interop-spec-est-coaps.html

<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body><h1 id="tests-specification-for-EST-coaps">Tests Specification for EST-coaps</h1>
<h2 id="table-of-contents">Table of Contents</h2>
<ol style="list-style-type: decimal">
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#notes">Notes</a></li>
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#security-contexts-and-resources">Security Contexts and Resources</a>
<ol style="list-style-type: decimal">
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#client-sec">Security Context A: Client</a></li>
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#server-sec">Security Context B: Server</a></li>
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#client-secC">Security Context C: Client</a></li>
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#server-secD">Security Context D: Server</a></li>
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#resources">Resources</a></li>
</ol></li>
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#env-setup">Set up the environment</a>
<ol style="list-style-type: decimal">
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#test-0a">Test 0a</a></li>
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#test-0b">Test 0b</a></li>
</ol></li>
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#correct-EST-use">Correct EST use</a>
<ol style="list-style-type: decimal">
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#get">GET test</a>
<ol style="list-style-type: decimal">
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#test-1a">Test 1a</a></li>
</ol></li>
</ol></li>
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#put">POST test</a>
<ol style="list-style-type: decimal">
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#test-9a">Test 9a</a></li>
</ol></li>
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#incorrect-EST">Incorrect EST use</a>
<ol style="list-style-type: decimal">
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#sec-context">Security Context not matching</a>
<ol style="list-style-type: decimal">
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#replay">Replay of a previously sent message</a>
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#auth">Accessing a non-EST-protected resource with EST</a>
<ol style="list-style-type: decimal">
</ol></li>
<li><a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#unauth">Accessing an EST-protected resource without EST</a>
<ol style="list-style-type: decimal">
</ol></li>
</ol></li>
<h2 id="notes">1. Notes</h2>
<p>CoAP Version is 1 in all the tests.</p>
<p>The client and server may optionally display external_aad and COSE object (before and after compression) to simplify debugging.</p>
<p>When non-indicated, CoAP messages can be NON or CON (implementer's choice).</p>
<p>To be able to run Test 16, the implementer must run an EST-unaware server.</p>
<p>The number used as Object-Security option number is set to 9 in this document.</p>
<h2 id="security-contexts-and-resources">2. Security Contexts and Resources</h2>
<h3 id="client-sec">Security Context A: Client</h3>
<h3 id="server-sec">Security Context B: Server</h3>
<h3 id="client-secC">Security Context C: Client</h3>
<h3 id="server-secD">Security Context D: Server</h3>
<h3 id="resources">Resources</h3>
<p>The list of resources the EST-aware server must implement is the following:</p>
<ul>
<li>/EST/hello/coap : authorized method: GET, returns the string "Hello World!" with content-format 0 (text/plain)</li>
<li>/EST/crts : protected resource, authorized method: GET, returns </li>
<li>/EST/sen : protected resource, authorized method: POST, returns </li>
<li>/EST/sren : protected resource, authorized method: GET, returns </li>
