ItsSecurity_TestCases.ttcn3 631 KB
Newer Older
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             *  with {
             *      the IUT being in the 'authorized' state
             *  }
             *  ensure that {
             *      when {
             *          the IUT is requested to send a CAM
             *      } then {
garciay's avatar
garciay committed
             *          the IUT sends a SecuredMessage
             *              containing payload_field
garciay's avatar
garciay committed
             *                  containing exactly one element of type Payload
             *                      containing type
             *                          indicating 'signed'
             *                      containing not-empty data
             *      }
             *  }
             * </pre>
             *
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CAM_14_01_BV
             * @reference    ETSI TS 103 097 [1], clause 7.1
            testcase TC_SEC_ITSS_SND_CAM_14_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                // Test component configuration
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    ?, 
                                    mw_payload(
                                        e_signed
                    ))))) {
                        tc_ac.stop;
                        
                        log("*** " & testcasename() & ": PASS: CAM received with exactly 1 signed payload");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_CAM_14_01_BV
            
            /**
             * @desc    Check that the secured CAM contains only one TrailerField of type signature.
garciay's avatar
garciay committed
             *          Check that the signature contained in the SecuredMessage is calculated over the right fields by 
             *          cryptographically verifying the signature.
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             *  with {
             *      the IUT being in the 'authorized' state
             *  }
             *  ensure that {
             *      when {
             *          the IUT is requested to send a CAM
             *      } then {
garciay's avatar
garciay committed
             *          the IUT sends a SecuredMessage
            *              containing header_fields ['signer_info']
             *                  containing signer
             *                      containing type
             *                          indicating 'certificate_digest_with_sha256'
             *                      containing digest
             *                          referenced to the certificate
             *                              containing subject_info.subject_type
             *                                  indicating 'authorization_ticket' (2)
             *                              and containing subject_attributes['verification key'] (KEY)
garciay's avatar
garciay committed
             *                  or containing signer
             *                      containing type
             *                          indicating 'certificate'
             *                      containing certificate
             *                          containing subject_info.subject_type
             *                              indicating 'authorization_ticket' (2)
             *                          and containing subject_attributes['verification key'] (KEY)
garciay's avatar
garciay committed
             *              containing trailer_fields
             *                  containing single instance of type TrailerField
             *                      containing type
             *                          indicating 'signature'
             *                      containing signature
             *                          verifiable using KEY
             *      }
             *  }
             * </pre>
             *
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CAM_16_01_BV
             * @reference    ETSI TS 103 097 [1], clause 7.1
            testcase TC_SEC_ITSS_SND_CAM_16_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                //  Local variables
                const integer c_nbVerification := 3;
                var integer v_nbVerification := 0;
                var GeoNetworkingInd v_geoNwInd;
                var SignerInfo v_signerInfo;
                var Certificate v_certificate;
                var boolean v_certificateReceived := false;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_certificate
                    )))) -> value v_geoNwInd { 
                        tc_ac.stop;
                        log("*** " & testcasename() & ": INFO: CAM message with certificate received ***");
                        f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
                        v_certificate := v_signerInfo.signerInfo.certificate;
                        v_certificateReceived := true;
                        
                        if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_certificate) == false) {
                            log("*** " & testcasename() & ": FAIL: CAM received with invalide signature");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        
                        v_nbVerification := v_nbVerification + 1;
                        if (v_nbVerification < c_nbVerification) {
                            tc_ac.start;
                            repeat;
                        }
                    }
                    [v_certificateReceived == true] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_CAMs(
                                    mw_header_field_signer_info_digest
                    )))) -> value v_geoNwInd {
                        tc_ac.stop;
                        
