Newer
Older
8001
8002
8003
8004
8005
8006
8007
8008
8009
8010
8011
8012
8013
8014
8015
8016
8017
8018
8019
8020
8021
8022
8023
8024
8025
v_aa_cert := v_chain[lengthof(v_chain) - 2];
v_at_cert := v_chain[lengthof(v_chain) - 1];
if (match (
v_at_cert.validity_restrictions,
(
superset(
mw_validity_restriction_time_end,
mw_validity_restriction_time_start_and_duration
)
)
)) {
log("*** " & testcasename() & ": FAIL: AT certificate must not contain time_end and time_start_and_duration restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if ( true != f_getCertificateValidityRestriction(v_at_cert, e_time_start_and_end, v_vr)) {
log("*** " & testcasename() & ": FAIL: AT certificate must contain time_start_and_end restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) {
log("*** " & testcasename() & ": FAIL: start validity must not be greater then end validity in the validity restrictions of AT certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
8026
8027
8028
8029
8030
8031
8032
8033
8034
8035
8036
8037
8038
8039
8040
8041
8042
8043
8044
8045
8046
8047
8048
8049
if (true == f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_aa_vr)) {
if (
(v_vr.validity.time_start_and_end.start_validity < v_aa_vr.validity.time_start_and_end.start_validity) or
(v_vr.validity.time_start_and_end.end_validity > v_aa_vr.validity.time_start_and_end.end_validity)
) {
log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else if (true == f_getCertificateValidityRestriction(v_aa_cert, e_time_end, v_aa_vr)) {
if (v_vr.validity.time_start_and_end.end_validity > v_aa_vr.validity.end_validity) {
log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else if (true == f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_duration, v_aa_vr)) {
var Time64 v_end := v_aa_vr.validity.time_start_and_duration.start_validity + f_duration2time(v_aa_vr.validity.time_start_and_duration.duration_);
if (
(v_vr.validity.time_start_and_end.start_validity < v_aa_vr.validity.time_start_and_duration.start_validity) or
(v_vr.validity.time_start_and_end.end_validity > v_end)
) {
log("*** " & testcasename() & ": FAIL: AT certificate time validity restriction must be inside the AA certificate time validity restriction ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: Wrong AA certificate time restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: Time validity restriction of the AT certificate is good ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
/**
* @desc Check that all AIDs containing in the in the its_aid_ssp_list in AT certificate are unique and exists in the its_aid_list in the AA certificate
* Check that the length of SSP of each AID is 31 octet maximum
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* containing subject_info.subject_type
* indicating 'authorization_authority' (2)
* containing subject_attributes['its_aid_list']
* containing its_aid_list[0..N]
* indicating ITS_AID_LIST_AA
* containing subject_info.subject_type
* indicating 'authorization_ticket' (1)
* containing subject_attributes['its_aid_ssp_list']
* containing its_aid_ssp_list[0..N]
* containing its_aid_ssp_list[n]
* containing its_aid
* indicating unique value containing in the ITS_AID_LIST_AA
* containing service_specific_permissions
* indicating length <= 31 octet
* }
* }
* </pre>
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_07_01_BV
testcase TC_SEC_SND_CERT_AT_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_aa_cert, v_at_cert;
var SubjectAttribute v_sa;
var IntXs v_aid_list;
var ItsAidSsps v_aid_ssp_list;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
8109
8110
8111
8112
8113
8114
8115
8116
8117
8118
8119
8120
8121
8122
8123
8124
8125
8126
8127
8128
8129
8130
8131
8132
8133
8134
8135
8136
8137
8138
8139
8140
8141
8142
8143
8144
8145
8146
8147
8148
8149
8150
8151
8152
8153
8154
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_aa_cert := v_chain[lengthof(v_chain) - 2];
v_at_cert := v_chain[lengthof(v_chain) - 1];
if (not f_getCertificateSubjectAttribute(v_aa_cert, e_its_aid_list, v_sa)) {
log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_aid_list := v_sa.attribute.its_aid_list;
if (not f_getCertificateSubjectAttribute(v_at_cert, e_its_aid_ssp_list, v_sa)) {
log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_aid_ssp_list := v_sa.attribute.its_aid_ssp_list;
for (var integer v_counter :=0; v_counter < lengthof(v_aid_ssp_list); v_counter := v_counter + 1) {
// Check unique
for (var integer j :=0; j < lengthof(v_aid_ssp_list); j := j + 1) {
if (v_counter != j and v_aid_ssp_list[v_counter].its_aid == v_aid_ssp_list[j].its_aid) {
log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " is duplicated in AT certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
// if (not match(v_aid_ssp_list[v_counter], (all from v_aid_list))) {
// log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " is not exist in AA certificate ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// if (lengthof(v_aid_ssp_list[v_counter].service_specific_permissions.sspContainer) > 31) {
