ItsPki_TestCases.ttcn 293 KB
Newer Older
garciay's avatar
garciay committed
/**
 *  @Author   ETSI / STF545
garciay's avatar
garciay committed
 *  @version  $URL$
 *            $Id$
 *  @desc     Testcases  file for Security Protocol
 *  @reference   ETSI TS ITS-00546v006
 *  @copyright   ETSI Copyright Notification
 *               No part may be reproduced except as authorized by written permission.
 *               The copyright and the foregoing restriction extend to reproduction in all media.
 *               All rights reserved.
 */
module ItsPki_TestCases {
Yann Garcia's avatar
Yann Garcia committed
  
garciay's avatar
garciay committed
  // Libcommon
  import from LibCommon_Time all;
  import from LibCommon_VerdictControl all;
  import from LibCommon_Sync all;
  import from LibCommon_BasicTypesAndValues all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibCommon_DataStrings all;
garciay's avatar
garciay committed
  // LibIts
  import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
  import from IEEE1609dot2 language "ASN.1:1997" all;
  import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
  import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
  import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
garciay's avatar
garciay committed
  import from EtsiTs103097Module language "ASN.1:1997" all;
  import from ITS_Container language "ASN.1:1997" all;
  import from CAM_PDU_Descriptions language "ASN.1:1997" all;
Yann Garcia's avatar
Yann Garcia committed
  
garciay's avatar
garciay committed
  // LibItsCommon
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsCommon_TypesAndValues all;
garciay's avatar
garciay committed
  import from LibItsCommon_Functions all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsCommon_TypesAndValues all;
garciay's avatar
garciay committed
  import from LibItsCommon_ASN1_NamedNumbers all;
Yann Garcia's avatar
Yann Garcia committed
  
  // LibItsGeoNetworking
  import from LibItsGeoNetworking_TypesAndValues all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsGeoNetworking_Functions all;
  import from LibItsGeoNetworking_Templates all;
  import from LibItsGeoNetworking_Pics all;
  import from LibItsGeoNetworking_TestSystem all;
Yann Garcia's avatar
Yann Garcia committed
  
garciay's avatar
garciay committed
  // LibItsSecurity
  import from LibItsSecurity_TypesAndValues all;
  import from LibItsSecurity_TestSystem all;
  import from LibItsSecurity_Templates all;
  import from LibItsSecurity_Functions all;
  import from LibItsSecurity_Pixits all;
  import from LibItsSecurity_Pics all;
Yann Garcia's avatar
Yann Garcia committed
  
garciay's avatar
garciay committed
  // LibItsHttp
  import from LibItsHttp_TypesAndValues all;
  import from LibItsHttp_Templates all;
  import from LibItsHttp_BinaryTemplates all;
  import from LibItsHttp_Functions all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsHttp_TestSystem all;
garciay's avatar
garciay committed
  // LibItsPki
  import from LibItsPki_TypesAndValues all;
garciay's avatar
garciay committed
  import from LibItsPki_Templates all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsPki_Functions all;
garciay's avatar
garciay committed
  import from LibItsPki_TestSystem all;
  import from LibItsPki_Pics all;
  import from LibItsPki_Pixits all;

  // ItsPki
  import from ItsPki_Pixits all;
garciay's avatar
garciay committed
  /**
   * @desc 5.2	ITS-S behaviour
   */
  group itss_behavior {
    
    group itss_helpers {

      function f_verify_http_ec_request_from_iut_itss(
                                                      in Request p_request,
                                                      in HeaderLines p_headers,
                                                      out InnerEcRequest p_inner_ec_request,
                                                      out HttpMessage p_response,
                                                      out integer p_result,
                                                      in template octetstring p_its_id := PICS_ITS_S_CANONICAL_ID,
                                                      in template SignerIdentifier p_signer := m_signerIdentifier_self,
                                                      in EnrolmentResponseCode p_force_response_code := ok
                                                      ) runs on ItsPkiHttp {
        // Local variables
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        var Oct16 v_request_hash;
        var Oct16 v_aes_enc_key;
        var InnerEcResponse v_inner_ec_response;
        var template (value) HttpMessage v_response;
        
        log(">>> f_verify_http_ec_request_from_iut_itss: ", p_request);
        
        p_result := 0;
        
        if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, vc_eaWholeHash, p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
          // Send error message
          v_response := m_http_response(m_http_response_ko(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
          // Set verdict
          p_result := -1;
        } else {
          log("f_verify_http_ec_request_from_iut_itss: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer))))); // TODO In TITAN, this is the only way to get the unmatching in log
          if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer)))) == false) {
            // Send error message
            f_http_build_inner_ec_response(p_inner_ec_request/*Not required*/, cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
            // Set verdict
            p_result := -2;
          } else {
            // Verify signature of mw_innerEcRequestSignedForPop
            if (f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, p_inner_ec_request) == false) {
              // Send error message
              f_http_build_inner_ec_response(p_inner_ec_request/*Not required*/, cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
              v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
              // Set verdict
              p_result := -3;
            } else {
              log("f_verify_http_ec_request_from_iut_itss: match ", match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})))); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)}))) == false) {
                // Send error message: Not enrolmentrequest
                f_http_build_inner_ec_response(p_inner_ec_request, badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
                v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                // Set verdict
                p_result := -4;
              } else {
                // Send OK message
                log("f_verify_http_ec_request_from_iut_itss: Receive ", p_inner_ec_request);
                if (p_force_response_code == ok) {
                  f_http_build_inner_ec_response(p_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
                } else {
                  log("f_verify_http_ec_request_from_iut_itss: Succeed buit force error code ", p_force_response_code);
                  f_http_build_inner_ec_response(p_inner_ec_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
                }
                v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                // Set verdict
                p_result := 0;
              }
            }
          }
        }

        p_response := valueof(v_response);
        log("<<< f_verify_http_ec_request_from_iut_itss: p_response: ", p_response);
        log("<<< f_verify_http_ec_request_from_iut_itss: p_result: ", p_result);
      } // End of function f_verify_http_ec_request_from_iut_itss
      function f_verify_http_at_request_from_iut_itss(
                                                      in Request p_request,
                                                      in HeaderLines p_headers,
                                                      out InnerAtRequest p_inner_at_request,
                                                      out HttpMessage p_response,
                                                      out integer p_result,
                                                      in template octetstring p_its_id := PICS_ITS_S_CANONICAL_ID,
                                                      in AuthorizationResponseCode p_force_response_code := ok
                                                      ) runs on ItsPkiHttp {
        // Local variables
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        var Oct16 v_request_hash;
        var Oct16 v_aes_enc_key;
        var InnerAtResponse v_inner_at_response;
        var template (value) HttpMessage v_response;
        
        log(">>> f_verify_http_at_request_from_iut_itss:", p_request);
        
        p_result := 0;
        
        if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, vc_eaWholeHash, p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
          // Send error message
          v_response := m_http_response(m_http_response_ko(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
          // Set verdict
          p_result := -1;
        } else {
          log("f_verify_http_at_request_from_iut_itss: match ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest))); // TODO In TITAN, this is the only way to get the unmatching in log
          if (match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest)) == false) {
            // Send error message
            f_http_build_authorization_response(p_inner_at_request, its_aa_cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
            // Set verdict
            p_result := -2;
          } else {
            // Verify signature of mw_innerATRequestSignedForPop
            if (f_verify_inner_at_request_signed_for_pop(v_etsi_ts_102941_data, p_inner_at_request) == false) {
              // Send error message
              f_http_build_authorization_response(p_inner_at_request, its_aa_cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
              v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
              // Set verdict
              p_result := -3;
            } else {
              log("f_verify_http_at_request_from_iut_itss: match ", match(p_inner_at_request, mw_innerAtRequest/* (p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})) */)); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(p_inner_at_request, mw_innerAtRequest/* (p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})) */) == false) {
                // Send error message: Not enrolmentrequest
                f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                // Set verdict
                p_result := -4;
              } else {
                // Send OK message
                log("f_verify_http_at_request_from_iut_itss: Receive ", p_inner_at_request);
                if (p_force_response_code == ok) {
                  f_http_build_authorization_response(p_inner_at_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                } else {
                  log("f_verify_http_at_request_from_iut_itss: Succeed buit force error code ", p_force_response_code);
                  f_http_build_authorization_response(p_inner_at_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                }
                v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                // Set verdict
                p_result := 0;
              }
            }
          }

        p_response := valueof(v_response);
        log("<<< f_verify_http_at_request_from_iut_itss: p_response: ", p_response);
        log("<<< f_verify_http_at_request_from_iut_itss: p_result: ", p_result);
     } // End of function f_verify_http_at_request_from_iut_itss

      /**
       * @desc Await CA message using the default AT certificate
       */
      altstep a_await_cam_with_current_cert(
                                            in HashedId8 p_certificate_digest,
                                            in EtsiTs103097Certificate p_certificate
                                            ) runs on ItsPkiItss {
        [PICS_SEC_SHA256 == true] geoNetworkingPort.receive(
                                                            mw_geoNwInd(
                                                                        mw_geoNwSecPdu(
                                                                                       mw_etsiTs103097Data_signed(
                                                                                                                  mw_signedData(
                                                                                                                                sha256, 
                                                                                                                                mw_toBeSignedData(
                                                                                                                                                  mw_signedDataPayload,
                                                                                                                                                  mw_headerInfo_cam
                                                                                                                                                  ),
                                                                                                                                mw_signerIdentifier_certificate(
                                                                                                                                                                mw_etsiTs103097Certificate(
                                                                                                                                                                                           mw_issuerIdentifier_sha256AndDigest(
                                                                                                                                                                                                                               p_certificate.issuer.sha256AndDigest
                                                                                                                                                                                                                               ),
                                                                                                                                                                                           mw_toBeSignedCertificate_at(
                                                                                                                                                                                                                       -,
                                                                                                                                                                                                                       p_certificate.toBeSigned.verifyKeyIndicator
                                                                                                                                                                                                                       )
                                                                                                                                                                                           )
                                                                                                                                                                )
                                                                                                                                )
                                                                                                                  ), 
                                                                                       mw_geoNwShbPacket
                                                                                       ))) {
        }
        [PICS_SEC_SHA384 == true] geoNetworkingPort.receive(
                                                            mw_geoNwInd(
                                                                        mw_geoNwSecPdu(
                                                                                       mw_etsiTs103097Data_signed(
                                                                                                                  mw_signedData(
                                                                                                                                sha384, 
                                                                                                                                mw_toBeSignedData(
                                                                                                                                                  mw_signedDataPayload,
                                                                                                                                                  mw_headerInfo_cam
                                                                                                                                                  ),
                                                                                                                                mw_signerIdentifier_certificate(
                                                                                                                                                                mw_etsiTs103097Certificate(
                                                                                                                                                                                           mw_issuerIdentifier_sha384AndDigest(
                                                                                                                                                                                                                               p_certificate.issuer.sha384AndDigest
                                                                                                                                                                                                                               ),
                                                                                                                                                                                           mw_toBeSignedCertificate_at(
                                                                                                                                                                                                                       -,
                                                                                                                                                                                                                       p_certificate.toBeSigned.verifyKeyIndicator
                                                                                                                                                                                                                       )
                                                                                                                                                                                           )
                                                                                                                                                                )
                                                                                                                                )
                                                                                                                  ),
                                                                                       mw_geoNwShbPacket
                                                                                       ))) {
        }
      } // End of altstep a_await_cam_with_current_cert
      