                        if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_certificate) == false) {
                            log("*** " & testcasename() & ": FAIL: CAM received with invalide signature");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                        
                        v_nbVerification := v_nbVerification + 1;
                        if (v_nbVerification < c_nbVerification) {
                            tc_ac.start;
                            repeat;
                        }
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected CAM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                log("*** " & testcasename() & ": PASS: All CAMs received with correct signature");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_CAM_16_01_BV
garciay's avatar
garciay committed
        } // End of group sendCAMProfile
garciay's avatar
garciay committed
        /**
         * @desc Sending behaviour test cases for DENM profile
         * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.5 DENM profile
         */
        group sendDENMProfile {
garciay's avatar
garciay committed
             * @desc   Check that the sent Secured DENM contains a HeaderField its_aid that is set to 'AID_DENM' 
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             * with {
             *   the IUT being in the 'authorized' state
             * }
             * ensure that {
             *   when {
             *     the IUT is requested to send DENM
             *   } then {
garciay's avatar
garciay committed
             *     the IUT sends a SecuredMessage
             *         containing header_fields ['its_aid']
             *             containing its_aid
             *                 indicating 'AID_DENM'
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_DENM_01_01_BV
             * @reference    ETSI TS 103 097 [1], clause 5.4 and 7.2
garciay's avatar
garciay committed
            testcase TC_SEC_ITSS_SND_DENM_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
                var GeoNetworkingInd v_geoNwInd;
                var HeaderFields v_headersFields;
                var ItsDenm v_denmComponent;
                var integer v_previousHeaderType;
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
                
                // Test Body
                v_denmComponent := f_triggerDenmEvent();
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
garciay's avatar
garciay committed
                                        ?, 
                                        ?, 
                                        ?, 
                                        mw_header_field_its_aid_DENM
                                    )
                                ), 
garciay's avatar
garciay committed
                                ?
                    ))) -> value v_geoNwInd {
garciay's avatar
garciay committed
                        log("*** " & testcasename() & ": PASS: 'its_aid' is set to 'AID_DENM'");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    
                    // DENM without mandatory fields 
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_its_aid_DENM
                                    )
                    )))) {
                        log("*** " & testcasename() & ": FAIL: Secured DENM doesnt contain required headers");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    } 
                } // End of 'alt' statement
                
                // Postamble
                f_cancelDenmEvent(v_denmComponent);
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
garciay committed
            } // End of testcase TC_SEC_ITSS_SND_DENM_01_01_BV
garciay's avatar
garciay committed
             * @desc   Check that the secured DENM contains exactly one element of these header fields: signer_info, generation_time, 
             *         generation_location, message_type.
             *         Check that the header fields are in the ascending order according to the numbering of the enumeration except 
             *         of the signer_info, which is encoded first.
             *         Check that generation_time_with_confidence (generation_time_standard_deviation) is not used
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             * with {
             *   the IUT being in the 'authorized' state
             * }
             * ensure that {
             *   when {
garciay's avatar
garciay committed
             *     the IUT is requested to send DENM
garciay's avatar
garciay committed
             *     the IUT sends a SecuredMessage
             *       containing header_fields[0]
             *         containing type 
             *           indicating 'signer_info'
             *       containing header_fields [n].type
             *         indicating value less then header_fields [n+ 1].type
             *       containing header_fields ['generation_time']
             *       containing header_fields ['generation_location']
             *       not containing header_fields ['generation_time_with_confidence']
             *   }
             * }
             * </pre>
             * @see          ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_DENM_02_01_BV
             * @reference    ETSI TS 103 097 [1], clause 7.2
             */
            testcase TC_SEC_ITSS_SND_DENM_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
                var GeoNetworkingInd v_geoNwInd;
                var HeaderFields v_headersFields;
                var ItsDenm v_denmComponent;
                var integer v_previousHeaderType;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
                
                // Test Body
                v_denmComponent := f_triggerDenmEvent();
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field( e_signer_info ), 
                                        mw_header_field( e_generation_time ), 
                                        mw_header_field( e_generation_location ), 
                                        mw_header_field_its_aid_DENM
                                    )
                                ), 
                                mw_geoNwAnyPacket_withPayload(
                                    ?
                    )))) -> value v_geoNwInd {
                        tc_ac.stop;
                        
