Tests Specification for OSCORE

Table of Contents

  1. Notes
  2. Security Contexts and Resources
    1. Security Context A: Client
    2. Security Context B: Server
    3. Resources
  3. Set up the environment
    1. Test 0a
    2. Test 0b
  4. Correct OSCORE use
    1. GET test
      1. Test 1a
      2. Test 1b
      3. Test 2a
      4. Test 2b
      5. Test 3a
      6. Test 3b
      7. Test 4a
      8. Test 4b
      9. Test 5a
      10. Test 5b
    2. POST test
      1. Test 6a
      2. Test 6b
    3. PUT test
      1. Test 7a
      2. Test 7b
      3. Test 8a
      4. Test 8b
    4. DELETE test
      1. Test 9a
      2. Test 9b
  5. Incorrect OSCORE use
    1. Security Context not matching
      1. Test 10a
      2. Test 10b
      3. Test 11a
      4. Test 11b
      5. Test 12a
      6. Test 12b
    2. Replay of a previously sent message
      1. Test 13a
      2. Test 13b
    3. Accessing a non-OSCORE-protected resource with OSCORE
      1. Test 14a
      2. Test 14b
    4. Accessing an OSCORE-protected resource without OSCORE
      1. Test 15a
      2. Test 15b

1. Notes

CoAP Version is 2 in all the tests.

The client and server may optionally display external_aad and COSE object (before and after compression) to simplify debugging.

When non-indicated, CoAP messages can be NON or CON (implementer's choice).

To be able to run Test 14, the implementer must run an OSCORE-unaware server.

The number used as Object-Security option number is set to 21 in this document.

2. Security Contexts and Resources

Security Context A: Client

Security Context B: Server

Resources

The list of resources the OSCORE-aware server must implement is the following:

The list of resource the OSCORE-unaware server must implement is the following:

3. Set up the environment

3.1. Identifier: TEST_0a

Objective : Verify that CoAP exchange works. Perform a simple GET transaction using COAP, Content-Format and Uri-Path option (Client side)

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request including:

  • Uri-Path : /oscore/hello/coap

2

Check

Client serializes the request

3

Verify

Client displays the sent packet

4

Check

Client parses the response and continues the CoAP processing expected; expected: 2.05 Content Response with:

  • Content-Format = 0 (text/plain)
  • Payload = "Hello World!"

5

Verify

Client displays the received packet

3.2. Identifier: TEST_0b

Objective : Verify that CoAP exchange works. Perform a simple GET transaction using COAP, Content-Format and Uri-Path option (Server side)

Configuration :

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request including:

  • Uri-Path = /oscore/hello/coap

2

Check

Server parses the request and continues the CoAP processing

3

Verify

Server displays the received packet

4

Check

Server serialize the response correctly, which is: 2.05 Content Response with:

  • Content-Format = 0 (text/plain)
  • Payload = "Hello World!"

5

Verify

Server displays the sent packet

4. Correct OSCORE use

4.1 GET Tests

4.1.1. Identifier: TEST_1a

Objective : Perform a simple GET transaction using OSCORE, Content-Format and Uri-Path option (Client side)

Configuration :

client security context: Security Context A, with:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path : /oscore/hello/1

2

Check

Client serializes the request, which is a POST request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: GET
    • Uri-Path : /oscore/hello/1

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

5

Verify

Client decrypts the message: OSCORE verification succeeds

6

Check

Client parses the decrypted response and continues the CoAP processing; expected 2.05 Content Response with:

  • Content-Format = 0 (text/plain)
  • Payload = "Hello World!"

7

Verify

Client displays the received packet

4.1.2. Identifier: TEST_1b

Objective : Perform a simple GET transaction using OSCORE, Content-Format and Uri-Path option (Server side)

Configuration :

server security context: Security Context B, with:

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path = /oscore/hello/1

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Verify

Server decrypts the message: OSCORE verification succeeds

5

Check

Server parses the request and continues the CoAP processing; expected: CoAP GET request, including:

  • Uri-Path : /oscore/hello/1

6

Verify

Server displays the received packet

7

Check

Server serialize the response correctly, which is: 2.04 Changed Response with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: 2.05 Content Response
    • Content-Format = 0 (text/plain)
    • Payload = "Hello World!"

