to the IETF at 391 ietf-ipr@ietf.org.