<li>/EST/att : protected resource, authorized method: GET, returns the v</li>
<li>/EST/skg : protected resource, authorized method: POST, returns </li>
</ul>
<p>The list of resource the EST-unaware server must implement is the following:</p>
<ul>
<li>/EST/hello/coap : authorized method: GET, returns the string "Hello World!" with content-format 0 (text/plain)</li>
</ul>
<hr>
<h2 id="env-setup">3. Set up the environment</h2>
<h3 id="test-0a">3.1. Identifier: TEST_0a</h3>
<p><strong>Objective</strong> : Verify that CoAP exchange works. Perform a simple GET transaction using COAP, Content-Format and Uri-Path option (Client side)</p>
<p><strong>Test Sequence</strong></p>
<table>
<colgroup>
<col width="9%">
<col width="14%">
<col width="76%">
</colgroup>
<thead>
<tr class="header">
<th>Step</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p>1</p></td>
<td><p>Stimulus</p></td>
<td><p>The client is requested to send a CoAP GET request including:</p>
<ul>
<li>Uri-Path : /EST/hello/coap</li>
</ul></td>
</tr>
<tr class="even">
<td><p>2</p></td>
<td><p>Check</p></td>
<td><p>Client serializes the request</p></td>
</tr>
<tr class="odd">
<td><p>3</p></td>
<td><p>Verify</p></td>
<td><p>Client displays the sent packet</p></td>
</tr>
<tr class="even">
<td><p>4</p></td>
<td><p>Check</p></td>
<td><p>Client parses the response and continues the CoAP processing expected; expected: 2.05 Content Response with:</p>
<ul>
<li>Content-Format = 0 (text/plain)</li>
<li>Payload = "Hello World!"</li>
</ul></td>
</tr>
<tr class="odd">
<td><p>5</p></td>
<td><p>Verify</p></td>
<td><p>Client displays the received packet</p></td>
</tr>
</tbody>
</table>
<h4 id="test-0b">3.2. Identifier: TEST_0b</h4>
<p><strong>Objective</strong> : Verify that CoAP exchange works. Perform a simple GET transaction using COAP, Content-Format and Uri-Path option (Server side)</p>
<p><strong>Configuration</strong> :</p>
<p><em>server resources</em>:</p>
<ul>
<li>/EST/hello/coap : authorized method: GET, returns the string "Hello World!" with content-format 0 (text/plain)</li>
</ul>
<p><strong>Test Sequence</strong></p>
<table>
<colgroup>
<col width="9%">
<col width="14%">
<col width="76%">
</colgroup>
<thead>
<tr class="header">
<th>Step</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p>1</p></td>
<td><p>Stimulus</p></td>
<td><p>The client is requested to send a CoAP GET request including:</p>
<ul>
<li>Uri-Path = /EST/hello/coap</li>
</ul></td>
</tr>
<tr class="even">
<td><p>2</p></td>
<td><p>Check</p></td>
<td><p>Server parses the request and continues the CoAP processing</p></td>
</tr>
<tr class="odd">
<td><p>3</p></td>
<td><p>Verify</p></td>
<td><p>Server displays the received packet</p></td>
</tr>
<tr class="even">
<td><p>4</p></td>
<td><p>Check</p></td>
<td><p>Server serialize the response correctly, which is: 2.05 Content Response with:</p>
<ul>
<li>Content-Format = 0 (text/plain)</li>
<li>Payload = "Hello World!"</li>
</ul></td>
</tr>
<tr class="odd">
<td><p>5</p></td>
<td><p>Verify</p></td>
<td><p>Server displays the sent packet</p></td>
</tr>
</tbody>
</table>
<h2 id="correct-EST-use">4. Correct EST use</h2>
<h3 id="get">4.1 GET Tests</h3>
<h4 id="test-1a">4.1.1. Identifier: TEST_1a</h4>
<p><strong>Objective</strong> : Perform a simple GET transaction using EST, Content-Format and Uri-Path option (Client side)</p>
<p><strong>Configuration</strong> :</p>
<p><em>client security context</em>: <a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#client-sec">Security Context A</a>, with:</p>
<ul>
<li>Some comment</li>
</ul>
<p><strong>Test Sequence</strong></p>
<table>
<colgroup>
<col width="9%">
<col width="14%">
<col width="76%">
</colgroup>
<thead>
<tr class="header">
<th>Step</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p>1</p></td>