    } // End of group itss_helpers
garciay's avatar
garciay committed

    group itss_enrolment_request {
garciay's avatar
garciay committed
      /**
       * @desc Check that IUT sends an enrolment request when triggered.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
garciay's avatar
garciay committed
       * Initial conditions: 
       *     with {
       *         the IUT being in the "initial state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Enrolment Certificate (EC)
       *         }
       *         then {
       *             the IUT sends to EA an EnrolmentRequestMessage
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_01_BV
garciay's avatar
garciay committed
       * @reference ETSI TS 102 941 [2], clause 6.1.3
       */
      testcase TC_SECPKI_ITSS_ENR_01_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
garciay's avatar
garciay committed
        // Local variables
Yann Garcia's avatar
Yann Garcia committed
        var ItsPkiItss v_itss;
Yann Garcia's avatar
Yann Garcia committed
        var ItsPkiHttp v_ea;
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
garciay's avatar
garciay committed
        // Test component configuration
Yann Garcia's avatar
Yann Garcia committed
        f_cfMtcUp(v_itss, v_ea);
Yann Garcia's avatar
Yann Garcia committed
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
Yann Garcia's avatar
Yann Garcia committed
        
        // Synchronization
Yann Garcia's avatar
Yann Garcia committed
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
garciay's avatar
garciay committed
        
Yann Garcia's avatar
Yann Garcia committed
        // Cleanup
Yann Garcia's avatar
Yann Garcia committed
        f_cfMtcDown(v_itss, v_ea);
garciay's avatar
garciay committed
        
      } // End of testcase TC_SECPKI_ITSS_ENR_01_BV
garciay's avatar
garciay committed
      
      group f_TC_SECPKI_ITSS_ENR_01_BV {
        function f_TC_SECPKI_ITSS_ENR_01_BV_itss() runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
garciay's avatar
garciay committed
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
garciay's avatar
garciay committed
          // Test component configuration
Yann Garcia's avatar
Yann Garcia committed
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
garciay's avatar
garciay committed
          f_cfUp_itss();
garciay's avatar
garciay committed
          // Test adapter configuration
garciay's avatar
garciay committed
          // Preamble
          f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
          f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
          // Wait for IUT certificate
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
              tc_ac.stop;
              
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            } 
          } // End of 'alt' statement
garciay's avatar
garciay committed
          // Test Body
          f_sendUtTriggerEnrolmentRequestPrimitive();
          log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
Yann Garcia's avatar
Yann Garcia committed
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
garciay's avatar
garciay committed
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_ENR_01_BV_itss
        function f_TC_SECPKI_ITSS_ENR_01_BV_pki() runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ {
Yann Garcia's avatar
Yann Garcia committed
          // Local variable
Yann Garcia's avatar
Yann Garcia committed
          var HeaderLines v_headers;
          var HttpMessage v_request;
Yann Garcia's avatar
Yann Garcia committed
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
Yann Garcia's avatar
Yann Garcia committed
          f_init_default_headers_list(-, "inner_ec_response", v_headers);
          f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          
          // Test Body
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_eaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              var HttpMessage v_response;
              var integer v_result;
Yann Garcia's avatar
Yann Garcia committed
              var InnerEcRequest v_inner_ec_request;
              
Yann Garcia's avatar
Yann Garcia committed
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
Yann Garcia's avatar
Yann Garcia committed
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
Yann Garcia's avatar
Yann Garcia committed
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
Yann Garcia's avatar
Yann Garcia committed
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
Yann Garcia's avatar
Yann Garcia committed
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_ENR_01_BV_pki
      } // End of group f_TC_SECPKI_ITSS_ENR_01_BV
garciay's avatar
garciay committed
      /**
       * @desc If the enrolment request of the IUT is an initial enrolment request, the itsId 
       *       (contained in the InnerECRequest) shall be set to the canonical identifier, the 
       *       signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and 
       *       the outer signature shall be computed using the canonical private key.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
garciay's avatar
garciay committed
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                          containing InnerECRequestSignedForPOP
       *                             containing InnerEcRequest
       *                                 containing itsId
       *                                     indicating the canonical identifier of the ITS-S 
       *                 and containing signer
       *                     declared as self
       *                 and containing signature 
       *                     computed using the canonical private key
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_02_BV
       * @reference ETSI TS 102 941, clause 6.1.3
       */
      testcase TC_SECPKI_ITSS_ENR_02_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp(v_itss, v_ea);

        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        f_cfMtcDown(v_itss, v_ea);
      } // End of testcase TC_SECPKI_ITSS_ENR_02_BV
      
      /**
       * @desc In presence of a valid EC, the enrolment request of the IUT is a rekeying enrolment 
               request with the itsId (contained in the InnerECRequest) and the SignerIdentifier 
               (contained in the outer EtsiTs1030971Data-Signed) both declared as digest containing 
               the HashedId8 of the EC and the outer signature computed using the current valid EC 
               private key corresponding to the verification public key.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                          containing InnerECRequestSignedForPOP
       *                             containing InnerEcRequest
       *                                 containing itsId
       *                                     declared as digest containing the HashedId8 of the EC identifier
       *                 and containing signer
       *                     declared as digest containing the HashedId8 of the EC identifier 
       *                 and containing signature 
       *                     computed using the current valid EC private key corresponding to the verification public key
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_03_BV
garciay's avatar
garciay committed
       * @reference ETSI TS 102 941, clause 6.1.3
       */
      testcase TC_SECPKI_ITSS_ENR_03_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
garciay's avatar
garciay committed
        
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_REENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp(v_itss, v_ea);
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_ENR_03_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_03_BV_pki());
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        f_cfMtcDown(v_itss, v_ea);
      } // End of testcase TC_SECPKI_ITSS_ENR_03_BV
      group f_TC_SECPKI_ITSS_ENR_03_BV {
        function f_TC_SECPKI_ITSS_ENR_03_BV_itss() runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
          f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
          // Wait for IUT certificate
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
              tc_ac.stop;
              
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            } 
          } // End of 'alt' statement
          f_sendUtTriggerEnrolmentRequestPrimitive();
          log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
        } // End of function f_TC_SECPKI_ITSS_ENR_03_BV_itss
        function f_TC_SECPKI_ITSS_ENR_03_BV_pki() runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ {
          var HeaderLines v_headers;
          var HttpMessage v_request;
          var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
          f_init_default_headers_list(-, "inner_ec_response", v_headers);
          f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_eaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              var integer v_result;
              var InnerEcRequest v_inner_ec_request;
              var HttpMessage v_response;
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_ec_request_from_iut_itss(
                                                     v_request.request, v_headers, v_inner_ec_request, v_response, v_result,
                                                     PICS_ITS_S_CANONICAL_ID, // containing itsId declared as digest containing the HashedId8 of the EC identifier 
                                                     
                                                     m_signerIdentifier_digest(PICS_ITS_S_CANONICAL_ID)); // containing signer declared as digest containing the HashedId8 of the EC identifier
              
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_ENR_03_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_ENR_03_BV
      
      /**
       * @desc If the EC is revoked, the IUT returns to the state 'initialized'.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_CRL
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is informed about a revocation of its EC
       *         }
       *         then {
       *             the IUT returns to the "initialized" state
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_04_BV
       * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_04_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var Oct32      v_private_key;
        var Oct32      v_public_key_x;
        var Oct32      v_public_key_y;
        var Oct32      v_public_compressed_key;
        var integer    v_compressed_mode;
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_CRL) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_CRL required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        // Synchronization
        
        // Cleanup
        setverdict(inconc);
        
      } // End of TC_SECPKI_ITSS_ENR_04_BV
      
      /**
       * @desc If the EC expires, the IUT returns to the state 'initialized'.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the EC of the IUT expires
       *         }
       *         then {
       *             the IUT returns to the "initialized" state
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_05_BV
       * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_05_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var Oct32      v_private_key;
        var Oct32      v_public_key_x;
        var Oct32      v_public_key_y;
        var Oct32      v_public_compressed_key;
        var integer    v_compressed_mode;
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        // Synchronization
        
        // Cleanup
        setverdict(inconc);
        
