Newer
Older
if (f_decrypt(vc_encryptPrivateKey, f_getSecuredMessage(v_geoNwInd.msgIn), v_decryptedMsg) == false) {
log("*** " & testcasename() & ": FAIL: Unable to process encryption data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else if (match(v_decryptedMsg, mw_etsiTs103097Data_signed) == false) {
log("*** " & testcasename() & ": FAIL: Unable to parse signed data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
// TODO Check signature?
log("*** " & testcasename() & ": PASS: IUT sends signed and encrypted message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_ENC_05_BV
} // End of group encryptedMessagesProfile
/**
* @desc Sending behaviour test cases for certificates profile
* @see ETSI TS 103 096-2 V1.3.32 (2018-01) Clause 5.2.8 Profiles for certificates
*/
7035
7036
7037
7038
7039
7040
7041
7042
7043
7044
7045
7046
7047
7048
7049
7050
7051
7052
7053
7054
7055
7056
7057
7058
7059
7060
7061
/**
* @desc Check that IUT certificate is explicit and has version 3.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected behaviour:
* ensure that {
* when {
* the AA is issued the certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing version
* indicating 3
* and containing type
* indicating 'explicit'
* and containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_01_BV
* @reference ETSI TS 103 097 [1], Clauses 6
* @reference IEEE 1609.2 [2] Clause 6.4.3
*/
testcase TC_SEC_ITSS_SND_CERT_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
f_askForCertificateChain(f_generateDefaultCam()); // TODO Rename f_askForCertificateChain into f_askForCertificateAA
tc_ac.stop;
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
mw_ieee1609Dot2_headerInfo_request_certificate(
7101
7102
7103
7104
7105
7106
7107
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123
7124
7125
7126
7127
7128
7129
7130
7131
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144
7145
7146
7147
7148
7149
7150
7151
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_aa
)))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Security protocol version set to 3 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_01_BV
/**
* @desc Check that IUT certificate is conformed to ETSI TS 103 097 clause 6.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected behaviour:
* ensure that {
* when {
* the AA is issued the certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing id
* indicating 'none'
* or indicating 'name'
* and containing cracaId
* indicating '000000'H
* and containing crlSeries
* indicating '0'D
* and not containing certRequestPermissions
* and not containing canRequestRollover
* and containing signature
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_02_BV
* @reference ETSI TS 103 097 [1], Clauses 6
*/
testcase TC_SEC_ITSS_SND_CERT_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
7172
7173
7174
7175
7176
7177
7178
7179
7180
7181
7182
7183
7184
7185
7186
7187
7188
7189
7190
7191
7192
7193
7194
7195
7196
7197
7198
7199
7200
7201
7202
7203
7204
7205
7206
7207
7208
7209
7210
7211
7212
7213
7214
7215
7216
7217
7218
7219
7220
7221
7222
7223
7224
7225
7226
7227
7228
7229
7230
7231
7232
7233
7234
7235
7236
7237
7238
7239
7240
7241
7242
7243
7244
7245
7246
7247
7248
7249
7250
7251
7252
7253
7254
7255
7256
7257
tc_ac.start;
f_askForCertificateChain(f_generateDefaultCam());
tc_ac.stop;
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
-,
mw_ieee1609Dot2_headerInfo_request_certificate(
-,
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_aa(
mw_certificateId_name
))))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AA certificate is conformed to ETSI TS 103 097 clause 6, with named id ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
-,
mw_ieee1609Dot2_headerInfo_request_certificate(
-,
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_aa(
mw_certificateId_none
))))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AA certificate is conformed to ETSI TS 103 097 clause 6, with none id ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_02_BV
/**
* @desc Check that the certificate issuer of certificates is referenced using digest;
* Check that right digest field is used to reference to the certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (X_CERTIFICATE)
* }
* ensure that {
* when {
* the CA is issued the certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing signedData
* containing self
* or containing X_DIGEST
* indicating last 8 bytes of the hash of the certificate calculated using X_ALGORITHM
* referenced to certificate
* containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* containing X_KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_03_BV
* @reference ETSI TS 103 097 [1], Clauses 5.2 & 7.1.3
* @reference IEEE 1609.2 [2], Clauses 5.3.1, 6.3.4, 6.3.29, 6.3.30, 6.3.31
testcase TC_SEC_ITSS_SND_CERT_03_BV() runs on ItsGeoNetworking system ItsSecSystem {
var EtsiTs103097Certificate v_ca_certificate;
var EtsiTs103097Certificate v_aa_certificate;
var EtsiTs103097Certificate v_at_certificate;
var HashedId8 v_ca_hashedId8;
var HashedId8 v_aa_hashedId8;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
// Test component configuration
7278
7279
7280
7281