<td><p>Stimulus</p></td>
<td><p>The client is requested to send a CoAP GET request protected with EST, including:</p>
<ul>
<li>Object-Security option</li>
<li>Uri-Path : /EST/crts</li>
</ul></td>
</tr>
<tr class="even">
<td><p>2</p></td>
<td><p>Check</p></td>
<td><p>Client serializes the request, which is a GETT request, with:</p>
<ul>
<li>Object-Security option</li>
<li>Payload: ciphertext including:
<ul>
<li>Code: GET</li>
<li>Uri-Path : /EST/crts</li>
</ul></li>
</ul></td>
</tr>
<tr class="odd">
<td><p>3</p></td>
<td><p>Verify</p></td>
<td><p>Client displays the sent packet</p></td>
</tr>
<tr class="even">
<td><p>4</p></td>
<td><p>Check</p></td>
<td><p>Client parses the response; expected: 2.04 Changed Response with:</p>
<ul>
<li>options</li>
<li>Payload</li>
</ul></td>
</tr>
<tr class="odd">
<td><p>5</p></td>
<td><p>Verify</p></td>
<td><p>Client decrypts the message: EST verification succeeds</p></td>
</tr>
<tr class="even">
<td><p>6</p></td>
<td><p>Check</p></td>
<td><p>Client parses the decrypted response and continues the CoAP processing; expected 2.05 Content Response with:</p>
<ul>
<li>Content-Format =</li>
<li>Payload = "certificate"</li>
</ul></td>
</tr>
<tr class="odd">
<td><p>7</p></td>
<td><p>Verify</p></td>
<td><p>Client displays the received packet</p></td>
</tr>
</tbody>
</table>

<h3 id="POST">4.3 POST Tests</h3>
<h4 id="test-9a">4.3.1. Identifier: TEST_9a</h4>
<p><strong>Objective</strong> : Perform a POST transaction using EST, Uri-Path, Content-Format (Client side)</p>
<p><strong>Configuration</strong> :</p>
<p><em>client security context</em>: <a href="https://github.com/anima-wg/constrained-voucher/test-spec5.html#client-sec">Security Context A</a>, with:</p>
<ul>
<li>Sequence number sent not in server's replay window</li>
</ul>
<p><strong>Test Sequence</strong></p>
<table>
<colgroup>
<col width="9%">
<col width="14%">
<col width="76%">
</colgroup>
<thead>
<tr class="header">
<th>Step</th>
<th>Type</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td><p>1</p></td>
<td><p>Stimulus</p></td>
<td><p>The client is requested to send a CoAP POST request protected with EST, including:</p>
<ul>
<li>block ption</li>
<li>Uri-Path = /EST/sen</li>
<li>Content-Format = </li>
<li>payload = 0x7a</li>
</ul></td>
</tr>
<tr class="even">
<td><p>2</p></td>
<td><p>Check</p></td>
<td><p>Client serializes the request, which is a POST request, with:</p>
<ul>
<li>block option</li>
<li>Payload: ciphertext including:
<ul>
<li>Code: POST</li>
<li>Uri-Path = /EST/sen</li>
<li>Content-Format = </li>
<li>payload =</li>
</ul></li>
</ul></td>
</tr>
<tr class="odd">
<td><p>3</p></td>
<td><p>Verify</p></td>
<td><p>Client displays the sent packet</p></td>
</tr>
<tr class="even">
<td><p>4</p></td>
<td><p>Check</p></td>
<td><p>Client parses the response; expected: 2.04 Changed Response with:</p>
<ul>
<li>Object-Security option</li>
<li>Payload</li>
</ul></td>
</tr>
<tr class="odd">
<td><p>5</p></td>
<td><p>Verify</p></td>
<td><p>Client decrypts the message: EST verification succeeds</p></td>
</tr>
<tr class="even">
<td><p>6</p></td>
<td><p>Check</p></td>
<td><p>Client parses the decrypted response and continues the CoAP processing; expected Changed Response with:</p>
<ul>
<li>Content-Format = 0 (text/plain)</li>
<li>Payload = 0x7a</li>
</ul></td>
</tr>
<tr class="odd">
<td><p>7</p></td>
<td><p>Verify</p></td>
<td><p>Client displays the received packet</p></td>
</tr>
</tbody>
</table>

<h2 id="incorrect-EST">5. Incorrect EST use</h2>
<h3 id="sec-context">5.1. Security Context not matching</h3>
<h3 id="replay">5.2. Replay of a previously sent message</h3>
<h3 id="auth">5.3. Accessing a non-EST-protected resource with EST</h3>
<h3 id="unauth">5.4. Accessing an EST-protected resource without EST</h3>
</body></html>