      } // End of TC_SECPKI_ITSS_ENR_05_BV
      
      /**
       * @desc For each enrolment request, the ITS-S shall generate a new verification key pair 
               corresponding to an approved signature algorithm as specified in TS 103 097.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and not PICS_SECPKI_REENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send multiple EnrolmentRequestMessage
       *         }
       *         then {
       *             each EnrolmentRequestMessage
       *                 contains a different and unique verification key pair within the InnerECRequest
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_06_BV
       * @reference ETSI TS 102 941, clause 6.1.3
       */
      testcase TC_SECPKI_ITSS_ENR_06_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or PICS_SECPKI_REENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and not PICS_SECPKI_REENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        v_itss.start(f_TC_SECPKI_ITSS_ENR_06_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_06_BV_pki());
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        
      } // End of TC_SECPKI_ITSS_ENR_06_BV
      
      group f_TC_SECPKI_ITSS_ENR_06_BV {
        
        function f_TC_SECPKI_ITSS_ENR_06_BV_itss() runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          
          // Test component configuration
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          // First enrolment
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
              tc_ac.stop;
              
              f_sendUtTriggerEnrolmentRequestPrimitive();
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            } 
          } // End of 'alt' statement
          // Re-enrolment
          for (var integer v_i := 0; v_i < PX_RE_ENROLMENT_COUNTER; v_i := v_i + 1) {
            f_sendUtTriggerEnrolmentRequestPrimitive();
            f_sleep(PX_RE_ENROLMENT_DELAY);
          } // End of 'for' statement
          log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_ENR_06_BV_itss
        
        function f_TC_SECPKI_ITSS_ENR_06_BV_pki() runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ {
          // Local variable
          var integer v_counter := 0;
          var HeaderLines v_headers;
          var HttpMessage v_request;
          var HttpMessage v_response;
          var InnerEcRequest v_inner_ec_request;
          var ListOfPublicVerificationKey v_generated_keys;
          var integer v_result;
          
          // Test component configuration
          f_cfHttpUp();
          
          // Test adapter configuration
          
          // Preamble
          f_init_default_headers_list(-, "inner_ec_response", v_headers);
          // Wait for the first enrolment response
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_eaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                v_generated_keys[v_counter] := v_inner_ec_request.publicKeys.verificationKey;
                v_counter := v_counter + 1;
                f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_eaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {

              // Verify IUT response
              f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": LOG: ", match(v_generated_keys, superset(v_inner_ec_request.publicKeys.verificationKey)), "***");
                if (match(v_generated_keys, superset(v_inner_ec_request.publicKeys.verificationKey))) {
                  v_generated_keys[v_counter] := v_inner_ec_request.publicKeys.verificationKey;
                  v_counter := v_counter + 1;
                  f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
                  log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***");
                  f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
              if (v_counter == PX_RE_ENROLMENT_COUNTER) {
                log("*** " & testcasename() & ": PASS: InnerEcRequest received with different key pairs ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
              }
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_ENR_06_BV_pki
        
      } // End of f_TC_SECPKI_ITSS_ENR_06_BV
      
      /**
       * @desc Within the InnerECRequest, the requestedSubjectAttributes shall not contain a certIssuePermissions field.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                         containing InnerECRequestSignedForPOP
       *                             containing InnerEcRequest
       *                                 containing requestedSubjectAttributes
       *                                     not containing certIssuePermissions 
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_07_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_07_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var Oct32      v_private_key;
        var Oct32      v_public_key_x;
        var Oct32      v_public_key_y;
        var Oct32      v_public_compressed_key;
        var integer    v_compressed_mode;
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        
      } // End of TC_SECPKI_ITSS_ENR_07_BV
      
      /**
       * @desc In the headerInfo of the tbsData of the InnerECRequestSignedForPOP all other components 
       *       of the component tbsdata.headerInfo except generationTime and psid are not used and absent. 
       *       The psid shall be set to "secured certificate request" as assigned in ETSI TS 102 965 and 
       *       the generationTime shall be present.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                         containing InnerECRequestSignedForPOP
       *                             containing tbsData
       *                                 containing headerInfo
       *                                     containing psid
       *                                         indicating AID_CERT_REQ
       *                                     and containing generationTime
       *                                     and not containing any other component of tbsdata.headerInfo
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_08_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_08_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        
      } // End of TC_SECPKI_ITSS_ENR_08_BV
      
      /**
       * @desc In the headerInfo of the tbsData of the outer EtsiTs102941Data-Signed all other components 
       *       of the component tbsdata.headerInfo except generationTime and psid are not used and absent. 
       *       The psid shall be set to "secured certificate request" as assigned in ETSI TS 102 965 and 
       *       the generationTime shall be present.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                         containing InnerECRequestSignedForPOP
       *                             containing tbsData
       *                                 containing headerInfo
       *                                     containing psid
       *                                         indicating AID_CERT_REQ
       *                                     and containing generationTime
       *                                     and not containing any other component of tbsdata.headerInfo
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_09_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_09_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        
      } // End of TC_SECPKI_ITSS_ENR_09_BV
      
      /**
       * @desc The EtsiTs103097Data-Encrypted containing the correctly encrypted ciphertext and a recipients 
       *       component containing one instance of RecipientInfo of choice certRecipInfo containing the 
       *       hashedId8 of the EA certificate in recipientId and the encrypted data encryption key in encKey. 
       *       The data encryption key is encrypted using the public key found in the EA certificate referenced 
       *       in the recipientId.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing recipients
       *                     containing exactly one instance of RecipientInfo of choice certRecipInfo
       *                         containing recipientId
       *                             indicating the hashedId8
       *                                 referencing to the EA certificate
       *                                     containing encryptionKey (KEY)
       *                      and containing encKey
       *                          being a symmetric key (SYMKEY) encrypted using the key KEY
       *                  containing ciphertext
       *                      which is encrypted using the symmetric key SYMKEY contained in encKey
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_10_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_10_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        
      } // End of TC_SECPKI_ITSS_ENR_10_BV
      
      /**
       * @desc In the inner signed data structure (InnerECRequestSignedForPOP), the signature is computed 
       *       on InnerECRequest with the private key corresponding to the new verificationKey to prove 
       *       possession of the generated verification key pair.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                         containing InnerECRequestSignedForPOP
       *                             containing tbsData
       *                                 containing InnerEcRequest
       *                                     containing verificationKey (VKEY)
       *                              containing signature
       *                                  computed on InnerECRequest
       *                                      using the private key corresponding to VKEY
       *                                          contained in InnerECRequest
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_11_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_11_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        
      } // End of TC_SECPKI_ITSS_ENR_11_BV
      
      /**
       * @desc Check that signing of Enrolment Request message is permitted by the EC certificate.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing signer
       *                         containing digest
       *                             indicating HashedId8 of the EC certificate
       *                                 containing appPermissions
       *                                     containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                         and containing ssp
       *                                             containing opaque[0] (version) 
       *                                                 indicating 1
       *                                             containing opaque[1] (value) 
       *                                                 indicating "Enrolment Request" (bit 1) set to 1
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_12_BV
       * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_12_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_REENROLMENT ) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        v_itss.start(f_TC_SECPKI_ITSS_ENR_03_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_03_BV_pki());
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        
      } // End of TC_SECPKI_ITSS_ENR_12_BV
      
    } // End of group itss_enrolment_request
    
    group itss_enrolment_response {
      
      /**
       * @desc If an enrolment request fails, the IUT returns to the state 'initialized.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *             and the EnrolmentResponseMessage is received
       *                 containing a responseCode different than 0
       *         }
       *         then {
       *             the IUT returns to the "initialized" state
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_RECV_01_BV
       * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_RECV_01_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
        /* v_itss.start(f_TC_SECPKI_ITSS_ENR_RECV_01_BV_itss()); */
        /* v_ea.start(f_TC_SECPKI_ITSS_ENR_RECV_01_BV_pki()); */
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        f_cfMtcDown(v_itss, v_ea);
        
      } // End of TC_SECPKI_ITSS_ENR_RECV_01_BV
      
      group f_TC_SECPKI_ITSS_ENR_RECV_01_BV {
        
        function f_TC_SECPKI_ITSS_ENR_RECV_01_BV_itss() runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          
          // Test component configuration
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
          f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
          // Wait for IUT certificate
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
              tc_ac.stop;
              
              f_sendUtTriggerEnrolmentRequestPrimitive();
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            } 
          } // End of 'alt' statement
          
          // Test Body
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
              tc_ac.stop;
              
              log("*** " & testcasename() & ": PASS: OBU is still initial certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              log("*** " & testcasename() & ": FAIL: OBU has changed its certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            } 
          } // End of 'alt' statement
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_ENR_RECV_01_BV_itss
        
        function f_TC_SECPKI_ITSS_ENR_RECV_01_BV_pki() runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ {
          // Local variable
          var HeaderLines v_headers;
          var HttpMessage v_request;
          
          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
          
          // Test adapter configuration
          
          // Preamble
          f_init_default_headers_list(-, "inner_ec_response", v_headers);
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_eaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerEcRequest v_inner_ec_request;
              
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_response, v_result, -, -, cantparse);
              // Send response forcing error code
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": INFO: InnerEcRequest received ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_ENR_RECV_01_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_ENR_RECV_01_BV
      
      /**
       * @desc The IUT is capable of parsing and handling of positive EnrolmentResponse messages 
       *       containing the requested EC. In case of a successful enrolment, the IUT switches 
       *       to the state 'enrolled'.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an initial EnrolmentRequestMessage
       *             and when the IUT receives a subsequent EnrolmentResponseMessage as an answer of the EA
       *                 containing a responseCode
       *                     indicating 0
       *                 and containing an enrolment certificate
       *         }
       *         then {
       *             the IUT switches to the "enrolled" state
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_ENR_RECV_02_BV
       * @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
       */
      testcase TC_SECPKI_ITSS_ENR_RECV_02_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
        /* v_itss.start(f_TC_SECPKI_ITSS_ENR_RECV_02_BV_itss()); */
        /* v_ea.start(f_TC_SECPKI_ITSS_ENR_RECV_02_BV_pki()); */
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        f_cfMtcDown(v_itss, v_ea);

      } // End of testcase TC_SECPKI_ITSS_ENR_RECV_02_BV

      group f_TC_SECPKI_ITSS_ENR_RECV_02_BV {
        
        function f_TC_SECPKI_ITSS_ENR_RECV_02_BV_itss() runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          
          // Test component configuration
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
          f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
          // Wait for IUT certificate
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
              tc_ac.stop;
              
              f_sendUtTriggerEnrolmentRequestPrimitive();
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            } 
          } // End of 'alt' statement
          