8

Verify

Server displays the sent packet

4.1.3. Identifier: TEST_2a

Objective : Perform a GET transaction using OSCORE, Content-Format, Uri-Path, Uri-Query and ETag option (Client side)

Configuration :

client security context: Security Context A, with:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path = /oscore/hello/2
  • Uri-Query : first=1

2

Check

Client serializes the request, which is a POST request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: GET
    • Uri-Path : /oscore/hello/2
    • Uri-Query : first=1

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

5

Verify

Client decrypts the message: OSCORE verification succeeds

6

Check

Client parses the decrypted response and continues the CoAP processing; expected 2.05 Content Response with:

  • Content-Format = 0 (text/plain)
  • ETag with value 0x2b
  • Payload = "Hello World!"

7

Verify

Client displays the received packet

4.1.4. Identifier: TEST_2b

Objective : Perform a GET transaction using OSCORE, Content-Format, Uri-Path, Uri-Query and ETag option (Server side)

Configuration :

server security context: Security Context B, with:

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-path = /oscore/hello/2
  • Uri-Query : first=1

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Verify

Server decrypts the message: OSCORE verification succeeds

5

Check

Server parses the request and continues the CoAP processing; expected: CoAP GET request, including:

  • Uri-path = /oscore/hello/2
  • Uri-Query : first=1

6

Verify

Server displays the received packet

7

Check

Server serialize the response correctly, which is: 2.04 Changed Response with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: 2.05 Content Response
    • Content-Format = 0 (text/plain)
    • ETag with value 0x2b
    • Payload = "Hello World!"

8

Verify

Server displays the sent packet

4.1.5. Identifier: TEST_3a

Objective : Perform a GET transaction using OSCORE, Content-Format, Uri-Path, Accept and Max-Age option (Client side)

Configuration :

client security context: Security Context A, with:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-path = /oscore/hello/3
  • Accept = 0 (text/plain;charset=utf-8)

2

Check

Client serializes the request, which is a POST request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: GET
    • Uri-Path = /oscore/hello/3
    • Accept = 0 (text/plain;charset=utf-8)

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

5

Verify

Client decrypts the message: OSCORE verification succeeds

6

Check

Client parses the decrypted response and continues the CoAP processing; expected 2.05 Content Response with:

  • Content-Format = 0 (text/plain)
  • Max-Age with value 0x05
  • Payload = "Hello World!"

7

Verify

Client displays the received packet

4.1.6. Identifier: TEST_3b

Objective :Perform a GET transaction using OSCORE, Content-Format, Uri-Path, Accept and Max-Age option (Server side)

Configuration :

server security context: Security Context B, with:

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-path = /oscore/hello/3
  • Accept = 0 (text/plain;charset=utf-8)

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Verify

Server decrypts the message: OSCORE verification succeeds

5

Check

Server parses the request and continues the CoAP processing; expected: CoAP GET request, including:

  • Uri-path = /oscore/hello/3
  • Accept = 0 (text/plain;charset=utf-8)

6

Verify

Server displays the received packet

7

Check

Server serialize the response correctly, which is: 2.04 Changed Response with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: 2.05 Content Response
    • Content-Format = 0 (text/plain)
    • Max-Age with value 05
    • Payload = "Hello World!"

8

Verify

Server displays the sent packet

4.1.7. Identifier: TEST_4a

Objective : Perform a GET transaction using OSCORE, Content-Format, Uri-Path, and Observe. Response without observe. (Client side)

Configuration :

client security context: Security Context A, with:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-path = /oscore/hello/1
  • Observe = 0 (Registration)

2

Check

Client serializes the request, which is a FETCH request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: GET
    • Uri-Path = /oscore/hello/1
    • Observe = 0 (Registration)

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

5

Verify

Client decrypts the message: OSCORE verification succeeds

6

Check

Client parses the decrypted response and continues the CoAP processing; expected 2.05 Content Response with:

  • Content-Format = 0 (text/plain)
  • Payload = "Hello World!"

7

Verify

Client displays the received packet

4.1.8. Identifier: TEST_4b

Objective : Perform a GET transaction using OSCORE, Content-Format, Uri-Path, and Observe. Response without observe. (Server side)

Configuration :

server security context: Security Context B, with:

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-path = /oscore/hello/1
  • Observe = 0 (Registration)

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.05 FETCH with:

  • Object-Security option
  • Payload

4

Verify

Server decrypts the message: OSCORE verification succeeds

5

Check

Server parses the request and continues the CoAP processing; expected: CoAP GET request, including:

  • Uri-path = /oscore/hello/1
  • Observe = 0 (Registration)

6

Verify

Server displays the received packet

7

Check

Server serialize the response correctly, which is: 2.04 Changed Response with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: 2.05 Content Response
    • Content-Format = 0 (text/plain)
    • Payload = "Hello World!"

8

Verify

Server displays the sent packet

4.1.9. Identifier: TEST_5a

Objective : Perform a GET transaction using OSCORE, Content-Format, Uri-Path, and Observe (Client side)

Configuration :

client security context: Security Context A, with:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-path = /oscore/observe
  • Observe = 0 (Registration)

2

Check

Client serializes the request, which is a FETCH request, with:

  • Observe = 0 (Registration)
  • Object-Security option
  • Payload: ciphertext including:
    • Code: GET
    • Uri-Path = /oscore/observe

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.05 Content Response with:

  • Observe (Notification)
  • Object-Security option
  • Payload

5

Verify

Client decrypts the message: OSCORE verification succeeds

6

Check

Client parses the decrypted response and continues the CoAP processing; expected 2.05 Content Response with:

  • Observe (Notification)
  • Content-Format = 0 (text/plain)
  • Payload = ...

7

Verify

Client displays the received packet

8

Check

Client parses the response; expected: 2.05 Content Response with:

  • Observe (Notification)
  • Object-Security option
  • Payload

9

Verify

Client decrypts the message: OSCORE verification succeeds

10

Check

Client parses the decrypted response and continues the CoAP processing; expected 2.05 Content Response with:

  • Observe (Notification)
  • Content-Format = 0 (text/plain)
  • Payload = ...

11

Verify

Client displays the received packet

Etc.

4.1.10. Identifier: TEST_5b

Objective : Perform a GET transaction using OSCORE, Content-Format, Uri-Path, and Observe (Server side)

Configuration :

server security context: Security Context B, with:

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-path = /oscore/observe
  • Observe = 0 (Registration)

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.05 FETCH with:

  • Observe = 0 (Registration)
  • Object-Security option
  • Payload

4

Verify

Server decrypts the message: OSCORE verification succeeds

5

Check

Server parses the request and continues the CoAP processing; expected: CoAP GET request, including:

  • Uri-path = /oscore/observe
  • Observe = 0 (Registration)

6

Verify

Server displays the received packet

7

Check

Server serialize the response correctly, which is: 2.05 Content Response with:

  • Object-Security option
  • Observe (Notification)
  • Payload: ciphertext including:
    • Code: 2.05 Content Response
    • Content-Format = 0 (text/plain)
    • Payload = ...

8

Verify

Server displays the sent packet

9

Check

Server serialize the response correctly, which is: 2.05 Content Response with:

  • Object-Security option
  • Observe (Notification)
  • Payload: ciphertext including:
    • Code: 2.05 Content Response
    • Content-Format = 0 (text/plain)
    • Payload = ...

10

Verify

Server displays the sent packet

Etc.

4.2. POST Tests

4.2.1. Identifier: TEST_6a

Objective : Perform a POST transaction using OSCORE, Content-Format, and Uri-Path option, changing a resource (Client side)

Configuration :

client security context: Security Context A, with:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP POST request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path = /oscore/hello/6
  • Content-Format = 0
  • payload = 0x4a

2

Check

Client serializes the request, which is a POST request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: POST
    • Uri-Path = /oscore/hello/6
    • Content-Format = 0
    • payload = 0x4a

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

5

Verify

Client decrypts the message: OSCORE verification succeeds

6

Check

Client parses the decrypted response and continues the CoAP processing; expected 2.04 Changed Response with:

  • Content-Format = 0 (text/plain)
  • Payload = 0x4a

7

Verify

Client displays the received packet

4.2.2. Identifier: TEST_6b

Objective : Perform a POST transaction using OSCORE, Content-Format, and Uri-Path option, updating a resource (Server side)

Configuration :

server security context: Security Context B, with:

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP POST request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path = /oscore/hello/6
  • Content-Format = 0
  • payload = 0x4a

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Verify

Server decrypts the message: OSCORE verification succeeds

5

Check

Server parses the request and continues the CoAP processing; expected: CoAP POST request, including:

  • Uri-Path = /oscore/hello/6
  • Content-Format = 0 (text/plain)
  • Payload = 0x4a

6

Verify

Server displays the received packet

7

Check

Server serialize the response correctly, which is: 2.04 Changed Response with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: 2.04 Changed Response
    • Content-Format = 0 (text/plain)
    • Payload = 0x4a

8

Verify

Server displays the sent packet

4.3 PUT Tests

4.3.1. Identifier: TEST_7a

Objective : Perform a PUT transaction using OSCORE, Uri-Path, Content-Format and If-Match option (Client side)

Configuration :

client security context: Security Context A, with:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP PUT request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path = /oscore/hello/7
  • Content-Format = 0
  • If-Match with value 0x7b
  • payload = 0x7a

2

Check

Client serializes the request, which is a POST request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: PUT
    • Uri-Path = /oscore/hello/7
    • Content-Format = 0
    • If-Match with value 0x7b
    • payload = 0x7a

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

5

Verify

Client decrypts the message: OSCORE verification succeeds

6

Check

Client parses the decrypted response and continues the CoAP processing; expected 2.04 Changed Response with:

  • Content-Format = 0 (text/plain)
  • Payload = 0x7a

7

Verify

Client displays the received packet

4.3.2. Identifier: TEST_7b

Objective : Perform a PUT transaction using OSCORE, Uri-Path, Content-Format and If-Match option (Server side)

Configuration :

server security context: Security Context B, with:

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP PUT request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path = /oscore/hello/7
  • Content-Format = 0
  • If-Match with value 0x7b
  • payload = 0x7a

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Verify

Server decrypts the message: OSCORE verification succeeds

5

Check

Server parses the request and continues the CoAP processing; expected: CoAP PUT request, including:

  • Uri-Path = /oscore/hello/7
  • Content-Format = 0
  • If-Match with value 0x7b
  • payload = 0x7a

6

Verify

Server displays the received packet

7

Check

Server serialize the response correctly, which is: 2.04 Changed Response with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: 2.04 Changed Response
    • Content-Format = 0 (text/plain)
    • Payload 0x7a

8

Verify

Server displays the sent packet

4.3.3. Identifier: TEST_8a

Objective : Perform a PUT transaction using OSCORE, Uri-Path, Content-Format and If-None-Match option (Client side)

Configuration :

client security context: Security Context A, with:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP PUT request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path = /oscore/hello/7
  • Content-Format = 0
  • If-None-Match
  • payload = 0x8a

2

Check

Client serializes the request, which is a POST request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: PUT
    • Uri-Path = /oscore/hello/7
    • Content-Format = 0
    • If-None-Match
    • payload = 0x8a

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

5

Verify

Client decrypts the message: OSCORE verification succeeds

6

Check

Client parses the decrypted response and continues the CoAP processing; expected 4.12 Precondition Failed

7

Verify

Client displays the received packet

4.3.4. Identifier: TEST_8b

Objective : Perform a PUT transaction using OSCORE, Uri-Path, Content-Format and If-None-Match option (Server side)

Configuration :

server security context: Security Context B, with:

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP PUT request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path = /oscore/hello/7
  • Content-Format = 0
  • If-None-Match
  • payload = 0x8a

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Verify

Server decrypts the message: OSCORE verification succeeds

5

Check

Server parses the request and continues the CoAP processing; expected: CoAP PUT request, including:

  • Uri-Path = /oscore/hello/7
  • Content-Format = 0
  • If-None-Match
  • payload = 0x8a

6

Verify

Server displays the received packet

7

Check

Server serialize the response correctly, which is: 2.04 Changed Response with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: 4.12 Precondition Failed

8

Verify

Server displays the sent packet

4.4. DELETE Tests

4.4.1. Identifier: TEST_9a

Objective : Perform a DELETE transaction using OSCORE and Uri-Path option (Client side)

Configuration :

client security context: Security Context A, with:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP DEL request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path = /oscore/test

2

Check

Client serializes the request, which is a POST request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: DEL
    • Uri-Path = /oscore/test

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

5

Verify

Client decrypts the message: OSCORE verification succeeds

6

Check

Client parses the decrypted response and continues the CoAP processing; expected 2.02 Deleted

7

Verify

Client displays the received packet

4.4.2. Identifier: TEST_9b

Objective : Perform a DELETE transaction using OSCORE and Uri-Path option (Server side)

Configuration :

server security context: Security Context B, with:

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP DEL request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path = /oscore/test

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Verify

Server decrypts the message: OSCORE verification succeeds

5

Check

Server parses the request and continues the CoAP processing; expected: CoAP DEL request, including:

  • Uri-Path = /oscore/test

6

Verify

Server displays the received packet

7

Check

Server serialize the response correctly, which is: 2.04 Changed Response with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: 2.02 Deleted

8

Verify

Server displays the sent packet

5. Incorrect OSCORE use

5.1. Security Context not matching

5.1.1. Identifier: TEST_10a

Objective : Perform an unauthorized CON GET transaction: non matching Client Sender Id - Server Recipient Id (Client side)

Configuration :

client security context: Security Context A, with:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option (modified Sender ID)
  • Uri-Path : /oscore/hello/1

2

Check

Client serializes the request, which is a GET request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: GET
    • Uri-Path = /oscore/hello/1

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

5

Verify

Client decrypts the message: OSCORE verification succeeds

6

Check

Client parses the decrypted response and continues the CoAP processing; expected 4.01 Unauthorized, with:

  • Payload: Security context not found (optional)

7

Verify

Client displays the received packet

5.1.2. Identifier: TEST_10b

Objective :Perform an unauthorized GET transaction: non matching Client Sender Id - Server Recipient Id (Server side)

Configuration :

server security context: Security Context B

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option (modified Sender ID)
  • Uri-Path : /oscore/hello/1

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Verify

Server: OSCORE verification fails (Context not found)

5

Check

Server serialize the response correctly, which is 4.01 Unauthorized, with:

  • Payload: Security context not found (optional)

8

Verify

Server displays the sent packet

5.1.3. Identifier: TEST_11a

Objective : Perform a CON GET transaction with non matching Client Sender - Server Recipient Keys (Client side)

Configuration :

client security context: Security Context A, with:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path : /oscore/hello/1

2

Check

Client serializes the request, which is a POST request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: GET
    • Uri-Path = /oscore/hello/1

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

5

Verify

Client decrypts the message: OSCORE verification succeeds

6

Check

Client parses the decrypted response and continues the CoAP processing; expected 4.00 Bad Request error message:

  • Payload: Decryption failed (optional)

7

Verify

Client displays the received packet

5.1.4. Identifier: TEST_11b

Objective : Perform a CON GET transaction with non matching Client Sender - Server Recipient Keys (Server side)

Configuration :

server security context: Security Context B

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path : /oscore/hello/1

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Verify

Server: OSCORE verification fails (Decryption failed)

5

Check

Server serialize the response correctly, which is 4.00 Bad Request, with:

  • Payload: Decryption failed (optional)

8

Verify

Server displays the sent packet

5.1.5. Identifier: TEST_12a

Objective : Perform a CON GET transaction with non matching Client Recipient - Server Sender Keys (Client side)

Configuration :

client security context: Security Context A, with:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path : /oscore/hello/1

2

Check

Client serializes the request, which is a POST request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: GET
    • Uri-Path = /oscore/hello/1

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

5

Verify

Client: OSCORE verification fails (Decryption failed) response dropped, empty ACK sent back to the Server

6

Verify

Client displays the received packet

5.1.6. Identifier: TEST_12b

Objective : Perform a CON GET transaction with non matching Client Recipient - Server Sender Keys (Server side)

Configuration :

server security context: Security Context B

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path : /oscore/hello/1

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Verify

Server decrypts the message: OSCORE verification succeeds

5

Check

Server parses the request and continues the CoAP processing; expected: CoAP GET request, including:

  • Uri-Path = /oscore/hello/1

6

Verify

Server displays the received packet

7

Check

Server serialize the response correctly, which is: 2.04 Changed Response with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: 2.05 Content
    • Content-Format = 0 (text/plain)
    • Payload = "Hello World!"

8

Verify

Server displays the sent packet

5.2. Replay of a previously sent message

5.2.1. Identifier: TEST_13a

Objective : Perform a CON GET transaction using OSCORE, Content-Format and Uri-Path option, request replayed by the Client (Client side)

Configuration :

client security context: Security Context A

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path : /oscore/hello/1

2

Check

Client serializes the request, which is a POST request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: GET
    • Uri-Path = /oscore/hello/1

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

5

Verify

Client decrypts the message: OSCORE verification succeeds

6

Check

Client parses the decrypted response and continues the CoAP processing; expected 2.05 Content Response with:

  • Content-Format = 0 (text/plain)
  • Payload = "Hello World!"

