AtsSecurity.cfg 15.8 KB
Newer Older

[MODULE_PARAMETERS]
# This section shall contain the values of all parameters that are defined in your TTCN-3 modules.

# The GeoNetworking address of the IUT.
LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
Yann Garcia's avatar
Yann Garcia committed
  typeOfAddress := e_initial, # e_manual(1)
  stationType := e_unknown, #e_roadSideUnit,
  stationCountryCode := 0, #33,
Yann Garcia's avatar
Yann Garcia committed
  mid := '4C5E0C14D2EA'O
} # Simu
#LibItsGeoNetworking_Pics.PICS_GN_LOCAL_GN_ADDR := {
#  typeOfAddress := e_initial,
#  stationType := e_passengerCar, #e_roadSideUnit,
#  stationCountryCode := 0, #33,
#  mid := 'BA749705A41D'O
#} # Nordsys

LibItsGeoNetworking_Pixits.PX_GN_UPPER_LAYER := e_btpB
Yann Garcia's avatar
Yann Garcia committed
LibItsBtp_Pixits.PX_DESTINATION_PORT := 2001
LibItsBtp_Pixits.PX_DESTINATION_PORT_INFO := 2001

# Enable Security support
LibItsGeoNetworking_Pics.PICS_GN_SECURITY := true
# Root path to access certificate stored in files, identified by certficate ID
garciay's avatar
garciay committed
LibItsSecurity_Pixits.PX_CERTIFICATE_POOL_PATH := "/home/vagrant/tmp"
# Configuration sub-directory to access certificate stored in files
garciay's avatar
garciay committed
LibItsSecurity_Pixits.PX_IUT_SEC_CONFIG_NAME := "asn1c_cert"

[LOGGING]
# In this section you can specify the name of the log file and the classes of events
# you want to log into the file or display on console (standard error).

LogFile := "../logs/%e.%h-%r.%s"
FileMask := LOG_ALL | USER | DEBUG | MATCHING
ConsoleMask := LOG_ALL | USER | DEBUG | MATCHING
#FileMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
#ConsoleMask := ERROR | WARNING | USER | MATCHING | EXECUTOR_RUNTIME | VERDICTOP
LogSourceInfo := Stack
LogEntityName:= Yes
LogEventTypes:= Yes
#TimeStampFormat := DateTime

[TESTPORT_PARAMETERS]
# In this section you can specify parameters that are passed to Test Ports.
# CAM Layer
#   next_header     : btpA|btpB (overwrite BTP.type)
#   header_type     : tsb|gbc
#   header_sub_type : sh (single hop)
# DENM Layer
#   next_header     : btpA|btpB (overwrite BTP.type)
#   header_type     : tsb|gbc
# BTP Layer
#   type            : btpA|btpB
#   destination port: dst_port
#   source port     : src_port
#   device_mode     : Set to 1 if the layer shall encapsulate upper layer PDU
#   device_mode     : Set to 1 if the layer shall encapsulate upper layer PDU
# GN Layer
#   ll_address             : GeoNetworking address of the Test System
#   latitude               : latitude of the Test System
#   longitude              : longitude of the Test System
#   beaconing              : Set to 1 if GnLayer shall start beaconing
#   Beaconning timer expiry: expiry (ms)
#   device_mode            : Set to 1 if the layer shall encapsulate upper layer PDU
#   secured_mode           : Set to 1 if message exchanges shall be signed
#   encrypted_mode         : Set to 1 if message exchanges shall be encrypted
#                            NOTE: For signed & encrypted message exchanges, both secured_mode and encrypted_mode shall be set to 1
garciay's avatar
garciay committed
#   sec_db_path            : Path to the certificates and keys storage location
#   hash                   : Hash algorithm to be used when secured mode is set
#                            Authorized values are SHA-256 or SHA-384
#                            Default: SHA-256
#   signature              : Signature algorithm to be used when secured mode is set
#                            Authorized values are NISTP-256, NISTP-384, BP-256 and BP-384
#                            Default: NISTP-256
#   cypher                 : Cyphering algorithm to be used when secured mode is set
#                            Authorized values are NISTP-256, BP-256 and BP-384
#                            Default: NISTP-256
# Ethernet layer
#   mac_src  :Source MAC address
#   mac_bc   :Broadcast address
#   eth_type : Ethernet type
# Commsignia layer
#   mac_src     : Device MAC address, used to discard packets
#                 To indicate no filering, use the value 000000000000
#   mac_bc      : Broadcast address
#   eth_type    : Ethernet type, used to discard packets
#   target_host : Device address
#   target_port : Device port
#   source_port : Test System port
#   interface_id: Interface id, used to discard packets
#   tx_power    : TX power (dB)
# UDP layer (IP/UDP based on Pcap)
#   dst_ip  : destination IPv4 address (aa.bb.cc.dd)
#   dst_port: destination port
#   src_ip  : source IPv4 address (aa.bb.cc.dd)
#   src_port: source port
# Pcap layer
#   mac_src    : Source MAC address, used to exclude from capture the acket sent by the Test System
#   filter     : Pcap filter (compliant with tcpdump syntax) 
#   Online mode:
#     nic: Local NIC
#          If set, online mode is used
#   Offline mode (nic is present but not set):
#     file        : File to read
#     frame_offset: Frame offset, used to skip packets with frame number < frame_offset
#     time_offset : Time offset, used to skip packets with time offset < time_offset
#     save_mode   : 1 to save sent packet, 0 otherwise