          // Test Body
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
              repeat; // OBU is till using old certificate
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              log("*** " & testcasename() & ": PASS: OBU is using a new  certificate ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": FAIL: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_error);
            } 
          } // End of 'alt' statement
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_ENR_RECV_02_BV_itss
        function f_TC_SECPKI_ITSS_ENR_RECV_02_BV_pki() runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ {
          // Local variable
          var HeaderLines v_headers;
          var HttpMessage v_request;
          
          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
          
          // Test adapter configuration
          
          // Preamble
          f_init_default_headers_list(-, "inner_ec_response", v_headers);
          f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          
          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_eaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerEcRequest v_inner_ec_request;
              
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_response, v_result, -, -, cantparse);
              // Send response forcing error code
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_ENR_RECV_02_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_ENR_RECV_02_BV
      
    } // End of group itss_enrolment_response

    group itss_authorization_request {
      
      /**
       * @desc Check that the ITS-S send the Authorization Request message to the Authorization Authority (AA) to request an authorization ticket.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_01_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.0
       */
      testcase TC_SECPKI_ITSS_AUTH_01_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_01_BV
      
      group f_TC_SECPKI_ITSS_AUTH_01_BV {
        
        function f_TC_SECPKI_ITSS_AUTH_01_BV_itss() runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          
          // Test component configuration
          vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          f_readCertificate(vc_hashedId8ToBeUsed, v_certificate);
          f_getCertificateDigest(vc_hashedId8ToBeUsed, v_certificate_digest);
          // Wait for IUT certificate
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
              tc_ac.stop;

              if (PX_TRIGGER_EC_BEFORE_AT) {
                f_sendUtTriggerEnrolmentRequestPrimitive();
              }
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
          } // End of 'alt' statement
          
          // Test Body
          f_sendUtTriggerAuthorizationRequestPrimitive();
          log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
          f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_itss
        
        function f_TC_SECPKI_ITSS_AUTH_01_BV_pki() runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ {
          // Local variable
          var HeaderLines v_headers;
          var HttpMessage v_request;
          var InnerEcResponse v_inner_ec_response;

          // Test component configuration
          f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
          
          // Test adapter configuration
          
          // Preamble
          if (PX_TRIGGER_EC_BEFORE_AT) {
            if (f_await_ec_request_send_response(v_inner_ec_response) == true) {
              log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_success);
            } else {
              log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
            }
          } else {
            f_selfOrClientSyncAndVerdict(c_prDone, e_success);
          }
          
          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              var HttpMessage v_response;
              var integer v_result;
              var InnerAtRequest v_inner_at_request;
              
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_at_request, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_AUTH_01_BV
      
      /**
       * @desc Check that the AuthorizationRequest message is encrypted and sent to only one Authorization Authority.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *             authorized with CERT_AA certificate
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                 containing content.encryptedData.recipients
       *                     indicating size 1
       *                     and containing the instance of RecipientInfo
       *                         containing certRecipInfo
       *                             containing recipientId
       *                                 indicating HashedId8 of the CERT_AA
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_02_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_02_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_02_BV
      
      /**
       * @desc Check that the AuthorizationRequest message is encrypted using the encryptionKey found in the AA certificate referenced in recipientId.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *             authorized with CERT_AA certificate
       *                 containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                 containing content.encryptedData
       *                     containing ciphertext
       *                         containing data
       *                             encrypted using AA_ENC_PUB_KEY
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_03_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_03_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_03_BV
      
      /**
       * @desc Check that the AuthorizationRequest message is never reused the same encryption key and nonce.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                 containing content.encryptedData
       *                     containing ciphertext.aes128ccm.nonce
       *                         indicating value not equal to the nonce in N previous messages
       *                 and containing recipients[0].certRecipInfo.encKey
       *                     containing encrypted symmetric key (S_KEY)
       *                         indicating symmetric key not equal to the key was used in N previous messages
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_04_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_04_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_04_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_04_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_04_BV
      
      group f_TC_SECPKI_ITSS_AUTH_04_BV {
        
        function f_TC_SECPKI_ITSS_AUTH_04_BV_itss() runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
          // Local variables
          var HashedId8               v_certificate_digest;
          var EtsiTs103097Certificate v_certificate;
          
          // Test component configuration
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          // First enrolment
          geoNetworkingPort.clear;
          tc_ac.start;
          alt {
            [] a_await_cam_with_current_cert(v_certificate_digest, v_certificate) {
              tc_ac.stop;

              if (PX_TRIGGER_EC_BEFORE_AT) {
                f_sendUtTriggerEnrolmentRequestPrimitive();
                f_selfOrClientSyncAndVerdict(c_prDone, e_success);
              }
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          // N authorization
          for (var integer v_i := 0; v_i < PX_RE_AUTHORIZATION_COUNTER; v_i := v_i + 1) {
            f_sendUtTriggerAuthorizationRequestPrimitive();
            f_sleep(PX_RE_AUTHORIZATION_DELAY);
          } // End of 'for' statement
          log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_itss
        
        function f_TC_SECPKI_ITSS_AUTH_04_BV_pki() runs on ItsPkiHttp /*system ItsPkiHttpSystem*/ {
          // Local variable
          var integer v_counter := 0;
          var HeaderLines v_headers;
          var HttpMessage v_request;
          var HttpMessage v_response;
          var InnerAtRequest v_inner_at_request;
          var ListOfPublicVerificationKey v_generated_keys;
          var integer v_result;
          
          // Test component configuration
          f_cfHttpUp();
          
          // Test adapter configuration
          
          // Preamble
          f_init_default_headers_list(-, "inner_at_response", v_headers);
          // Wait for the first enrolment response
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_EC,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_at_request, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey;
                v_counter := v_counter + 1;
                f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          tc_ac.start;
          alt {
            [] a_await_at_http_response_from_iut(
                                                 mw_http_request(
                                                                 mw_http_request_post(
                                                                                      PICS_HTTP_POST_URI_AT,
                                                                                      -,
                                                                                      mw_http_message_body_binary(
                                                                                                                  mw_binary_body_ieee1609dot2_data(
                                                                                                                                                   mw_enrolmentRequestMessage(
                                                                                                                                                                              mw_encryptedData(
                                                                                                                                                                                               { *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
                                                                                                                                                                                               mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                               )))))),
                                                 v_request
                                                 ) {
              tc_ac.stop;

              // Verify IUT response
              f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_at_request, v_response, v_result);
              // Send response
              if (isvalue(v_response)) {
                httpPort.send(v_response);
              }
              // Set verdict
              if (v_result == 0) {
                log("*** " & testcasename() & ": LOG: ", match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey)), "***");
                if (match(v_generated_keys, superset(v_inner_at_request.publicKeys.verificationKey))) {
                  v_generated_keys[v_counter] := v_inner_at_request.publicKeys.verificationKey;
                  v_counter := v_counter + 1;
                  f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***");
                  f_selfOrClientSyncAndVerdict(c_prDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
                f_selfOrClientSyncAndVerdict(c_prDone, e_error);
              }
            }
            [] tc_ac.timeout {
              if (v_counter == PX_RE_AUTHORIZATION_COUNTER) {
                log("*** " & testcasename() & ": PASS: InnerAtRequest received with different key pairs ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
              }
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SECPKI_ITSS_AUTH_04_BV_pki
        
      } // End of group f_TC_SECPKI_ITSS_AUTH_04_BV
      
      /**
       * @desc Check that the Authozation request protocol version is set to 1.
       * <pre>
       * Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Authorization Ticket (AT)
       *         }
       *         then {
       *             the IUT sends EtsiTs103097Data to the AA
       *                 containing version
       *                     indicating value 1
       *                 and containing content
       *                     containing autihorizationRequest
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_ITSS_AUTH_05_BV
       * @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
       */
      testcase TC_SECPKI_ITSS_AUTH_05_BV() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfMtcUp(v_itss, v_ea);
        
        // Start component
        v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
        v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
        
        // Cleanup
        f_cfMtcDown(v_itss, v_ea);
        
      } // End of testcase TC_SECPKI_ITSS_AUTH_05_BV
      
    } // End of group itss_authorization_request
    
    group itss_authorization_response {
      // TODO
    } // End of group itss_authorization_response
    
    group itss_ctl_handling {
      // TODO
    } // End of group itss_ctl_handling
    
    group itss_crl_handling {
      // TODO
    } // End of group itss_crl_handling
    
  } // End of group itss_behavior
  
  group ea_behavior {

    group ea_helpers {

      
    } // End of group ea_helpers

    group enrolment_request_handling {
      /**
       * @desc The EnrolmentResponse message shall be sent by the EA to the  ITS-S across the interface at 
       *       reference point S3 in response to a received EnrolmentRequest message.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_RCV_01_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
Yann Garcia's avatar
Yann Garcia committed
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_RCV_01_BV

      /**
Yann Garcia's avatar
Yann Garcia committed
       * @desc Check that EA doesn't accept Enrolment rekeying request when enrolment is not permitted 
       *       by signing certificate.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing signer
       *                         containing digest
       *                             indicating HashedId8 of the certificate CERT
       *                                 containing appPermissions
       *                                     not containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                     or containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                         and containing ssp
       *                                             containing opaque[0] (version)
       *                                                 indicating other value than 1
       *                                             or containing opaque[1] (value)
       *                                                 indicating "Enrolment Request" (bit 1) set to 0
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage
       *                 containing InnerECResponse
       *                     containing responseCode
       *                         indicating "deniedpermissions"
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_RCV_02_BI
       * @reference ETSI TS 102 941, clause B.5
       */
      testcase TC_SECPKI_EA_ENR_RCV_02_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp("CERT_TS_EC_ENR_RCV_02_BI_01");
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_EC,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
          [] a_await_ec_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_enrolmentResponseMessage(
                                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                                              -,
                                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                              )))))),
                                               v_response
                                               ) {
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16)))));
              if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16)))) == false) {
                log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              } else {
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();