                        // Process header fields manually
                        v_headersFields := valueof(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields);
                        
                        // Check that signerInfo is first header
                        if (lengthof(v_headersFields) < 1 or not match(v_headersFields[0].type_, e_signer_info)) {
                            log("*** " & testcasename() & ": FAIL: SignerInfo is not first header");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);    
                        }
                       
                        v_previousHeaderType := enum2int(v_headersFields[0].type_);
                        for (var integer v_counter := 1; v_counter < lengthof(v_headersFields); v_counter := v_counter + 1) {
                            // Check forbidden header
                            // FIXME: 'generation_time_with_confidence' does not exist. is it e_generation_time_standard_deviation ?
                            if (match(v_headersFields[v_counter].type_, e_generation_time_standard_deviation)) {
                                log("*** " & testcasename() & ": FAIL: Forbidden header present");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            if (match(v_headersFields[v_counter].type_, e_signer_info)) {
                                log("*** " & testcasename() & ": FAIL: multiple instances of signer_info header");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            if (v_counter > 1 ) {
                                // Check that no header is duplicated
                                if (match(v_headersFields[v_counter].type_, v_previousHeaderType)) {
                                    log("*** " & testcasename() & ": FAIL: multiple instances of the same header");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                                
                                // Check that headers are ordered
                                if (match(v_headersFields[v_counter].type_, integer:(0..v_previousHeaderType))) { 
                                    log("*** " & testcasename() & ": FAIL: headers are not in the correct order");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                            }
                            v_previousHeaderType := enum2int(v_headersFields[v_counter].type_);
                        } // End of 'for' statement
                        
                        log("*** " & testcasename() & ": PASS: correct secured packet received");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    
                    // DENM without mandatory fields 
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_its_aid_DENM
                                    )
                    )))) {
                        log("*** " & testcasename() & ": FAIL: Secured DENM doesnt contain required headers");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    } 
                } // End of 'alt' statement
                
                // Postamble
                f_cancelDenmEvent(v_denmComponent);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_DENM_02_01_BV
            