7282
7283
7284
7285
7286
7287
7288
7289
7290
7291
7292
7293
7294
7295
7296
7297
7298
7299
7300
7301
7302
7303
7304
7305
7306
7307
7308
7309
7310
7311
7312
7313
7314
7315
7316
7317
7318
7319
7320
7321
7322
7323
7324
7325
7326
7327
7328
7329
7330
7331
7332
7333
7334
7335
7336
7337
7338
7339
7340
7341
7342
7343
7344
7345
7346
7347
7348
7349
7350
7351
7352
7353
7354
7355
7356
7357
7358
7359
7360
7361
7362
7363
7364
7365
7366
7367
7368
7369
7370
7371
7372
7373
7374
7375
7376
7377
7378
7379
7380
7381
7382
7383
7384
7385
7386
7387
7388
7389
7390
7391
7392
7393
7394
7395
7396
7397
7398
7399
7400
7401
7402
7403
7404
7405
7406
7407
7408
7409
7410
7411
// Test adapter configuration
// Preamble
f_readCertificate(cc_taCert_CA1, v_ca_certificate); // TODO Use PIXIT as array of strings to change
// certificates to be checked
f_readCertificate(cc_taCert_CC_AA, v_aa_certificate);
f_readCertificate(cc_iutCert_A, v_at_certificate);
f_getCertificateDigest(cc_taCert_CC_AA, v_ca_hashedId8);
f_getCertificateDigest(cc_taCert_CC_AA, v_aa_hashedId8);
// Test Body
// 1. Check certificate format
if (match(
v_ca_certificate,
mw_etsiTs103097Certificate(
mw_issuerIdentifier_self,
mw_toBeSignedCertificate_ca
)) == true) {
log("*** " & testcasename() & ": INFO: CA certificate are well formatted ***");
} else {
log("*** " & testcasename() & ": FAIL: Invalid CA certificate ***");
setverdict(fail);
} // End of 'alt' statement
if (match(
v_aa_certificate,
mw_etsiTs103097Certificate(
?,
mw_toBeSignedCertificate_aa
)) == true) {
log("*** " & testcasename() & ": INFO: AA certificate are well formatted ***");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
if (match(
v_at_certificate,
mw_etsiTs103097Certificate(
?,
mw_toBeSignedCertificate_at
)) == true) {
log("*** " & testcasename() & ": INFO: AT sertificate are well formatted ***");
} else {
log("*** " & testcasename() & ": Invalid AT certificate ***");
setverdict(fail);
} // End of 'alt' statement
// 2. Check issuers
if (v_ca_certificate.issuer.self_ == sha256) {
if (match(v_ca_hashedId8, v_aa_certificate.issuer.sha256AndDigest) == true) {
log("*** " & testcasename() & ": INFO: AA certificate is issued from CA certificate ***");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
if (match(v_aa_hashedId8, v_at_certificate.issuer.sha256AndDigest) == true) {
log("*** " & testcasename() & ": INFO: AT certificate is issued from CA certificate ***");
setverdict(pass, "Certificates are well-formated and issuer chain is correct");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
} else if (v_ca_certificate.issuer.self_ == sha384) {
if (match(v_ca_hashedId8, v_aa_certificate.issuer.sha384AndDigest) == true) {
log("*** " & testcasename() & ": INFO: AA certificate is issued from CA certificate ***");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
if (match(v_aa_hashedId8, v_at_certificate.issuer.sha384AndDigest) == true) {
log("*** " & testcasename() & ": INFO: AT certificate is issued from CA certificate ***");
setverdict(pass, "Certificates are well-formated and issuer chain is correct");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
} else {
log("*** " & testcasename() & ": FAIL: Invalid CA certificate issuer ***");
setverdict(fail);
}
// Postamble
} // End of testcase TC_SEC_ITSS_SND_CERT_03_BV
/**
* @desc Check that the rectangular certificate validity region of the subordinate certificate is well formed
* and inside the validity region of the issuing certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_RECTANGULAR_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the CA is authorized with AA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT issued the AT certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing rectangularRegion
* containing items of type RectangularRegion
* containing northwest
* indicating a point inside the REGION
* and containing southeast
* indicating a point on the south from northwest
* and inside the REGION
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_04_BV
* @reference ETSI TS 103 097 [1], Clauses 6
*/
testcase TC_SEC_ITSS_SND_CERT_04_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SequenceOfCertificate v_aa_certificate;
var SignerIdentifier v_signerIdentifier;
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_RECTANGULAR_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
tc_ac.start;
f_askAndWaitForCertificateChain(v_aa_certificate, f_generateDefaultCam());
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
mw_toBeSignedData(
mw_signedDataPayload,
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_rectangular
)))))))) -> value v_geoNwInd {
if (f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var integer v_counter;
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate); v_counter := v_counter + 1) {
if (f_areRectanglesInside(v_signerIdentifier.certificate[v_counter].toBeSigned.region.rectangularRegion, v_aa_certificate[0].toBeSigned.region.rectangularRegion) == false) {
break;
}
} // End of of for statement
if (v_counter == lengthof(v_signerIdentifier.certificate)) {
log("*** " & testcasename() & ": PASS: AT certificate is inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: AT certificate is not inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