// log("*** " & testcasename() & ": FAIL: ITS-AID " & int2str(v_aid_ssp_list[v_counter].its_aid) & " has too long service_specific_permissions ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: The ITS_AID_SSP list of the AT certificate is good ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
/**
* @desc Check that AT certificate is signed by AA cert
* <pre>
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a first CAM
* } then {
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer {
* containing type
* indicating certificate_chain
* containing certificates[last-1] (CERT_AA) {
* containing subject_info.subject_type
* indicating 'authorization_authority' (2)
* and containing subject_attributes['verification key'] (KEY)
* }
* containing subject_info.subject_type
* indicating 'authorization_ticket' (1)
* }
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* referencing to CERT_AA
* }
* and containing signature
* verifiable using KEY
* }
* }
* </pre>
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_08_01_BV
* @reference ETSI TS 103 097 [1], clause 6.3
*/
testcase TC_SEC_SND_CERT_AT_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var CertificateChain v_chain;
var Certificate v_aa_cert, v_at_cert;
var HashedId8 v_aa_digest;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
8221
8222
8223
8224
8225
8226
8227
8228
8229
8230
8231
8232
8233
8234
8235
8236
8237
8238
8239
8240
8241
8242
8243
8244
8245
8246
8247
8248
8249
8250
8251
8252
8253
8254
8255
8256
8257
8258
8259
8260
8261
8262
8263
8264
8265
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (lengthof(v_chain) < 2) {
log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
}
v_at_cert := v_chain[lengthof(v_chain) - 1];
v_aa_cert := v_chain[lengthof(v_chain) - 2];
v_aa_digest := f_calculateDigestFromCertificate(v_aa_cert);
if (not match(v_at_cert, mw_at_certificate(mw_signerInfo_digest(v_aa_digest)))) {
log("*** " & testcasename() & ": FAIL: AT certificate signer info doesn't reference the AA certificate from the chain ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (not f_verifyCertificateSignatureWithIssuingCertificate(v_at_cert, v_aa_cert)) {
log("*** " & testcasename() & ": FAIL: AT certificate signature verification failed ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
log("*** " & testcasename() & ": PASS: AT certificate was signed by the AA certificate from the given chain ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
8266
8267
8268
8269
8270
8271
8272
8273
8274
8275
8276
8277
8278
8279
8280
8281
8282
8283
8284
8285
8286
8287
8288
8289
8290
8291
8292
8293
8294
8295
8296
8297
8298
8299
8300
8301
8302
8303
8304
8305
8306
8307
8308
8309
8310
8311
8312
8313
8314
8315
8316
8317
8318
8319
8320
8321
8322
8323
8324
8325
8326
8327
8328
8329
8330
8331
8332
8333
8334
8335
8336
8337
8338
8339
8340
8341
8342
8343
8344
8345
8346
8347
8348
8349
8350
8351
8352
8353
8354
8355
8356
8357
8358
8359
8360
8361
8362
8363
} // End of testcase TC_SEC_SND_CERT_AT_08_01_BV
// TODO To be removed
// /**
// * @desc Check that the assurance level of the subordinate certificate is equal to or lower than the assurance level of the issuing certificate
// * <pre>
// * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a SecuredMessage
// * containing header_fields['signer_info'].signer {
// * containing type
// * indicating certificate_chain
// * containing certificates[last-1] (CERT_AA) {
// * containing subject_attributes ['assurance_level']
// * containig assurance_level
// * indicating indicating assurance level AL_AA
// * }
// * containing certificates[last] (CERT_AT) {
// * containing subject_attributes ['assurance_level']
// * containig assurance_level
// * indicating indicating assurance level AL_AT (AL_AT <= AL_AA)
// * }
// * }
// * }
// * }
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_09_01_BV
// * @reference ETSI TS 103 097 [1], clause 7.4
// */
// testcase TC_SEC_SND_CERT_AT_09_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var CertificateChain v_chain;
// var Certificate v_aa_cert, v_at_cert;
// var SubjectAttribute v_sa;
// var SubjectAssurance v_aa_assurance_level, v_at_assurance_level;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
// }
// v_aa_cert := v_chain[lengthof(v_chain) - 2];
// v_at_cert := v_chain[lengthof(v_chain) - 1];
// if (not f_getCertificateSubjectAttribute(v_aa_cert, e_assurance_level, v_sa)) {
// log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// v_aa_assurance_level := v_sa.attribute.assurance_level;
//
// if (not f_getCertificateSubjectAttribute(v_at_cert, e_assurance_level, v_sa)) {
// log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// v_at_assurance_level := v_sa.attribute.assurance_level;
//
// if (bit2int(v_aa_assurance_level.levels) < bit2int(v_at_assurance_level.levels)) {
// log("*** " & testcasename() & ": FAIL: The assurence levels mismatch ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// } else {
// log("*** " & testcasename() & ": PASS: The assurence levels match ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// }