# Single GeoNetworking component port
Yann Garcia's avatar
Yann Garcia committed
# its_aid = 36
system.geoNetworkingPort.params := "GN(ll_address=4C5E0C14D2EB,latitude=43551050,longitude=10298730,distanceA=1500,distanceB=1500,angle=0,device_mode=0,secured_mode=1,its_aid=36,certificate=CERT_TS_A_AT,sec_db_path=/home/vagrant/tmp/asn1c_cert)/ETH(mac_src=e2b7b30429eb)/PCAP(mac_src=e2b7b30429eb,nic=eth3,filter=and ether proto 0x8947)" # Nordsys
garciay's avatar
garciay committed
#system.geoNetworkingPort.params := "
#  GN(ll_address=4C5E0C14D2EC,latitude=43551050,longitude=10298730,beaconing=0,expiry=1000)/
#  ETH(mac_src=803f5d092bdc,mac_bc=FFFFFFFFFFFF,eth_type=8947)/
#  PCAP_FILE(file=../testdata/TC_SEC_ITSS_SND_CAM_01_BV.pcap,realtime=yes, delay=5000)"

# GeoNetworking UpperTester port based on UDP
garciay's avatar
garciay committed
#system.utPort.params := "UT_GN(loopback=1)"

# CAM UpperTester port based on UDP
garciay's avatar
garciay committed
#system.camUtPort.params := "UT_CAM(loopback=1)"
Yann Garcia's avatar
Yann Garcia committed
#system.utPort.params := "UT_CAM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys
#system.camUtPort.params := "UT_CAM/UDP(dst_ip=172.23.0.1,dst_port=8000)" # Nordsys
system.utPort.params := "UT_CAM/UDP(dst_ip=192.168.9.20)" # Simu
system.camUtPort.params := "UT_CAM/UDP(dst_ip=192.168.9.20)" # Simu
#Check that ITS-S sends a Ieee1609Dot2Data containing protocol version set to 3
garciay's avatar
garciay committed
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_MSG_01_BV
# ------------------------- CAM ---------------------------
# Check that IUT sends the secured CAM using SignedData container.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_01_BV

# Check that IUT sends the secured CAM containing the HeaderInfo field psid set to 'AID_CAM'.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_02_BV

# Check that IUT sends the secured CAM with the HeaderInfo containing generationTime 
#	and doesn't containing expiryTime, generationLocation, encryptionKey, p2pcdLearningRequest, missingCrlIdentifier.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_03_BV

# Check that IUT sends the secured CAM containing signer containing either certificate or digest;
# Check that signing certificate has permissions to sign CAM messages.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_04_BV

# Check that IUT calculate the digest of certificate using proper hash algorithm;
# Check that IUT canonicalize certificates before hash calculation.
Yann Garcia's avatar
Yann Garcia committed
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_05_BV

# Check that IUT sends the secured CAM containing the signing certificate when over the time of one 
#	second no other secured CAM contained the certificate was sent.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_06_BV

# Check that IUT sends the secured CAM containing the signing certificate when the timeout of one second 
#     has been expired after the previous CAM containing the certificate.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_07_BV

# Check that IUT sends the secured CAM containing the signing certificate when the IUT received CAM from an unknown ITS-S.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_08_BV

# Check that IUT restarts the certificate sending timer when the certificate has been sent.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_09_BV

# Check that the IUT sends certificate request when it receives secured CAM containing 
#	digest of unknown certificate as a message signer.
#	(PICS_SEC_P2P_AT_DISTRIBUTION)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_10_BV

# Check that the IUT sends certificate request when it receives secured CAM 
#	containing certificate signed by unknown AA certificate. 
#	(PICS_SEC_P2P_AT_DISTRIBUTION and PICS_SEC_SHA256)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_11_01_BV

# Check that the IUT sends certificate request when it receives secured CAM 
#	containing certificate signed by unknown AA certificate.  
#	(PICS_SEC_P2P_AT_DISTRIBUTION and PICS_SEC_SHA384)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_11_02_BV

# Check that IUT sends the secured CAM containing the signing certificate when it received 
#	a CAM containing a request for unrecognized certificate that matches with the currently 
#	used AT certificate ID of the IUT.
#	(PICS_SEC_P2P_AT_DISTRIBUTION)
Yann Garcia's avatar
Yann Garcia committed
ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_12_BV