mw_toBeSignedData(
mw_signedDataPayload,
mw_signerIdentifier_digest // containing digest
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_04_BV
* @desc Check that the IUT supports at least 8 entries in the rectangular certificate validity
* region in the AT certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_RECTANGULAR_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (CERT_IUT_C_AT_8)
* containing toBeSigned
* containing region
* containing rectangularRegion
* containing 8 entries
* containing one entry (ENTRY)
* containing current IUT position
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a secured DENM
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing headerInfo
* containing generationLocation
* indicating position inside the ENTRY
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_05_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.17
*/
testcase TC_SEC_ITSS_SND_CERT_05_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var GeoNetworkingInd v_geoNwInd;
var HeaderInfo v_headerInfo;
var SignerIdentifier v_signerIdentifier;
var Certificate v_cert;
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_RECTANGULAR_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_A; // FIXME Review certificate to be used
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
v_denmComponent := f_triggerDenmEvent();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_rectangular
)
)
)
)
),
mw_geoNwBroadcastPacket
))) -> value v_geoNwInd {
if (f_getMsgHeaderInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_headerInfo) and f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var ThreeDLocation v_location := { v_headerInfo.generationLocation.latitude, v_headerInfo.generationLocation.longitude, v_headerInfo.generationLocation.elevation };
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate); v_counter := v_counter + 1) {
if (f_isLocationInsideRegion(v_signerIdentifier.certificate[v_counter].toBeSigned.region, v_location) == false) {
break;
}
} // End of of for statement
if (v_counter == lengthof(v_signerIdentifier.certificate)) {
log("*** " & testcasename() & ": PASS: AT certificate is inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: AT certificate is not inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
),
mw_signerIdentifier_digest // containing digest
)
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_05_BV
7629
7630
7631
7632
7633
7634
7635
7636
7637
7638
7639
7640
7641
7642
7643
7644
7645
7646
7647
7648
7649
7650
7651
7652
7653
7654
7655
7656
7657
7658
7659
7660
7661
7662
7663
7664
7665
7666
7667
7668
7669
7670
7671
7672
7673
7674
7675
7676
7677
7678
7679
7680
7681
7682
7683
7684
7685
7686
7687
7688
7689
7690
7691
7692
7693
7694
7695
7696
7697
7698
7699
7700
7701
7702
7703
7704
7705
7706
7707
7708
7709
7710
7711
7712
7713
7714
7715
7716
7717
7718
7719
7720
7721
7722
7723
7724
7725
7726
7727
7728
7729
7730
7731
7732
7733
7734
7735
7736
7737
7738
7739
7740
7741
7742
7743
7744
7745
7746
7747
7748
7749
7750
7751
7752
7753
7754
7755
7756
7757
7758
7759
7760
7761
7762
7763
7764
7765
7766
7767
7768
7769
7770
7771
7772
7773
7774
7775
7776
7777
7778
7779
7780
7781
7782
7783
7784
7785
7786
7787
7788
7789
7790
7791
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815
7816
7817
7818
7819
7820
7821
7822
7823
7824
7825
7826
7827
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847
7848
7849
7850
7851
7852
7853
7854
7855
7856
7857
7858
7859
7860
7861
7862
7863
7864
7865
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876
7877
7878
7879
7880
7881
7882
7883
7884
7885
7886
7887
7888
7889
7890
7891
7892
7893
7894
7895
7896
7897
7898
7899
7900
7901
7902
7903
7904
7905
7906
7907
7908
7909
7910
7911
7912
7913
7914
7915
7916
7917
7918
7919
7920
7921
7922
7923
7924
7925
7926
7927
7928
7929
7930
7931
7932
7933
7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
7957
7958
7959
7960
7961
7962
7963
7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
7979
7980
7981
7982
7983
7984
7985
7986
7987
7988
7989
7990
7991
7992
7993
7994
7995
7996
7997
7998
7999
8000
/**
* @desc Check that the rectangular certificate validity region of the subordinate certificate is well formed
* and inside the validity region of the issuing certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_POLYGONAL_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the CA is authorized with AA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT issued the AT certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing polygonalRegion
* containing more than 2 items of type TwoDLocation
* indicating points inside the REGION
* and indicating unintercepting segments
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_06_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.21, 6.4.17,5.1.2.4
*/
testcase TC_SEC_ITSS_SND_CERT_06_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SequenceOfCertificate v_aa_certificate;
var SignerIdentifier v_signerIdentifier;
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_POLYGONAL_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
// Wait for the message with the certificate to retrieve the AA digest.