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_SND_CERT_AT_09_01_BV
//
* @desc Check that all necessary validity restrictions are present and arranged in ascending order
* Config Id: CF01
* with {
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* } ensure that {
* when {
* the IUT is requested to send a CAM
* } then {
* the IUT sends a SecuredMessage
* indicating 'certificate'
* containing certificate
* containing subject_attributes [0..N]
* indicating subject_attributes[n].type < subject_attributes[n+ 1].type
* containing subject_attributes['verification_key']
* containing subject_attributes['assurance_level']
* containing subject_attributes['its_aid_ssp_list']
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_SND_CERT_AT_10_01_BV
* @reference ETSI TS 103 097 [1], clauses 6.1
testcase TC_SEC_SND_CERT_AT_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
var Certificate v_at_cert;
var ValidityRestriction v_vr;
var ValidityRestrictions v_vrs;
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***");
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (not match(
v_at_cert,
mw_at_certificate(
mw_signerInfo_certificate
))) {
if (true != f_getCertificateValidityRestriction(v_at_cert.signer_info.signerInfo.certificate, e_time_start_and_end, v_vr)) {
log("*** " & testcasename() & ": FAIL: Required 'time_start_and_end' validity_restriction attribute of AT certificate is not found ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
v_vrs := v_at_cert.signer_info.signerInfo.certificate.validity_restrictions;
for (var integer v_counter := 1; v_counter < lengthof(v_vrs); v_counter := v_counter + 1 ) {
if (v_vrs[v_counter].type_ <= v_vrs[v_counter-1].type_) {
log("*** " & testcasename() & ": FAIL: AT certificate subject attributes are not arranged in ascending order ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
log("*** " & testcasename() & ": PASS: All required AT certificate subject attributes are presents and arranged in ascending order ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
8446
8447
8448
8449
8450
8451
8452
8453
8454
8455
8456
8457
8458
8459
8460
8461
8462
8463
8464
8465
8466
} // End of group AT_Certificates
} // End of group sendCertificatesProfile
} // End of group sendingBehavior
/**
* @desc Receiver behaviour test cases
* @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.3 Receiver behaviour
*/
group receiverBehavior {
/**
* @desc Sending behaviour test cases for CAM profile
* @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.3.2 CAM Profile
*/
group recvCamProfile {
/**
* @desc Check that IUT accepts a well-formed Secured CAM containing certificate in signer_info
* @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_CAM_01’. Only differences to this snippet are mentioned in subsequent test purposes
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing protocol_version
* indicating value '2'
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* and not containing any other header fields
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing CAM payload
* and containing trailer_fields
* containing single instance of type TrailerField
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* } then {
* the IUT accepts the message
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_RCV_CAM_01_01_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_taCert_A, omit, e_certificate);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that IUT accepts a well-formed Secured CAM containing certificate digest of the known certificate in signer_info
* @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_CAM_02’. Only differences to this snippet are mentioned in subsequent test purposes
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* the IUT already sent a Secured message containing certificate (CERT_AT_A)
* containing subject_info.subject_type
* indicating 'authorization_ticket' (2)
* and containing subject_attributes['verification key'] (KEY)
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing protocol_version
* indicating value '2'
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* containing type
* indicating 'certificate_digest_with_sha256'
* and containing digest
* referencing to certificate (CERT_AT_A)
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* and not containing any other header fields
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing CAM payload
* and containing trailer_fields
* containing single instance of type TrailerField
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* } then {
* the IUT accepts the message
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_RCV_CAM_01_02_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_01_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam(cc_taCert_A, omit, e_certificate_digest_with_sha256);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that IUT accepts a well-formed Secured CAM containing certificate chain in signer_info