      } // End of testcase TC_SECPKI_EA_ENR_RCV_02_BI
    } // End of group enrolment_request_handling
    group enrolment_response {
garciay's avatar
garciay committed
      /**
       * @desc The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved 
       *       algorithm and the encryption shall be done with the same AES key as the one used 
       *       by the ITS-S requestor for the encryption of the EnrolmentRequest message
garciay's avatar
garciay committed
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
garciay's avatar
garciay committed
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *                 containing encKey
       *                     containing an encrypted AES key (SYMKEY)
garciay's avatar
garciay committed
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage
       *                 containing cipherTex
       *                     being encrypted using SYMKEY
garciay's avatar
garciay committed
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_01_BV
garciay's avatar
garciay committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
garciay's avatar
garciay committed
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
Yann Garcia's avatar
Yann Garcia committed
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
garciay's avatar
garciay committed
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
Yann Garcia's avatar
Yann Garcia committed
        }
garciay's avatar
garciay committed
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
garciay's avatar
garciay committed
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
garciay's avatar
garciay committed
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
Yann Garcia's avatar
Yann Garcia committed
        httpPort.send(
                      m_http_request(
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
Yann Garcia's avatar
Yann Garcia committed
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
garciay's avatar
garciay committed
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
Yann Garcia's avatar
Yann Garcia committed
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
garciay's avatar
garciay committed
            tc_ac.stop;
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
Yann Garcia's avatar
Yann Garcia committed
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
Yann Garcia's avatar
Yann Garcia committed
                              mw_http_response(
                                               mw_http_response_ko
                                               )) {
            tc_ac.stop;
            
            log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
garciay's avatar
garciay committed
        // Postamble
Yann Garcia's avatar
Yann Garcia committed
        f_cfHttpDown();
      } // End of testcase TC_SECPKI_EA_ENR_01_BV
    
garciay's avatar
garciay committed
      /**
       * @desc The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved 
       *       algorithm and the encryption shall be done with the same AES key as the one used 
       *       by the ITS-S requestor for the encryption of the EnrolmentRequest message.
garciay's avatar
garciay committed
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
garciay's avatar
garciay committed
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *                 containing encKey
       *                     containing an encrypted AES key (SYMKEY)
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage
       *                 containing cipherTex
       *                     being encrypted
       *                         using SYMKEY
       *                         and using an ETSI TS 103 097 approved algorithm
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP 22
garciay's avatar
garciay committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_02_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
garciay's avatar
garciay committed
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
garciay's avatar
garciay committed
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
garciay's avatar
garciay committed
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
garciay's avatar
garciay committed
        // Test adapter configuration
garciay's avatar
garciay committed
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
garciay's avatar
garciay committed
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
garciay committed
        // Test Body
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
garciay's avatar
garciay committed
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
garciay's avatar
garciay committed
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
garciay's avatar
garciay committed
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
              }
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
garciay's avatar
garciay committed
                              mw_http_response(
                                               mw_http_response_ko
                                               )) {
            tc_ac.stop;
            
            log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
          }
garciay's avatar
garciay committed
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
garciay's avatar
garciay committed
        // Postamble
        f_cfHttpDown();
      } // End of testcase TC_SECPKI_EA_ENR_02_BV
garciay's avatar
garciay committed
      /**
       * @desc The outermost structure is an EtsiTs103097Data-Encrypted structure containing 
       *       the component recipients containing one instance of RecipientInfo of choice 
       *       pskRecipInfo, which contains the HashedId8 of the symmetric key used by the 
       *       ITS-S to encrypt the EnrolmentRequest message to which the response is built 
       *       and containing the component ciphertext, once decrypted, contains an 
       *       EtsiTs103097Data-Signed structure
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
garciay's avatar
garciay committed
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing recipients
       *                     containing one instance of RecipientInfo of choice pskRecipInfo
       *                         containing the HashedId8 of the symmetric key used to encrypt the EnrolmentRequestMessage
       *                 and containing cipherText
       *                     being an encrypted EtsiTs103097Data-Signed structure
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_03_BV
garciay's avatar
garciay committed
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_03_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
garciay's avatar
garciay committed
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
garciay's avatar
garciay committed
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
garciay's avatar
garciay committed
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
garciay's avatar
garciay committed
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
garciay's avatar
garciay committed
        // Test adapter configuration
garciay's avatar
garciay committed
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
garciay's avatar
garciay committed
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
garciay's avatar
garciay committed
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
garciay's avatar
garciay committed
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
garciay committed
        // Test Body
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
garciay's avatar
garciay committed
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
              }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_03_BV
      /**
       * @desc If the ITS-S has been able to decrypt the content, this expected EtsiTs103097Data-Signed structure shall 
       *       contain hashId, tbsData, signer and signature. The hashId shall indicate the hash algorithm to be used as 
       *       specified in ETSI TS 103 097, the signer shall be declared as a digest, containing the HashedId8 of the 
       *       EA certificate and the signature over tbsData shall be computed using the EA private key corresponding to 
       *       its publicVerificationKey found in the referenced EA certificate.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing hashId
       *                        indicating the hash algorithm to be used as specified in ETSI TS 103 097
       *                     and containing tbsData
       *                     and containing signer
       *                         declared as a digest
       *                             containing the HashedId8 of the EA certificate
       *                     and containing signature
       *                         computed over tbsData
       *                             using the EA private key
       *                                 corresponding to the publicVerificationKey found in the referenced EA certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_04_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_04_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
      
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
garciay's avatar
garciay committed
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
garciay's avatar
garciay committed
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
garciay's avatar
garciay committed
            tc_ac.stop;
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode) == false) {
Yann Garcia's avatar
Yann Garcia committed
                  log("*** " & testcasename() & ": FAIL: Cannot verify EC certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                } else {
                  log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
garciay's avatar
garciay committed
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_04_BV
       * @desc Within the headerInfo of the tbsData, the psid shall be set to “secured certificate request� as assigned in 
       *       ETSI TS 102 965 and the generationTime shall be present.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing headerInfo
       *                             containing psid
       *                                 indicating AID_CERT_REQ
       *                             and containing generationTime
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_05_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_05_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
garciay's avatar
garciay committed
            tc_ac.stop;
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
Yann Garcia's avatar
Yann Garcia committed
                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode)) {
                  log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
Yann Garcia's avatar
Yann Garcia committed
                  log("*** " & testcasename() & ": FAIL: Cannot verify EC certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
garciay's avatar
garciay committed
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_05_BV
      
      /**
       * @desc Within the headerInfo of the tbsData, aside from psid and generationTime, 
       *       all other components of the component tbsData.headerInfo not used and absent.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing headerInfo
       *                             containing psid
       *                             and containing generationTime
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_06_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_06_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
      
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
Yann Garcia's avatar
Yann Garcia committed
                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode)) {
                  log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
Yann Garcia's avatar
Yann Garcia committed
                  log("*** " & testcasename() & ": FAIL: Cannot verify EC certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_06_BV
      
      /**
       * @desc The EtsiTS102941Data shall contain the version set to v1 (integer value set to 1) 
       *       and the content set to InnerECResponse.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing version
       *                                 indicating v1 (integer value set to 1)
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_07_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_07_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_07_BV
      
      /**
       * @desc The InnerECResponse shall contain the requestHash, which is the left-most 16 octets of the SHA256 digest of the 
       *       EtsiTs103097Data - Signed structure received in the request and a responseCode indicating the result of the request.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing requestHash
       *                                 indicating the left-most 16 octets of the SHA256 digest of the EtsiTs103097Data-Signed structure received in the request
       *                             and containing responseCode
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_08_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_08_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_08_BV
      
      /**
       * @desc If the responseCode is 0, the InnerECResponse shall also contain an (enrolment) certificate.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 containing an enrolment certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_09_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_09_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             { mw_recipientInfo_pskRecipInfo },
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
Yann Garcia's avatar
Yann Garcia committed
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) {
Yann Garcia's avatar
Yann Garcia committed
                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode) == true) {
Yann Garcia's avatar
Yann Garcia committed
                  log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: EC certificate is not proerly formated ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_09_BV
       * @desc If the responseCode is different than 0, the InnerECResponse shall not contain a certificate.
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 not containing a certificate
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_10_BV
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SECPKI_EA_ENR_10_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_invalid_enrolment_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ko))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_10_BV
      
      /**
       * @desc Check that signing of Enrolment response message is permitted by the EA certificate.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing signer
       *                         declared as a digest
       *                             containing the HashedId8 of the EA certificate
       *                                 containing appPermissions
       *                                     containing an item of type PsidSsp
       *                                         containing psid
       *                                             indicating AID_CERT_REQ
       *                                         and containing ssp
       *                                             containing opaque[0] (version) 
       *                                                 indicating 1
       *                                             containing opaque[1] (value) 
       *                                                 indicating bit "Enrolment Response" (5) set to 1
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_11_BV
       * @reference ETSI TS 102 941, clause B[5]
       */
      testcase TC_SECPKI_EA_ENR_11_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             { mw_recipientInfo_pskRecipInfo },
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) {
                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode) == true) {
                  log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: EC certificate is not proerly formated ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_11_BV
      
      /**
       * @desc Check that generated EC certificate contains only allowed permissions.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the EC_CERT
       *                 containing appPermissions
       *                     containing an item of type PsidSsp
       *                         containing psid
       *                             indicating AID_CERT_REQ
       *                         and containing ssp
       *                             containing opaque[0] (version) 
       *                                 indicating 1
       *                             containing opaque[1] (value) 
       *                                 indicating "Enrolment Request" (bit 0) set to 1
       *                                 indicating "Authorization Request" (bit 1) set to 1
       *                                 indicating other bits set to 0
       *                     and NOT containing an item of type PsidSsp
       *                         containing psid
       *                             indicating AID_CTL
       *                     and NOT containing an item of type PsidSsp
       *                         containing psid
       *                             indicating AID_CRL
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_ENR_12_BV
       * @reference ETSI TS 102 941, clause B[5]
       */
      testcase TC_SECPKI_EA_ENR_12_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_public_compressed_key;
        var integer v_compressed_mode;
        var Oct32 v_request_hash;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var Oct16 v_aes_sym_key;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_ec_request(v_private_key, v_public_compressed_key, v_compressed_mode, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        f_init_default_headers_list(-, "inner_ec_request", v_headers);
        httpPort.send(
                      m_http_request(
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                         PICS_HTTP_POST_URI_EC,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
Yann Garcia's avatar
Yann Garcia committed
          [not(PICS_MULTIPLE_END_POINT)] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             { mw_recipientInfo_pskRecipInfo },
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
Yann Garcia's avatar
Yann Garcia committed
            if (f_verify_pki_response_message(v_private_key, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -)))), " ***"); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_ec, -))))) {
                if (f_verify_ec_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, vc_eaCertificate, v_public_compressed_key, v_compressed_mode) == true) {
                  log("*** " & testcasename() & ": PASS: Well-secured EC certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: EC certificate is not proerly formated ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_ENR_12_BV
      