// Ask for the chain, containing AT and AA certificate
// Check AA Certificate
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
f_askAndWaitForCertificateChain(v_aa_certificate, f_generateDefaultCam());
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_polygonal
)))))))) -> value v_geoNwInd {
tc_ac.stop;
if (f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var integer v_counter;
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate); v_counter := v_counter + 1) {
if (f_arePolygonsInside(v_signerIdentifier.certificate[v_counter].toBeSigned.region.polygonalRegion, v_aa_certificate[0].toBeSigned.region.polygonalRegion) == false) {
break;
}
} // End of of for statement
if (v_counter == lengthof(v_signerIdentifier.certificate)) {
log("*** " & testcasename() & ": PASS: AT certificate is inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: AT certificate is not inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_digest // containing digest
)
)
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_06_BV
/**
* @desc Check that the IUT supports at least 8 entries in the polygonal certificate validity
* region in the AT certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_POLYGONAL_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (CERT_IUT_D_AT_8)
* containing toBeSigned
* containing region
* containing polygonalRegion
* containing 8 entries
* indicating polygon P
* and the IUT’s position is inside the polygon P
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a secured DENM
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing headerInfo
* containing generationLocation
* indicating position inside the P
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_07_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.17
*/
testcase TC_SEC_ITSS_SND_CERT_07_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var GeoNetworkingInd v_geoNwInd;
var HeaderInfo v_headerInfo;
var SignerIdentifier v_signerIdentifier;
var Certificate v_cert;
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_POLYGONAL_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_A; // FIXME Review certificate to be used
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
v_denmComponent := f_triggerDenmEvent();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_denm
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
?,
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_polygonal
)
)
)
)
),
mw_geoNwBroadcastPacket
))) -> value v_geoNwInd {
tc_ac.stop;
if (f_getMsgHeaderInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_headerInfo) and f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var ThreeDLocation v_location := { v_headerInfo.generationLocation.latitude, v_headerInfo.generationLocation.longitude, v_headerInfo.generationLocation.elevation };
var integer v_counter;
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate); v_counter := v_counter + 1) {
if (f_isLocationInsideRegion(v_signerIdentifier.certificate[v_counter].toBeSigned.region, v_location) == false) {
break;
}
} // End of of for statement
if (v_counter == lengthof(v_signerIdentifier.certificate)) {
log("*** " & testcasename() & ": PASS: AT certificate is inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: AT certificate is not inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_denm
),
mw_signerIdentifier_digest // containing digest
)
),
mw_geoNwBroadcastPacket
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cancelDenmEvent(v_denmComponent);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_07_BV
/**
* @desc Check that the identified certificate validity region contains values that correspond
* to numeric country codes as defined by United Nations Statistics Division [6] in October 2013.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_IDENTIFIED_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the IUT issued the certificate
* containing toBeSigned
* containing region
* containing identifiedRegion
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT issued the AT certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing identifiedRegion
* containing 1 entry of type IdentifiedRegion
* containing countryOnly
* indicating integer representation of the identifier of country or area
* or containing countryAndRegions
* containing countryOnly
* indicating integer representation of the identifier of country or area
* or containing countryAndSubregions
* containing country
* indicating integer representation of the identifier of country or area
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_08_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.23
*/
testcase TC_SEC_ITSS_SND_CERT_08_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SequenceOfCertificate v_aa_certificate;
var SignerIdentifier v_signerIdentifier;
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_IDENTIFIED_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_IDENTIFIED_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_identified
)))))))) -> value v_geoNwInd {
tc_ac.stop;
// FIXME To be continued
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_digest // containing digest
)
)
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement