-
Notifications
You must be signed in to change notification settings - Fork 2
/
dtls.yml
166 lines (166 loc) · 6.49 KB
/
dtls.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
TD_COAP_DTLS_01:
obj: Basic DTLS PSK (success case)
cfg: CoAP_CFG_BASIC
ref: "[COAP]"
pre:
- &PSK Client and server support DTLS PSK with TLS_PSK_WITH_AES_128_CCM_8
- &P5684 Server listens for DTLS connections on port 5684
- &SESAME Server has been set up to accept PSK "sesame" on PSK identity "password" (ASCII strings without quotes as byte strings)
- &SESAME_C Client has been set up to use PSK "sesame" on PSK identity "password"
- &TEST_GET Server offers the resource coaps://.../secure with a non-empty representation available upon GET, but only in DTLS-secured connections (coap://.../secure, if available, might lead to 4.01)
seq:
- s: 'Client is requested to retrieve Server’s resource /secure'
- c:
- Client opens a DTLS connection to server
- cipher_suites in ClientHello contains TLS_PSK_WITH_AES_128_CCM_8
- server selects TLS_PSK_WITH_AES_128_CCM_8 in ServerHello
- DTLS setup is successful and leads to the exchange of Finished messages
- c: Client sends a GET request to Server for /test resource
- c:
- 'Server sends response containing:'
- Code indicating 2.05 (Content)
- Payload as set up on the Server
- v: Client displays the received information
TD_COAP_DTLS_02:
obj: Basic DTLS PSK (failure case — wrong PSK)
cfg: CoAP_CFG_BASIC
ref: "[COAP]"
pre:
- *PSK
- *P5684
- *SESAME
- Client has been set up to use PSK "wrong" on PSK identity "password"
- *TEST_GET
seq:
- s: 'Client is requested to retrieve Server’s resource /secure'
- c:
- Client opens a DTLS connection to server
- cipher_suites in ClientHello contains TLS_PSK_WITH_AES_128_CCM_8
- server selects TLS_PSK_WITH_AES_128_CCM_8 in ServerHello
- DTLS setup fails and leads to an Alert message (decrypt_error)
- v: Client displays error indication
TD_COAP_DTLS_03:
obj: Lossy DTLS PSK (success case)
cfg: CoAP_CFG_LOSSY
ref: "[COAP]"
pre:
- *PSK
- *P5684
- *SESAME
- *SESAME_C
- *TEST_GET
- &LOSSY Gateway is introduced and configured to produce packet losses
seq:
- s: 'Client is requested to retrieve Server’s resource /secure'
- c:
- Client opens a DTLS connection to server
- cipher_suites in ClientHello contains TLS_PSK_WITH_AES_128_CCM_8
- server selects TLS_PSK_WITH_AES_128_CCM_8 in ServerHello
- DTLS setup is successful and leads to the exchange of Finished messages
- c: Client sends a GET request to Server for /test resource
- c:
- 'Server sends response containing:'
- Code indicating 2.05 (Content)
- Payload as set up on the Server
- v: Client displays the received information
- s:
- 'Repeat steps 1-5 until at least one of each of the DTLS handshake packets in a normal interchange has been lost'
- v:
- 'For each packet loss case mentioned in step 6:'
- Observe that retransmission is launched
TD_COAP_DTLS_04:
obj: Basic DTLS RPK (success case)
cfg: CoAP_CFG_BASIC
ref: "[COAP]"
pre:
- &RPK Client and server support DTLS RPK (using 122 for the client_certificate_type and 123 for the server_certificate_type) with TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 (using 0xC0 0xAC as the cipher suite identifier)
- *P5684
- &RPK_C_S Server has been set up to accept a raw public key RPK_C of key type ECDSA defined by the client
- &RPK_C_C Client has been set up to use RPK_C as its client_certificate
- &RPK_S_C Client has been set up to accept a raw public key RPK_S of key type ECDSA defined by the server
- &RPK_S_S Server has been set up to use RPK_S as its server_certificate
- *TEST_GET
seq:
- s: 'Client is requested to retrieve Server’s resource /secure'
- c:
- Client opens a DTLS connection to server
- cipher_suites in ClientHello contains TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- server selects TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 in ServerHello
- DTLS setup is successful and leads to the exchange of Finished messages
- c: Client sends a GET request to Server for /test resource
- c:
- 'Server sends response containing:'
- Code indicating 2.05 (Content)
- Payload as set up on the Server
- v: Client displays the received information
TD_COAP_DTLS_05:
obj: Basic DTLS RPK (client failure case)
cfg: CoAP_CFG_BASIC
ref: "[COAP]"
pre:
- *RPK
- *P5684
- *RPK_C_S
- *RPK_C_C
- Client has *NOT* been set up to accept a raw public key RPK_S of key type ECDSA defined by the server but does require server authentication
- *RPK_S_S
- *TEST_GET
seq:
- s: 'Client is requested to retrieve Server’s resource /secure'
- c:
- Client opens a DTLS connection to server
- cipher_suites in ClientHello contains TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- server selects TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 in ServerHello
- DTLS setup fails and leads to an Alert message (certificate_unknown)
- v: Client displays error indication
TD_COAP_DTLS_06:
obj: Basic DTLS RPK (server failure case)
cfg: CoAP_CFG_BASIC
ref: "[COAP]"
pre:
- *RPK
- *P5684
- Server has *NOT* been set up to accept a raw public key RPK_C of key type ECDSA defined by the client but does require client authentication
- *RPK_C_C
- *RPK_S_C
- *RPK_S_S
- *TEST_GET
seq:
- s: 'Client is requested to retrieve Server’s resource /secure'
- c:
- Client opens a DTLS connection to server
- cipher_suites in ClientHello contains TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- server selects TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 in ServerHello
- DTLS setup fails and leads to an Alert message (certificate_unknown)
- v: Client displays error indication
TD_COAP_DTLS_07:
obj: Lossy DTLS RPK (success case)
cfg: CoAP_CFG_LOSSY
ref: "[COAP]"
pre:
- *RPK
- *P5684
- *RPK_C_S
- *RPK_C_C
- *RPK_S_C
- *RPK_S_S
- *TEST_GET
- *LOSSY
seq:
- s: 'Client is requested to retrieve Server’s resource /secure'
- c:
- Client opens a DTLS connection to server
- cipher_suites in ClientHello contains TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
- server selects TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 in ServerHello
- DTLS setup is successful and leads to the exchange of Finished messages
- c: Client sends a GET request to Server for /test resource
- c:
- 'Server sends response containing:'
- Code indicating 2.05 (Content)
- Payload as set up on the Server
- v: Client displays the received information
- s:
- 'Repeat steps 1-5 until at least one of each of the DTLS handshake packets in a normal interchange has been lost'
- v:
- 'For each packet loss case mentioned in step 6:'
- Observe that retransmission is launched