Interoperability Test Description
Identifier: TD_COAP_DTLS_01
Objective: Basic DTLS PSK (success case)
Configuration: CoAP_CFG_BASIC
References: [COAP]
Pre-test conditions:
  • Client and server support DTLS PSK with TLS_PSK_WITH_AES_128_CCM_8
  • Server listens for DTLS connections on port 5684
  • Server has been set up to accept PSK "sesame" on PSK identity "password" (ASCII strings without quotes as byte strings)
  • Client has been set up to use PSK "sesame" on PSK identity "password"
  • Server offers the resource coaps://.../secure with a non-empty representation available upon GET, but only in DTLS-secured connections (coap://.../secure, if available, might lead to 4.01)
Test Sequence: Step Type Description
1 Stimulus Client is requested to retrieve Server’s resource /secure
2 Check
  • Client opens a DTLS connection to server
  • cipher_suites in ClientHello contains TLS_PSK_WITH_AES_128_CCM_8
  • server selects TLS_PSK_WITH_AES_128_CCM_8 in ServerHello
  • DTLS setup is successful and leads to the exchange of Finished messages
3 Check Client sends a GET request to Server for /test resource
4 Check
  • Server sends response containing:
  • Code indicating 2.05 (Content)
  • Payload as set up on the Server
5 Verify Client displays the received information
Interoperability Test Description
Identifier: TD_COAP_DTLS_02
Objective: Basic DTLS PSK (failure case — wrong PSK)
Configuration: CoAP_CFG_BASIC
References: [COAP]
Pre-test conditions:
  • Client and server support DTLS PSK with TLS_PSK_WITH_AES_128_CCM_8
  • Server listens for DTLS connections on port 5684
  • Server has been set up to accept PSK "sesame" on PSK identity "password" (ASCII strings without quotes as byte strings)
  • Client has been set up to use PSK "wrong" on PSK identity "password"
  • Server offers the resource coaps://.../secure with a non-empty representation available upon GET, but only in DTLS-secured connections (coap://.../secure, if available, might lead to 4.01)
Test Sequence: Step Type Description
1 Stimulus Client is requested to retrieve Server’s resource /secure
2 Check
  • Client opens a DTLS connection to server
  • cipher_suites in ClientHello contains TLS_PSK_WITH_AES_128_CCM_8
  • server selects TLS_PSK_WITH_AES_128_CCM_8 in ServerHello
  • DTLS setup fails and leads to an Alert message (decrypt_error)
3 Verify Client displays error indication
Interoperability Test Description
Identifier: TD_COAP_DTLS_03
Objective: Lossy DTLS PSK (success case)
Configuration: CoAP_CFG_LOSSY
References: [COAP]
Pre-test conditions:
  • Client and server support DTLS PSK with TLS_PSK_WITH_AES_128_CCM_8
  • Server listens for DTLS connections on port 5684
  • Server has been set up to accept PSK "sesame" on PSK identity "password" (ASCII strings without quotes as byte strings)
  • Client has been set up to use PSK "sesame" on PSK identity "password"
  • Server offers the resource coaps://.../secure with a non-empty representation available upon GET, but only in DTLS-secured connections (coap://.../secure, if available, might lead to 4.01)
  • Gateway is introduced and configured to produce packet losses
Test Sequence: Step Type Description
1 Stimulus Client is requested to retrieve Server’s resource /secure
2 Check
  • Client opens a DTLS connection to server
  • cipher_suites in ClientHello contains TLS_PSK_WITH_AES_128_CCM_8
  • server selects TLS_PSK_WITH_AES_128_CCM_8 in ServerHello
  • DTLS setup is successful and leads to the exchange of Finished messages
3 Check Client sends a GET request to Server for /test resource
4 Check
  • Server sends response containing:
  • Code indicating 2.05 (Content)
  • Payload as set up on the Server
5 Verify Client displays the received information
6 Stimulus Repeat steps 1-5 until at least one of each of the DTLS handshake packets in a normal interchange has been lost
7 Verify
  • For each packet loss case mentioned in step 6:
  • Observe that retransmission is launched
Interoperability Test Description
Identifier: TD_COAP_DTLS_04
Objective: Basic DTLS RPK (success case)
Configuration: CoAP_CFG_BASIC
References: [COAP]
Pre-test conditions:
  • Client and server support DTLS RPK (using 122 for the client_certificate_type and 123 for the server_certificate_type) with TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (using 0xC0 0xAC as the cipher suite identifier)
  • Server listens for DTLS connections on port 5684
  • Server has been set up to accept a raw public key RPK_C of key type ECDSA defined by the client
  • Client has been set up to use RPK_C as its client_certificate
  • Client has been set up to accept a raw public key RPK_S of key type ECDSA defined by the server
  • Server has been set up to use RPK_S as its server_certificate
  • Server offers the resource coaps://.../secure with a non-empty representation available upon GET, but only in DTLS-secured connections (coap://.../secure, if available, might lead to 4.01)
Test Sequence: Step Type Description
1 Stimulus Client is requested to retrieve Server’s resource /secure
2 Check
  • Client opens a DTLS connection to server
  • cipher_suites in ClientHello contains TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
  • server selects TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 in ServerHello