            /**
             * @desc   Check that secured DENM contains the certificate as a signer_info 
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             * with {
             *   the IUT being in the 'authorized' state
             * }
             * ensure that {
             *   when {
             *     the IUT is requested to send a DENM
             *   } then {
             *     the IUT sends a SecuredMessage
             *       containing header_fields['signer_info']
             *         containing signer
             *           containing type
             *             indicating 'certificate'
             *           containing certificate
             *   }
             * }
             * </pre>
             * @see          ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_DENM_03_01_BV
             * @reference    ETSI TS 103 097 [1], clause 7.2
            testcase TC_SEC_ITSS_SND_DENM_03_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
                var GeoNetworkingInd v_geoNwInd;
                var HeaderFields v_headersFields;
                var HeaderFieldType v_previousHeaderType;
                var integer v_counter;
                var ItsDenm v_denmComponent;
                                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                v_denmComponent := f_triggerDenmEvent();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);    
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_DENMs(
                                    mw_header_field_signer_info_certificate
                                ), 
                                mw_geoNwAnyPacket_withPayload(
                                    ?
                    )))) {
                        if (v_counter < 3) {
                            f_cancelDenmEvent(v_denmComponent);
                            v_counter := v_counter + 1;
                            v_denmComponent := f_triggerDenmEvent();
                            repeat;
                        } else {
                            tc_ac.stop;
                            log("*** " & testcasename() & ": PASS: DENM signed with certificate");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                        }
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_DENMs(
                    )))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": FAIL: DENM signed with not a certificate");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_cancelDenmEvent(v_denmComponent);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_DENM_03_01_BV
garciay's avatar
garciay committed
             * @desc   Check that Secured DENM generation time is inside the validity period of the signing certificate
             *         Check that generation time value is realistic 
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             * with {
             *   the IUT being in the 'authorized' state
             * }
             * ensure that {
             *   when {
             *     the IUT is requested to send a DENM
             *   } then {
garciay's avatar
garciay committed
             *     the IUT sends a SecuredMessage
             *       containing exactly one header_fields['generation_time'] 
             *           containing generation_time
             *               indicating TIME_1 (CUR_TIME - 10min <= TIME_1 <= CUR_TIME + 10min)
             *       containing header_fields['signer_info']
             *           containing signer {
             *               containing type
             *                   indicating 'certificate'
             *               containing certificate
             *                   containing validity_restrictions['time_end']
             *                       containing end_validity
             *                           indicating value > TIME_1
             *               or containing validity_restrictions['time_start_and_end']
             *                   containing start_validity
             *                       indicating value <= GEN_TIME
             *                   and containing end_validity
             *                       indicating value > GEN_TIME
             *               or containing validity_restrictions['time_start_and_duration']
             *                   containing start_validity (CERT_START_VALIDITY)
             *                       indicating value <= GEN_TIME
             *                   and containing duration
             *                       indicating value > GEN_TIME - CERT_START_VALIDITY
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_DENM_04_01_BV
             * @reference   ETSI TS 103 097 [1], clauses 5.4 and 7.2
            testcase TC_SEC_ITSS_SND_DENM_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                // Local variables
                const integer        c_timeLimit := 10 * 60 * 1000000; // us
                var GeoNetworkingInd v_geoNwInd;
                var HeaderField      v_headerField;
                var Time64           v_generationTime;
                var Time64           v_curTime;
garciay's avatar
garciay committed
                var Time64           v_startTime, v_endTime, v_duration;
                var Certificate      v_cert;
                var ItsDenm          v_denmComponent;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
                v_denmComponent := f_triggerDenmEvent();
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field(
                                            e_generation_time
                                        ),
                                        mw_header_field_signer_info_certificate,
                                        mw_header_field_its_aid_DENM
                                    )
                                ), 
                                mw_geoNwAnyPacket_withPayload(
                                    ?
                    )))) -> value v_geoNwInd {
                        tc_ac.stop;
                        v_curTime := f_getCurrentTime();
                        v_curTime := v_curTime * 1000; // Time64 is in microseconds 
garciay's avatar
garciay committed
                        log("v_curTime (us)=", v_curTime);
                        if (f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_time, v_headerField)) {
                            v_generationTime := v_headerField.headerField.generation_time; 
garciay's avatar
garciay committed
                            log("v_generationTime (us) = ", v_generationTime);
                            if (not match(v_generationTime, Time64:(v_curTime-c_timeLimit, v_curTime+c_timeLimit))) {
                                log("*** " & testcasename() & ": FAIL: DENM generation time is not in 10 min range");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            
                            // Check that generation time is inside the certificate validation period
garciay's avatar
garciay committed
                            if (f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_signer_info, v_headerField)) {
                                v_cert := v_headerField.headerField.signer.signerInfo.certificate;
                                