* @remark The message defined in this test purpose is used in the subsequent test purposes with the snippet name ‘MSG_SEC_RCV_CAM_02’. Only differences to this snippet are mentioned in subsequent test purposes
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage
* containing protocol_version
* indicating value '2'
* and containing header_fields[0]
* containing type
* indicating 'signer_info'
* containing type
* indicating 'certificate_chain'
* and containing certificates
* containing subject_info.subject_type
* indicating 'authorization_authority'
* and containing subject_attributes['verification key'] (KEY_AA)
* containing subject_info.subject_type
* indicating 'authorization_ticket'
* containing type
* indicating 'certificate_digest_with_sha256'
* containing digest
* referencing to the CERT_AA_A
* and containing signature
* verifiable using KEY_AA
* and containing subject_attributes['verification key'] (KEY)
* containing type
* indicating 'generation_time'
* containing generation_time
* indicating CURRENT_TIME
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* and not containing any other header fields
* containing type
* indicating 'signed'
* containing data
* indicating length > 0
* containing CAM payload
* and containing trailer_fields
* containing single instance of type TrailerField
* containing type
* indicating 'signature'
* containing signature
* verifiable using KEY
* } then {
* the IUT accepts the message
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_RCV_CAM_01_03_BV
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_01_03_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": PASS: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
log("*** " & testcasename() & ": FAIL: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that IUT discards a Secured CAM containing protocol version set to a value less then 2
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01)
* containing protocol_version
* indicating 1
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* } then {
* the IUT discards a SecuredMessage
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_RCV_CAM_02_01_BO
* @reference ETSI TS 103 097 [1], clause 5.2
*/
testcase TC_SEC_ITSS_RCV_CAM_02_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam_Bo(cc_taCert_A, PX_WRONG_PROTOCOL_VERSION);
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
}
if (i < lengthof(vc_utInds)) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that IUT discards a Secured CAM containing protocol version set to a value greater then 2
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01)
* containing protocol_version
* indicating 3
* containing header_fields['its_aid']
* indicating 'AID_CAM'
* } then {
* the IUT discards a SecuredMessage
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_RCV_CAM_02_02_BO
* @reference ETSI TS 103 097 [1], clause 5.2
*/
testcase TC_SEC_ITSS_RCV_CAM_02_02_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_sendSecuredCam_Bo(cc_taCert_A, PX_WRONG_PROTOCOL_VERSION); // Change PX_WRONG_PROTOCOL_VERSION to 3
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
log("*** " & testcasename() & ": FAIL: GN was transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
else {
log("*** " & testcasename() & ": PASS: GN was not transmitted to upper layer ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
* @desc Check that IUT discards a secured CAM if the header_fields contains more than one element of header field type: signer_info
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* ensure that {
* when {
* the IUT is receiving a SecuredMessage (MSG_SEC_RCV_CAM_01)
* containing header_fields[0].type
* indicating 'signer_info'
* and containing header_fields[1].type
* indicating 'signer_info'
* and containing header_fields[2].type
* indicating 'generation_time'
* containing type
* indicating 'its_aid'
* containing its_aid
* indicating 'AID_CAM'
* and not containing other header fields
* } then {
* the IUT discards the message
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.2.2 TP_SEC_ITSS_RCV_CAM_04_01_BO
* @reference ETSI TS 103 097 [1], clause 7.1
*/
testcase TC_SEC_ITSS_RCV_CAM_04_01_BO() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var integer i;
var GeoNetworkingPdu v_securedGnPdu;
var GnRawPayload v_sentRawPayload;
// Test adapter configuration
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
v_securedGnPdu := f_prepareSecuredCam(
cc_taCert_A,
{
m_header_field_signer_info(
m_signerInfo_digest(
vc_atCertificate.signer_info.signerInfo.digest
)),
m_header_field_signer_info(
m_signerInfo_certificate(
vc_aaCertificate
)),
m_header_field_generation_time(1000 * f_getCurrentTime()), // In us
m_header_field_its_aid_CAM
},
e_certificate_digest_with_sha256,
false
);
f_sendGeoNetMessage(m_geoNwReq_linkLayerBroadcast(v_securedGnPdu));
v_sentRawPayload := f_adaptPayloadForUtInd_m(v_securedGnPdu.gnPacket.packet.payload);
for (i := 0; i < lengthof(vc_utInds) and not match(vc_utInds[i].rawPayload, v_sentRawPayload); i := i + 1) {
// empty on purpose
} // End of 'for' statement
if (i < lengthof(vc_utInds)) {