    } // End of group enrolment_response
    group authorization_validation_request {

      group atv_helpers {

        function f_verify_http_at_response_from_iut_atv(
                                                        in InnerAtRequest p_inner_at_request,
                                                        in Response p_response,
                                                        in octetstring p_private_key,
                                                        in Oct16 p_aes_sym_key,
                                                        in Oct16 p_authentication_vector,
                                                        in Oct32 p_request_hash,
                                                        out InnerAtResponse p_inner_at_response,
                                                        out integer p_result
                                                        ) runs on ItsPkiHttp {
          // Local variables
          var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
          var EtsiTs102941Data v_etsi_ts_102941_data;
          var Oct16 v_aes_enc_key;
          var InnerEcResponse v_inner_ec_response;
          
          log(">>> f_verify_http_at_response_from_iut_atv: p_inner_at_request= ", p_inner_at_request);
          log(">>> f_verify_http_at_response_from_iut_atv: p_response= ", p_response);
          log(">>> f_verify_http_at_response_from_iut_atv: p_private_key= ", p_private_key);
          log(">>> f_verify_http_at_response_from_iut_atv: p_aes_sym_key= ", p_aes_sym_key);
          log(">>> f_verify_http_at_response_from_iut_atv: p_authentication_vector= ", p_authentication_vector);
          log(">>> f_verify_http_at_response_from_iut_atv: p_request_hash= ", p_request_hash);
          
          p_result := 0;
          
          if (f_verify_pki_response_message(p_private_key, p_aes_sym_key, p_authentication_vector, vc_eaWholeHash, p_response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
            // Set verdict
            p_result := -1;
          } else {
            log("f_verify_http_at_response_from_iut_atv: Receive ", v_etsi_ts_102941_data);
            log(match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok(substr(p_request_hash, 0, 16), mw_certificate_subject_attributes(p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.id, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.validityPeriod))))); // TODO In TITAN, this is the only way to get the unmatching in log
            if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok(substr(p_request_hash, 0, 16), mw_certificate_subject_attributes(p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.appPermissions, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.id, p_inner_at_request.sharedAtRequest.requestedSubjectAttributes.validityPeriod)))) == false) { 
              // Set verdict
              p_result := -2;
            } else {
              // TODO Refined expected mw_signature_ecdsaNistP256
              log("f_verify_http_at_response_from_iut_atv: Well-secured AT certificate received");
            }
          }
          
          log("<<< f_verify_http_at_response_from_iut_atv: p_result: ", p_result);
        } // End of function f_verify_http_at_response_from_iut_atv
        
      } // End of group atv_helpers
      
      /**
       * @desc The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface 
       *       at reference point S4 in response to a received AuthorizationValidationRequest message
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
Yann Garcia's avatar
Yann Garcia committed
       *             the IUT receives a AuthorizationValidationRequest message
garciay's avatar
garciay committed
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_AUTHVAL_RCV_01_BV
       * @reference ETSI TS 102 941, clause 6.2.3.4
       */
      testcase TC_SECPKI_EA_AUTHVAL_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
Yann Garcia's avatar
Yann Garcia committed
        // Local variables
Yann Garcia's avatar
Yann Garcia committed
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
Yann Garcia's avatar
Yann Garcia committed
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
Yann Garcia's avatar
Yann Garcia committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
Yann Garcia's avatar
Yann Garcia committed
        var EtsiTs102941Data v_etsi_ts_102941_data;
Yann Garcia's avatar
Yann Garcia committed
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, cc_taCert_A_AA);
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
Yann Garcia's avatar
Yann Garcia committed
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
Yann Garcia's avatar
Yann Garcia committed
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
        if (f_generate_inner_at_request(vc_aaCertificate, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
Yann Garcia's avatar
Yann Garcia committed
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
Yann Garcia's avatar
Yann Garcia committed
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
Yann Garcia's avatar
Yann Garcia committed
            tc_ac.stop;
            f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
Yann Garcia's avatar
Yann Garcia committed
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify AT response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
Yann Garcia's avatar
Yann Garcia committed
        f_cfHttpDown();
      } // End of testcase TC_SECPKI_EA_AUTHVAL_RCV_01_BV
Yann Garcia's avatar
Yann Garcia committed
      
      /**
       * @desc Check that EA doesn't accept Authorization Validation Request when 
       *       SharedAtRequest is signed with certificate without appropriate 
       *       permissions
Yann Garcia's avatar
Yann Garcia committed
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
Yann Garcia's avatar
Yann Garcia committed
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
garciay's avatar
garciay committed
       *             the IUT receives a AuthorizationValidationRequest  message
Yann Garcia's avatar
Yann Garcia committed
       *         }
       *         then {
garciay's avatar
garciay committed
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
Yann Garcia's avatar
Yann Garcia committed
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_AUTHVAL_RCV_02_BI
       * @reference ETSI TS 102 941, clause B[5]
Yann Garcia's avatar
Yann Garcia committed
       */
      testcase TC_SECPKI_EA_AUTHVAL_RCV_02_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
Yann Garcia's avatar
Yann Garcia committed
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
Yann Garcia's avatar
Yann Garcia committed
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
Yann Garcia's avatar
Yann Garcia committed
        
        // Test control
Yann Garcia's avatar
Yann Garcia committed
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
Yann Garcia's avatar
Yann Garcia committed
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp("CERT_TS_EA_AUTHVAL_RCV_02_BI_02", cc_taCert_A_AA);
Yann Garcia's avatar
Yann Garcia committed
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
        if (f_generate_inner_at_request(vc_aaCertificate, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
Yann Garcia's avatar
Yann Garcia committed
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
Yann Garcia's avatar
Yann Garcia committed
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
Yann Garcia's avatar
Yann Garcia committed
            tc_ac.stop;
            
            if (f_verify_pki_response_message(v_private_key_at, v_aes_sym_key, v_authentication_vector, vc_eaWholeHash, v_response.response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log(match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16)))));
              if (match(v_etsi_ts_102941_data, mw_etsiTs102941Data_inner_ec_response(mw_innerEcResponse_ko(substr(v_request_hash, 0, 16)))) == false) {
                log("*** " & testcasename() & ": FAIL: Invalid InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              } else {
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              }
            }
Yann Garcia's avatar
Yann Garcia committed
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
Yann Garcia's avatar
Yann Garcia committed
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_AUTHVAL_RCV_02_BI
Yann Garcia's avatar
Yann Garcia committed
      
    } // End of group authorization_validation_request

    group authorization_validation_response {
       * @desc The EtsiTs103097Data-Encrypted is build with the component recipients containing one instance of RecipientInfo 
       *       of choice pskRecipInfo, which contains the HashedId8 of the symmetric key used by the ITS-S to encrypt the 
       *       AuthorizationRequest message to which the response is built and the component ciphertext containing the encrypted 
       *       representation of the EtsiTs103097Data-Signed. The encryption uses a ETSI TS 103 097 [3] approved algorithm.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest message
       *                 containing encKey
       *                     containing the encrypted symmetric data encryption key (SYMKEY)
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 containing EtsiTs103097Data-Encrypted
       *                     containing recipients
       *                         containing one instance of RecipientInfo of choice pskRecipInfo
       *                             indicating the HashedId8 of SYMKEY
       *                     and containing ciphertext
       *                         containing EtsiTs103097Data-Signed
       *                             being encrypted using SYMKEY and an ETSI TS 103 097 approved algorithm
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_AUTHVAL_01_BV
       * @reference ETSI TS 102 941, clause 6.2.3.4.2
      testcase TC_SECPKI_EA_AUTHVAL_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
Yann Garcia's avatar
Yann Garcia committed
        var integer v_compressed_key_mode_ec;
Yann Garcia's avatar
Yann Garcia committed
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, cc_taCert_A_AA);
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
Yann Garcia's avatar
Yann Garcia committed
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
Yann Garcia's avatar
Yann Garcia committed
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
        if (f_generate_inner_at_request(vc_aaCertificate, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
Yann Garcia's avatar
Yann Garcia committed
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
Yann Garcia's avatar
Yann Garcia committed
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
Yann Garcia's avatar
Yann Garcia committed
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
4291 4292 4293 4294 4295 4296 4297 4298 4299 4300 4301 4302 4303 4304 4305 4306 4307 4308 4309 4310 4311 4312 4313 4314 4315 4316 4317 4318 4319 4320 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 4332 4333 4334 4335 4336 4337 4338 4339 4340 4341 4342 4343 4344 4345 4346 4347 4348 4349 4350 4351 4352 4353 4354 4355 4356 4357 4358 4359 4360 4361 4362 4363 4364 4365 4366 4367 4368 4369 4370 4371 4372 4373 4374 4375 4376 4377 4378 4379 4380 4381 4382 4383 4384 4385 4386 4387 4388 4389 4390 4391 4392 4393 4394 4395 4396 4397 4398 4399 4400 4401 4402 4403 4404 4405 4406 4407 4408 4409 4410 4411 4412 4413 4414 4415 4416 4417 4418 4419 4420 4421 4422 4423 4424 4425 4426 4427 4428 4429 4430 4431 4432 4433 4434 4435 4436 4437 4438 4439 4440 4441 4442 4443 4444 4445 4446 4447 4448 4449 4450 4451 4452 4453 4454 4455 4456 4457 4458 4459 4460 4461 4462 4463 4464 4465 4466 4467 4468 4469 4470 4471 4472 4473 4474 4475 4476 4477 4478 4479 4480 4481 4482 4483 4484 4485 4486 4487 4488 4489 4490 4491 4492 4493 4494 4495 4496 4497 4498 4499 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 4520 4521 4522 4523 4524 4525 4526 4527 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 4539 4540 4541 4542 4543 4544 4545 4546 4547 4548 4549 4550 4551 4552 4553 4554 4555 4556 4557 4558 4559 4560 4561 4562 4563 4564 4565 4566 4567 4568 4569 4570 4571 4572 4573 4574 4575 4576 4577 4578 4579 4580 4581 4582 4583 4584 4585 4586 4587 4588 4589 4590 4591 4592 4593 4594 4595 4596 4597 4598 4599 4600 4601 4602 4603 4604 4605 4606 4607 4608 4609 4610 4611 4612 4613 4614 4615 4616 4617 4618 4619 4620 4621 4622 4623 4624 4625 4626 4627 4628 4629 4630 4631 4632 4633 4634 4635 4636 4637 4638 4639 4640 4641 4642 4643 4644 4645 4646 4647 4648 4649 4650 4651 4652 4653 4654 4655 4656 4657 4658 4659 4660 4661 4662 4663 4664 4665 4666 4667 4668 4669 4670 4671 4672 4673 4674 4675 4676 4677 4678 4679 4680 4681 4682 4683 4684 4685 4686 4687 4688 4689 4690 4691 4692 4693 4694 4695 4696 4697 4698 4699 4700 4701 4702 4703 4704 4705 4706 4707 4708 4709 4710 4711 4712 4713 4714 4715 4716 4717 4718 4719 4720 4721 4722 4723 4724 4725 4726 4727 4728 4729 4730 4731 4732 4733 4734 4735 4736 4737 4738 4739 4740 4741 4742 4743 4744 4745 4746 4747 4748 4749 4750 4751 4752 4753 4754 4755 4756 4757 4758 4759 4760 4761 4762 4763 4764 4765 4766 4767 4768 4769 4770 4771 4772 4773 4774 4775 4776 4777 4778 4779 4780 4781 4782 4783 4784 4785 4786 4787 4788 4789 4790 4791 4792
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify AT response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_AUTHVAL_01_BV
      