                                for (var integer v_counter := 0; v_counter < lengthof(v_cert.validity_restrictions); v_counter := v_counter + 1) {
                                    if (v_cert.validity_restrictions[v_counter].type_ == e_time_end) {
                                        v_endTime := v_cert.validity_restrictions[v_counter].validity.end_validity * 1000000;
                                        if (not match(v_generationTime, Time64:(0 .. v_endTime))){
                                            log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
                                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                        }
garciay's avatar
garciay committed
                                    } else if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_end) {
                                        v_endTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.end_validity * 1000000;
                                        v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_end.start_validity * 1000000;
                                        if (not match(v_generationTime, Time64:(v_startTime .. v_endTime))){
                                            log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
                                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                        }
garciay's avatar
garciay committed
                                    } else if (v_cert.validity_restrictions[v_counter].type_ == e_time_start_and_duration) {
                                        v_startTime := v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.start_validity * 1000000;
garciay's avatar
garciay committed
                                        v_duration  := f_duration2time(v_cert.validity_restrictions[v_counter].validity.time_start_and_duration.duration_) * 1000000;
garciay's avatar
garciay committed
                                        if (not match(v_generationTime, Time64:(v_startTime .. v_duration))){
                                            log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
                                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                        }
                                    } else {
                                        log("*** " & testcasename() & ": FAIL: Mal-formed the certificate");
                                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                    }
                                } // End of 'for' statement
                                log("*** " & testcasename() & ": PASS: DENM generation time is inside the validity of the certificate");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                            }
                        }
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_DENMs(
                    )))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": FAIL: Invalid DENM received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_cancelDenmEvent(v_denmComponent);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_DENM_04_01_BV
garciay's avatar
garciay committed
             * @desc   Check that the secured DENM contains exactly one HeaderField generation_location 
             *         when AT certificate does not contain any region restrictions 
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION 
             * Config Id: CF01
             * with {
             *   the IUT has been authorized with the AT certificate (CERT_IUT_A)
             *     not containing validity_restrictions['region']
             * }
             * ensure that {
             *   when {
             *     the IUT is requested to send DENM
             *   } then {
garciay's avatar
garciay committed
             *     the IUT sends a SecuredMessage
             *       containing exactly one header_fields ['generation_location']
             *         containing generation_location
             *   }
             * }
             * </pre>
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_DENM_05_01_BV
             * @reference    ETSI TS 103 097 [1], clause 7.2
            testcase TC_SEC_ITSS_SND_DENM_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                var ItsDenm     v_denmComponent;
                
                // Test control
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
garciay's avatar
garciay committed
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
                // Test component configuration
                // CERT_IUT_A is the default one
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
                v_denmComponent := f_triggerDenmEvent();
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_DENMs(
                                    mw_header_field_signer_info_certificate(
                                        mw_certificate(
                                            ?,
                                            ?,
                                            ?,
                                            superset(
                                                mw_validity_restriction_any_valid_region
                    ))))))) {
                        log("*** " & testcasename() & ": INFO: Skip DENM containing region restrictions ***");
                        repeat;
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field(
                                            e_generation_location
                                        ),
                                        mw_header_field_signer_info_certificate,
                                        mw_header_field_its_aid_DENM
                    ))))) {
                        // The certificate doesn't contain region restrictions because such messages was catched before 
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: DENM contains generation location ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                        
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_DENMs(
                                    mw_header_field_signer_info_certificate
                    )))) {
                        // the message does not contain generation location 
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: DENM contains generation location ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_DENMs(
                    )))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement 
                
                // Postamble
                // Cancel DENM events
                f_cancelDenmEvent(v_denmComponent);
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_DENM_05_01_BV
            function f_TC_SEC_ITSS_SND_DENM_05_BV(
                                               in template GeographicRegion p_region := ?
            ) runs on ItsGeoNetworking {
                
                // Local variables
                var GeoNetworkingInd v_geoNwInd;
                var ItsDenm v_denmComponent;
                
                // Trigger DENM 
                v_denmComponent := f_triggerDenmEvent();
                tc_ac.start;
                alt {
                    // DENM contains generation location and certificate with region restrictions  
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field(
                                            e_generation_location
                                        ),
                                        mw_header_field_signer_info_certificate(
                                            mw_certificate(
                                                ?,
                                                ?,
                                                ?, 
                                                superset(
                                                    mw_validity_restriction_region(
                                                    )
                                                )
                                            )
                                        ),
                                        mw_header_field_its_aid_DENM
                    ))))) -> value v_geoNwInd {
                        var ValidityRestriction v_vr;
                        var HeaderField         v_hf;
                        tc_ac.stop;
                        // check that generation location is inside the circular region of the certificate
                        if (f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf)
                           and f_getCertificateValidityRestriction(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields[0].headerField.signer.signerInfo.certificate, e_region, v_vr)
                        ) {
                            if (f_isLocationInsideRegion(v_vr.validity.region, v_hf.headerField.generation_location)) {
                                log("*** " & testcasename() & ": PASS: DENM contains generation location inside the certificate validity region ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                            }else{
                                log("*** " & testcasename() & ": FAIL: DENM contains generation location outside the certificate validity region ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                        } else {
                            log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! DENM generation location or certificate region restriction header field does not exist");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                    // DENM signing certificate doesn't contains region restriction
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_its_aid_DENM,
                                        mw_header_field(e_generation_location),
                                        mw_header_field_signer_info_certificate(
                                        mw_certificate(
                                            ?,
                                            ?,
                                            ?, 
                                            { } // DENM signing certificate doesn't 'contains region restriction
                        tc_ac.stop;
                        log("*** " & testcasename() & ": INCONC: DENM certificate doesn't contain region restriction");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
garciay's avatar
garciay committed
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage_DENMs(
                    )))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                f_cancelDenmEvent(v_denmComponent);
            } // End of function f_TC_SEC_ITSS_SND_DENM_05_BV
            
            /**
             * @desc   Check that the secured DENM contains exactly one HeaderField generation_location 
             *         which is inside the circular region containing in the validity restriction of the 
             *         certificate pointed by the signer_info field     
             * <pre>
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_CIRCULAR_REGION
             * Config Id: CF01
             * with {
             *   the IUT has been authorized with the AT certificate (CERT_IUT_B) {
             *     containing validity_restrictions ['region'] {
             *       containing region{
             *         containing region_type
             *           indicating 'circle'
             *         containing circular_region
             *           indicating REGION
             *       }
             *     }
             *   }
             * }
             * ensure that {
             *   when {
             *     the IUT is requested to send a DENM
             *   } then {
garciay's avatar
garciay committed
             *     the IUT sends a SecuredMessage
             *       containing exactly one header_fields ['generation_location']
             *         containing generation_location
             *           indicating value inside the REGION
             *     }
             *   }
             * }
             * </pre>
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_DENM_05_02_BV
             * @reference    ETSI TS 103 097 [1], clause 7.2
            testcase TC_SEC_ITSS_SND_DENM_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
                
                // Local variables
                
                // Test control
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_CIRCULAR_REGION)) {
garciay's avatar
garciay committed
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_CIRCULAR_REGION' required for executing the TC ***");
                
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_B;
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
                f_TC_SEC_ITSS_SND_DENM_05_BV(mw_geographicRegion_circle);
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_DENM_05_02_BV
            /**
             * @desc   Check that the secured DENM contains exactly one HeaderField generation_location 
             *         which is inside the rectangular region containing in the validity restriction 
garciay's avatar
garciay committed
             *         of the certificate pointed by the signer_info field
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION
             * Config Id: CF01
             * with {
garciay's avatar
garciay committed
             *   the IUT has been authorized with the AT certificate (CERT_IUT_C)
             *     containing validity_restrictions ['region']
             *       containing region
             *         containing region_type
             *           indicating 'rectangle'
             *         containing rectangular_region
             *           indicating REGION
             * }
             * ensure that {
             *   when {
             *     the IUT is requested to send a DENM
             *   } then {
garciay's avatar
garciay committed
             *     the IUT sends a SecuredMessage
             *       containing exactly one header_field ['generation_location']
             *         containing generation_location
             *           indicating value inside the REGION
             *   }
             * }
             * </pre>
garciay's avatar
garciay committed
             * @see          ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_DENM_05_03_BV
             * @reference    ETSI TS 103 097 [1], clause 7.2
            testcase TC_SEC_ITSS_SND_DENM_05_03_BV() runs on ItsGeoNetworking system ItsSecSystem {
                if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                vc_hashedId8ToBeUsed := cc_iutCert_C;
                f_cf01Up();
                
                // Test adapter configuration