# Check that IUT sends the secured CAM containing the AA certificate in the requestedCertificate 
#	headerInfo field when it received a CAM containing a request for unrecognized certificate that 
#	matches with the currently used AA certificate ID of the IUT.
#	(PICS_SEC_P2P_AT_DISTRIBUTION)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_13_BV

# Check that IUT sends the secured CAM containing the AA certificate in the requestedCertificate headerInfo 
#	field when it received a CAM containing a request for unrecognized certificate that matches with the known 
#	AA certificate ID which is not currently used by the IUT.
#	(PICS_SEC_P2P_AA_DISTRIBUTION)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_14_BV

# Check that the IUT doesn't send a secured CAM containing the AA certificate in the requestedCertificate 
#	headerInfo field when it was previously requested and already received from another ITS-S.
#	(PICS_SEC_P2P_AA_DISTRIBUTION)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_15_BV

# Check that the IUT doesn't send a secured CAM containing the AA certificate in the requestedCertificate 
#	headerInfo field when it contains certificate in the signer field.
#	(PICS_SEC_P2P_AA_DISTRIBUTION)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_16_BV

# Check that the IUT send a secured CAM containing the AA certificate in the 
#	requestedCertificate headerInfo field with the next CAM containing digest as a signer info.
#	(PICS_SEC_P2P_AA_DISTRIBUTION)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_17_BV

# Check that IUT sends the secured CAM containing generation time and this time is inside the validity period of the signing certificate;
# Check that message generation time value is realistic 
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_18_BV

# Check that IUT sends the secured CAM containing the 'data' field in signed data payload, 
#	containing the EtsiTs103097Data of type unsecured, contained the CAM payload
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_19_BV

# Check that the IUT sends the secured CAM signed with the certificate containing appPermisions 
#	allowing to sign CA messages
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_20_BV

# Check that IUT sends the secured CAM containing signature;
# Check that the signature is calculated over the right fields 
#	and using right hash algorythm by cryptographically verifying the signature
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_21_BV

# Check that IUT sends the secured CAM containing  signature containing the ECC point of type set to 
#	either compressed_lsb_y_0, compressed_lsb_y_1 or x_coordinate_only.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_22_BV

# Check that IUT doesn't send secured CAMs if IUT is authorized with AT certificate doesn't allowing sending messages in this location. 
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_23_BV

# Check that IUT doesn't send the secured CAM if IUT is configured to use an AT certificate without 
#	region validity restriction and generation location is outside of the region of the issuing AA certificate.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_24_BV

# Check that IUT doesn't send secured CAMs if all AT certificates installed on the IUT was expired.
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_25_BV

# Check that IUT doesn't send secured CAMs if all AT certificates installed on the IUT have the starting time in the future. 
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_26_BV

# Check that IUT doesn't send secured CAMs if IUT doesn't possess an AT certificate allowing sending CAM by its appPermissions. 
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CAM_27_BV
#--------------------------------------- DENM ------------------------------------------            
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_01_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_02_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_03_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_04_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_05_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_06_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_07_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_08_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_09_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_10_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_11_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_12_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_13_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_14_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_15_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_16_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_17_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_DENM_18_BV
            
#--------------------------------------- OTHER MESSAGES ------------------------------------------            
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_GENMSG_01_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_GENMSG_02_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_GENMSG_03_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_GENMSG_04_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_GENMSG_05_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_GENMSG_06_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_GENMSG_07_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_GENMSG_08_BV
            
#--------------------------------------- ENCRYPTED MESSAGES ------------------------------------------            
#	(PICS_SEC_ENCRYPTION_SUPPORT)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_ENC_01_BV
#	(PICS_SEC_ENCRYPTION_SUPPORT)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_ENC_02_BV
#	(PICS_SEC_ENCRYPTION_SUPPORT)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_ENC_03_BV
#	(PICS_SEC_ENCRYPTION_SUPPORT)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_ENC_04_BV
#	(PICS_SEC_ENCRYPTION_SUPPORT)
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_ENC_05_BV
#	(PICS_SEC_ENCRYPTION_SUPPORT)
            
#--------------------------------------- CERTIFICATE TESTING ------------------------------------------            
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_01_BV            
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_02_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_03_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_04_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_05_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_06_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_07_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_08_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_09_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_10_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_11_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_12_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_13_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_14_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_15_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_16_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_17_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_18_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_19_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_20_BV
#ItsSecurity_TestCases.TC_SEC_ITSS_SND_CERT_21_BV
#--------------------------------------- Internal tests (to be removed) ------------------------------------------            
#ItsSecurity_TestCases.TC_TEST_1

[MAIN_CONTROLLER]
# The options herein control the behavior of MC.
KillTimer := 10.0
TCPPort := 0
LocalAddress := 127.0.0.1
TCPPort := 12000
NumHCs := 1