      /**
       * @desc To read an authorization validation response, the AA shall receive an EtsiTs103097Data-Encrypted structure, 
       *       containing a EtsiTs103097Data-Signed structure, containing a EtsiTs102941Data structure, containing an 
       *       AuthorizationValidationResponse structure.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest message
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 containing EtsiTs103097Data-Signed
       *                     containing AuthorizationValidationResponse
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_AUTHVAL_02_BV
       * @reference ETSI TS 102 941, clause 6.2.3.4.2
       */
      testcase TC_SECPKI_EA_AUTHVAL_02_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, cc_taCert_A_AA);
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
        if (f_generate_inner_at_request(vc_aaCertificate, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify AT response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_AUTHVAL_02_BV
      
      /**
       * @desc The AuthorizationValidationResponse structure contains the requestHash being the left-most 16 octets of 
       *       the SHA256 digest of the EtsiTs103097Data-Signed structure received in the AuthorizationValidationRequest 
       *       and a responseCode.
       * <pre>
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives a AuthorizationValidationRequest message
       *                 containing EtsiTs103097Data-Signed structure (REQDSS)
       *         }
       *         then {
       *             the IUT sends a AuthorizationValidationResponse message
       *                 containing EtsiTs103097Data-Signed
       *                     containing EtsiTs102941Data
       *                         containing AuthorizationValidationResponse
       *                             containing requestHash
       *                                 indicating the left-most 16 octets of the SHA256 digest of REQDSS
       *                             and containing responseCode
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 TP SECPKI_EA_AUTHVAL_03_BV
       * @reference ETSI TS 102 941, clause 6.2.3.4.2
       */
      testcase TC_SECPKI_EA_AUTHVAL_03_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer v_compressed_key_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var InnerAtRequest v_inner_at_request;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, cc_taCert_A_AA);
        
        // Test adapter configuration
        
        // Preamble
        // Trigger an enrolment request
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        // Generate an InnerAtRequest
        if (f_generate_inner_at_request(vc_aaCertificate, vc_aaHashedId8, vc_eaCertificate, vc_eaWholeHash/*salt*/, vc_eaHashedId8, v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_inner_at_request) == false) {
          log("*** " & testcasename() & ": ERROR: Failed to generate AuthorizationValidationRequest ***");
          f_selfOrClientSyncAndVerdict("error", e_error);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_at_request= ", v_inner_at_request);
        log("*** " & testcasename() & ": DEBUG: v_private_key_at= ", v_private_key_at);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        f_http_build_authorization_validation_request(v_inner_at_request, v_public_compressed_key_at, v_compressed_key_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_atv_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_ATV,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_atv_http_response_from_iut(
                                                mw_http_response(
                                                                 mw_http_response_ok(
                                                                                     mw_http_message_body_binary(
                                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                                  mw_authorizationResponseMessage(
                                                                                                                                                                                  mw_encryptedData(
                                                                                                                                                                                                   { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                   mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                   )))))),
                                                v_response
                                                ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_atv(v_inner_at_request, v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify AT response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SECPKI_EA_AUTHVAL_03_BV
      
    } // End of group authorization_validation_response
    
    group authorization_response {
      // TODO
    } // End of group authorization_response
    
    group ca_ceetificate_request {
      // TODO
    } // End of group ca_ceetificate_request
    
  } // End of group ea_behavior

  group aa_behavior {

    group aa_helpers {

      function f_verify_http_at_response_from_iut_aa(
                                                     in Response p_response,
                                                     in octetstring p_private_key,
                                                     in Oct16 p_aes_sym_key,
                                                     in Oct16 p_authentication_vector,
                                                     in Oct32 p_request_hash,
                                                     out InnerAtResponse p_inner_at_response,
                                                     out integer p_result
                                                     ) runs on ItsPkiHttp {
        // Local variables
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        var Oct16 v_aes_enc_key;
        var InnerEcResponse v_inner_ec_response;
        
        log(">>> f_verify_http_at_response_from_iut_aa: p_response= ", p_response);
        log(">>> f_verify_http_at_response_from_iut_aa: p_private_key= ", p_private_key);
        log(">>> f_verify_http_at_response_from_iut_aa: p_aes_sym_key= ", p_aes_sym_key);
        log(">>> f_verify_http_at_response_from_iut_aa: p_authentication_vector= ", p_authentication_vector);
        log(">>> f_verify_http_at_response_from_iut_aa: p_request_hash= ", p_request_hash);
        
        p_result := 0;
        
        if (f_verify_pki_response_message(p_private_key, p_aes_sym_key, p_authentication_vector, vc_aaWholeHash, p_response.body.binary_body.ieee1609dot2_data, true, v_etsi_ts_102941_data) == false) {
          // Set verdict
          p_result := -1;
        } else {
          log("f_verify_http_at_response_from_iut_aa: Receive ", v_etsi_ts_102941_data);
          log(match(v_etsi_ts_102941_data.content, mw_authorizationResponse(mw_innerAtResponse_ok(substr(p_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_at, -))))); // TODO In TITAN, this is the only way to get the unmatching in log
          if (match(v_etsi_ts_102941_data.content, mw_authorizationResponse(mw_innerAtResponse_ok(substr(p_request_hash, 0, 16), mw_etsiTs103097Certificate(-, mw_toBeSignedCertificate_at, -)))) == false) { 
            // Set verdict
            p_result := -2;
          } else {
            // Verify AT Certificate signature
            if (f_verifyCertificateSignatureWithIssuingCertificate(v_etsi_ts_102941_data.content.authorizationResponse.certificate, vc_aaCertificate) == false) {
              // Set verdict
              p_result := -3;
            }
            log("f_verify_http_at_response_from_iut_aa: Well-secured AT certificate received");
          }
        }
        
        log("<<< f_verify_http_at_response_from_iut_aa: p_result: ", p_result);
      } // End of function f_verify_http_at_response_from_iut_aa
      
    } // End of group aa_helpers 
    
    group authorization_request {
      
      /**
       * @desc Check that the EA/AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
       *       Check that the EA/AA is able to verify the inner signature
       *       Check that the EA/AA is able to verify the request authenticity using the hmacKey verification
       *       Check that the EA/AA sends the AuthorizationValidationRequest message to the correspondent EA
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE and not PICS_PKI_AUTH_POP
       * Initial conditions: 
       *     with {
       *          the EA/AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *                    and containing cyphertext (ENC_DATA)
       *                        containing encrypted representation of the EtsiTs103097Data-Signed
       *                            containing content.signedData
       *                                containing hashId
       *                                    indicating valid hash algorythm
       *                and containing signer
       *                    containing self
       *                and containing tbsData (SIGNED_DATA)
       *                    containing payload
       *                        containing EtsiTs102941Data
       *                            containing content.authorizationRequest
       *                                containing publicKeys.verificationKey (V_KEY)
       *                                and containing hmacKey (HMAC)
       *                                and containing sharedAtRequest
       *                                    containing keyTag (KEY_TAG)
       *                                    and containing eaId (EA_ID)
       *                                        indicating HashedId8 of the known EA certificate
       *                and containing signature (SIGNATURE)
       *         }
       *         then {
       *            the IUT is able to decrypt the S_KEY
       *                using the private key
       *                    corresponding to the AA_ENC_PUB_KEY
       *            and the IUT is able to decrypt the cypthertext ENC_DATA
       *                using the S_KEY
       *            and the IUT is able to verify the signature SIGNATURE over the SIGNED_DATA
       *                using the V_KEY
       *            and the IUT is able to verify integrity of HMAC and KEY_TAG
       *            and the IUT sends the AuthorizationValidationRequest message to the EA
       *                identified by the EA_ID
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_AA_AUTH_RCV_01_BV
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SECPKI_AA_AUTH_RCV_01_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer p_compressed_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        
        // Test Body
        f_http_build_authorization_request(v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_at_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_AT,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_at_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_authorizationResponseMessage(
                                                                                                                                                                                 mw_encryptedData(
                                                                                                                                                                                                  { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                  mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                  )))))),
                                               v_response
                                               ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
garciay's avatar
garciay committed
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
garciay's avatar
garciay committed
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify AT response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
Yann Garcia's avatar
Yann Garcia committed
            }
garciay's avatar
garciay committed
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
Yann Garcia's avatar
Yann Garcia committed
      } // End of testcase TC_SECPKI_AA_AUTH_RCV_01_BV
      /**
       * @desc Check that the AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
       *       Check that the AA is able to verify the request authenticity using the hmacKey verification
       *       Check that the AA sends the AuthorizationValidationRequest message to the correspondent EA
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the EA/AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *                    and containing cyphertext (ENC_DATA)
       *                        containing EtsiTs102941Data
       *                            containing content.authorizationRequest
       *                                containing publicKeys.verificationKey (V_KEY)
       *                                and containing hmacKey (HMAC)
       *                                and containing sharedAtRequest
       *                                    containing keyTag (KEY_TAG)
       *                                    and containing eaId (EA_ID)
       *                                        indicating HashedId8 of the known EA certificate
       *         }
       *         then {
       *            the IUT is able to decrypt the S_KEY
       *                using the private key
       *                    corresponding to the AA_ENC_PUB_KEY
       *            and the IUT is able to decrypt the cypthertext ENC_DATA
       *                using the S_KEY
       *            and the IUT is able to verify integrity of HMAC and KEY_TAG
       *            and the IUT sends the AuthorizationValidationRequest message to the EA
       *                identified by the EA_ID
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_AA_AUTH_RCV_02_BV
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SECPKI_AA_AUTH_RCV_02_BV() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer p_compressed_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE or PICS_PKI_AUTH_POP) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE and not PICS_PKI_AUTH_POP required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        
        // Test Body
        f_http_build_authorization_request(v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        f_init_default_headers_list(-, "inner_at_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_AT,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_ac.start;
        alt {
          [] a_await_at_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_authorizationResponseMessage(
                                                                                                                                                                                 mw_encryptedData(
                                                                                                                                                                                                  { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                  mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                  )))))),
                                               v_response
                                               ) {
            var integer v_result;
            var InnerAtResponse v_inner_at_response;
            
            tc_ac.stop;
            
            f_verify_http_at_response_from_iut_aa(v_response.response, v_private_key_at, v_aes_sym_key, v_authentication_vector, v_request_hash, v_inner_at_response, v_result);
            // Set verdict
            if (v_result == 0) {
              log("*** " & testcasename() & ": PASS: Well-secured AT certificate received ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
            } else {
              log("*** " & testcasename() & ": FAIL: Failed to verify AT response  ***");
              f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
      } // End of testcase TC_SECPKI_AA_AUTH_RCV_02_BV
      
      /**
       * @desc Check that the AA skips the AuthorizationRequest message if it is not addressed to this AA
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the EA/AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    NOT equal to the HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *         }
       *         then {
       *            the IUT does not send the AuthorizationValidationRequest message
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_AA_AUTH_RCV_03_BI
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SECPKI_AA_AUTH_RCV_03_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer p_compressed_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        
        // Test Body
        f_http_build_authorization_request(v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        v_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].pskRecipInfo := int2oct(314259265, 8);
        f_init_default_headers_list(-, "inner_at_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_AT,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_noac.start;
        alt {
          [] a_await_at_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_authorizationResponseMessage(
                                                                                                                                                                                 mw_encryptedData(
                                                                                                                                                                                                  { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                  mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                  )))))),
                                               v_response
                                               ) {
            tc_noac.stop;
            
            log("*** " & testcasename() & ": FAIL: IUT shall not process the request ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
          }
          [] a_await_at_http_response_from_iut(mw_http_response(mw_http_response_ko), v_response) {
            tc_noac.stop;
            
            log("*** " & testcasename() & ": PASS: IUT has rejected the request ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          }
          [] tc_noac.timeout {
            log("*** " & testcasename() & ": PASS: IUT has discarded the request ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
      } // End of testcase TC_SECPKI_AA_AUTH_RCV_03_BI
      
      /**
       * @desc Check that the AA skips the AuthorizationRequest message if it unable to decrypt the encKey
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the EA/AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating value
       *                                        equal to the HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the OTHER private key correspondent to the AA_ENC_PUB_KEY
       *         }
       *         then {
       *            the IUT does not send the AuthorizationValidationRequest message
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_AA_AUTH_RCV_04_BI
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SECPKI_AA_AUTH_RCV_04_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer p_compressed_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        
        // Test Body
        f_http_build_authorization_request_with_wrong_private_key(v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        if (ischosen(v_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesNistP256)) {
          v_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesNistP256.c[1] := 'aa'O;
          v_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesNistP256.c[2] := 'bb'O;
        } else {
          v_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesBrainpoolP256r1.c[1] := 'aa'O;
          v_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesBrainpoolP256r1.c[2] := 'bb'O;
        }
        f_init_default_headers_list(-, "inner_at_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_AT,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_noac.start;
        alt {
          [] a_await_at_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_authorizationResponseMessage(
                                                                                                                                                                                 mw_encryptedData(
                                                                                                                                                                                                  { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                  mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                  )))))),
                                               v_response
                                               ) {
            tc_noac.stop;
            
            log("*** " & testcasename() & ": FAIL: IUT shall not process the request ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
          }
          [] a_await_at_http_response_from_iut(mw_http_response(mw_http_response_ko), v_response) {
            tc_noac.stop;
            
            log("*** " & testcasename() & ": PASS: IUT has rejected the request ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          }
          [] tc_noac.timeout {
            log("*** " & testcasename() & ": PASS: IUT has discarded the request ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
      } // End of testcase TC_SECPKI_AA_AUTH_RCV_04_BI
      
      /**
       * @desc Check that the AA skips the AuthorizationRequest message if it unable to decrypt the encKey
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the EA/AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients[0].encKey
       *                        indicating encrypted symmetric key (S_KEY)
       *                    and containing cyphertext (ENC_DATA)
       *                        encrypted with the OTHER key than S_KEY
       *         }
       *         then {
       *            the IUT does not send the AuthorizationValidationRequest message
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS 103 525-2 v0.0.10 SECPKI_AA_AUTH_RCV_05_BI
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SECPKI_AA_AUTH_RCV_05_BI() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key_ec;
        var Oct32 v_public_compressed_key_ec;
        var integer v_compressed_key_mode_ec;
        var InnerEcResponse v_inner_ec_response;
        var Oct32 v_private_key_at;
        var Oct32 v_public_compressed_key_at;
        var integer p_compressed_mode_at;
        var Oct32 v_private_enc_key_at;
        var Oct32 v_public_compressed_enc_key_at;
        var integer v_compressed_enc_mode_at;
        var Oct32 v_request_hash;
        var Oct16 v_encrypted_sym_key;
        var Oct16 v_aes_sym_key;
        var HashedId8 v_aes_sym_key_hashed_id8;
        var Oct16 v_authentication_vector;
        var Oct12 v_nonce;
        var octetstring v_salt;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
        
        // Test adapter configuration
        
        // Preamble
        if (f_await_http_inner_ec_request_response(v_private_key_ec, v_public_compressed_key_ec, v_compressed_key_mode_ec, v_inner_ec_response) == false) {
          log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
        } else {
          log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        }
        log("*** " & testcasename() & ": DEBUG: v_inner_ec_response= ", v_inner_ec_response);
        log("*** " & testcasename() & ": DEBUG: v_private_key_ec= ", v_private_key_ec);
        
        // Test Body
        f_http_build_authorization_request(v_inner_ec_response.certificate, v_private_key_ec, v_private_key_at, v_public_compressed_key_at, p_compressed_mode_at, v_private_enc_key_at, v_public_compressed_enc_key_at, v_compressed_enc_mode_at, v_aes_sym_key, v_encrypted_sym_key, v_authentication_vector, v_nonce, v_salt, v_ieee1609dot2_signed_and_encrypted_data, v_request_hash);
        v_aes_sym_key_hashed_id8 := f_HashedId8FromSha256(f_hashWithSha256('80'O & v_aes_sym_key)); // Used to macth the response
        if (ischosen(v_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesNistP256)) {
          v_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesNistP256.c[1] := 'aa'O;
          v_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesNistP256.c[2] := 'bb'O;
        } else {
          v_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesBrainpoolP256r1.c[1] := 'aa'O;
          v_ieee1609dot2_signed_and_encrypted_data.content.encryptedData.recipients[0].certRecipInfo.encKey.eciesBrainpoolP256r1.c[2] := 'bb'O;
        }
        f_init_default_headers_list(-, "inner_at_request", v_headers);
        f_http_send(
                    v_headers,
                    m_http_request(
                                   m_http_request_post(
                                                       PICS_HTTP_POST_URI_AT,
                                                       v_headers,
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
        tc_noac.start;
        alt {
          [] a_await_at_http_response_from_iut(
                                               mw_http_response(
                                                                mw_http_response_ok(
                                                                                    mw_http_message_body_binary(
                                                                                                                mw_binary_body_ieee1609dot2_data(
                                                                                                                                                 mw_authorizationResponseMessage(
                                                                                                                                                                                 mw_encryptedData(
                                                                                                                                                                                                  { *, mw_recipientInfo_pskRecipInfo(v_aes_sym_key_hashed_id8), * },
                                                                                                                                                                                                  mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                                  )))))),
                                               v_response
                                               ) {
            tc_noac.stop;
            
            log("*** " & testcasename() & ": FAIL: IUT shall not process the request ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
          }
          [] a_await_at_http_response_from_iut(mw_http_response(mw_http_response_ko), v_response) {
            tc_noac.stop;
            
            log("*** " & testcasename() & ": PASS: IUT has rejected the request ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          }
          [] tc_noac.timeout {
            log("*** " & testcasename() & ": PASS: IUT has discarded the request ***");
            f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
      } // End of testcase TC_SECPKI_AA_AUTH_RCV_05_BI
      
garciay's avatar
garciay committed
    } // End of group authorization_request
    
garciay's avatar
garciay committed
  } // End of group aa_beavior
  
} // End of module ItsPki_TestCases