  • DTLS setup is successful and leads to the exchange of Finished messages
3 Check Client sends a GET request to Server for /test resource
4 Check
  • Server sends response containing:
  • Code indicating 2.05 (Content)
  • Payload as set up on the Server
5 Verify Client displays the received information
Interoperability Test Description
Identifier: TD_COAP_DTLS_05
Objective: Basic DTLS RPK (client failure case)
Configuration: CoAP_CFG_BASIC
References: [COAP]
Pre-test conditions:
  • Client and server support DTLS RPK (using 122 for the client_certificate_type and 123 for the server_certificate_type) with TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (using 0xC0 0xAC as the cipher suite identifier)
  • Server listens for DTLS connections on port 5684
  • Server has been set up to accept a raw public key RPK_C of key type ECDSA defined by the client
  • Client has been set up to use RPK_C as its client_certificate
  • Client has *NOT* been set up to accept a raw public key RPK_S of key type ECDSA defined by the server but does require server authentication
  • Server has been set up to use RPK_S as its server_certificate
  • Server offers the resource coaps://.../secure with a non-empty representation available upon GET, but only in DTLS-secured connections (coap://.../secure, if available, might lead to 4.01)
Test Sequence: Step Type Description
1 Stimulus Client is requested to retrieve Server’s resource /secure
2 Check
  • Client opens a DTLS connection to server
  • cipher_suites in ClientHello contains TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
  • server selects TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 in ServerHello
  • DTLS setup fails and leads to an Alert message (certificate_unknown)
3 Verify Client displays error indication
Interoperability Test Description
Identifier: TD_COAP_DTLS_06
Objective: Basic DTLS RPK (server failure case)
Configuration: CoAP_CFG_BASIC
References: [COAP]
Pre-test conditions:
  • Client and server support DTLS RPK (using 122 for the client_certificate_type and 123 for the server_certificate_type) with TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (using 0xC0 0xAC as the cipher suite identifier)
  • Server listens for DTLS connections on port 5684
  • Server has *NOT* been set up to accept a raw public key RPK_C of key type ECDSA defined by the client but does require client authentication
  • Client has been set up to use RPK_C as its client_certificate
  • Client has been set up to accept a raw public key RPK_S of key type ECDSA defined by the server
  • Server has been set up to use RPK_S as its server_certificate
  • Server offers the resource coaps://.../secure with a non-empty representation available upon GET, but only in DTLS-secured connections (coap://.../secure, if available, might lead to 4.01)
Test Sequence: Step Type Description
1 Stimulus Client is requested to retrieve Server’s resource /secure
2 Check
  • Client opens a DTLS connection to server
  • cipher_suites in ClientHello contains TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
  • server selects TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 in ServerHello
  • DTLS setup fails and leads to an Alert message (certificate_unknown)
3 Verify Client displays error indication
Interoperability Test Description
Identifier: TD_COAP_DTLS_07
Objective: Lossy DTLS RPK (success case)
Configuration: CoAP_CFG_LOSSY
References: [COAP]
Pre-test conditions:
  • Client and server support DTLS RPK (using 122 for the client_certificate_type and 123 for the server_certificate_type) with TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (using 0xC0 0xAC as the cipher suite identifier)
  • Server listens for DTLS connections on port 5684
  • Server has been set up to accept a raw public key RPK_C of key type ECDSA defined by the client
  • Client has been set up to use RPK_C as its client_certificate
  • Client has been set up to accept a raw public key RPK_S of key type ECDSA defined by the server
  • Server has been set up to use RPK_S as its server_certificate
  • Server offers the resource coaps://.../secure with a non-empty representation available upon GET, but only in DTLS-secured connections (coap://.../secure, if available, might lead to 4.01)
  • Gateway is introduced and configured to produce packet losses
Test Sequence: Step Type Description
1 Stimulus Client is requested to retrieve Server’s resource /secure
2 Check
  • Client opens a DTLS connection to server
  • cipher_suites in ClientHello contains TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
  • server selects TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 in ServerHello
  • DTLS setup is successful and leads to the exchange of Finished messages
3 Check Client sends a GET request to Server for /test resource
4 Check
  • Server sends response containing:
  • Code indicating 2.05 (Content)
  • Payload as set up on the Server
5 Verify Client displays the received information
6 Stimulus Repeat steps 1-5 until at least one of each of the DTLS handshake packets in a normal interchange has been lost
7 Verify
  • For each packet loss case mentioned in step 6:
  • Observe that retransmission is launched