7

Verify

Client displays the received packet

8

Stimulus

The client is requested to reset its own sequence number to the value before executing step 1

9

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path : /oscore/hello/1

10

Check

Client serializes the request, which is a POST request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: GET
    • Uri-Path = /oscore/hello/1

11

Verify

Client displays the sent packet

12

Check

Client parses the response; expected: 2.04 Changed Response with:

  • Object-Security option
  • Payload

13

Verify

Client decrypts the message: OSCORE verification succeeds

14

Check

Client parses the decrypted response and continues the CoAP processing; expected 4.00 Bad Request, with:

  • Payload: Replay protection failed (optional)

15

Verify

Client displays the received packet

5.2.2. Identifier: TEST_13b

Objective : Perform a CON GET transaction using OSCORE, Content-Format and Uri-Path option, request replayed by the Client (Client side)

Configuration :

server security context: Security Context B

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path = /oscore/hello/1

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Verify

Server decrypts the message: OSCORE verification succeeds

5

Check

Server parses the request and continues the CoAP processing; expected: CoAP GET request, including:

  • Uri-Path : /oscore/hello/1

6

Verify

Server displays the received packet

7

Check

Server serialize the response correctly, which is: 2.04 Changed Response with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: 2.05 Content Response
    • Content-Format = 0 (text/plain)
    • Payload = "Hello World!"

8

Verify

Server displays the sent packet

8

Stimulus

The client is requested to reset its own sequence number to the value before executing step 1

9

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path : /oscore/hello/1

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Verify

Server: OSCORE verification fails (Replay protection failed)

5

Check

Server serialize the response correctly, which is 4.00 Bad Request, with:

  • Payload: Replay protection failed (optional)

8

Verify

Server displays the sent packet

5.3. Accessing a non-OSCORE-protected resource with OSCORE

5.3.1. Identifier: TEST_14a

Objective : Perform a CON GET transaction using OSCORE to an OSCORE-unaware resource server, Content-Format and Uri-Path option (Client side)

Configuration :

client security context: Security Context A

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request protected with OSCORE, including:

  • Object-Security option
  • Uri-Path : /oscore/hello/coap

2

Check

Client serializes the request, which is a POST request, with:

  • Object-Security option
  • Payload: ciphertext including:
    • Code: GET
    • Uri-Path = /oscore/hello/coap

3

Verify

Client displays the sent packet

4

Check

Client parses the response; expected: 4.02 Bad Option with:

  • (Optional) Payload

5

Verify

Client: OSCORE verification fails (expected OSCORE) response dropped, empty ACK sent back to the

6

Verify

Client displays the received packet

5.3.2. Identifier: TEST_14b

Objective : Perform a CON GET transaction using OSCORE to a non protected resource, Content-Format and Uri-Path option (Server side)

Configuration :

The server does not implement OSCORE.

server security context: None

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request, including:

  • Object-Security option
  • Uri-Path : /oscore/hello/coap

2

Verify

Server displays the received packet

3

Check

Server parses the request; expected: 0.02 POST with:

  • Object-Security option
  • Payload

4

Check

Server serialize the response correctly, which is: 4.02 Bad Option with:

  • (Optional) Payload

5

Verify

Server displays the sent packet

5.4. Accessing an OSCORE-protected resource without OSCORE

5.4.1. Identifier: TEST_15a

Objective : Perform a CON GET transaction to a protected resource, Content-Format and Uri-Path option (Client side)

Configuration :

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request, including:

  • Uri-Path : /oscore/hello/1

2

Check

Client serializes the request, which is a GET request, with:

  • Uri-Path : /oscore/hello/1

3

Verify

Client displays the sent packet

4

Check

Client parses the response and continues the CoAP processing; expected: 4.01 Unauthorized error response, with:

  • Payload = diagnostic payload (optional)

5

Verify

Client displays the received packet

5.3.2. Identifier: TEST_15b

Objective : Perform a CON GET transaction to a protected resource, Content-Format and Uri-Path option (Server side)

Configuration :

server security context: Security Context B

server resources:

Test Sequence

Step Type Description

1

Stimulus

The client is requested to send a CoAP GET request, including:

  • Uri-Path : /oscore/hello/1

2

Check

Server parses the request and finds an unrecognized option of class "critical" (the Object-Security option)

3

Verify

Server displays the received packet

4

Check

Server serialize the response correctly, which is: 4.01 Unauthorized error response, with:

  • Payload = diagnostic payload (optional)

5

Verify

Server displays the sent packet