ItsPki_TestCases.ttcn

/**
 *  @author   ETSI / STF545
 *  @version  $URL$
 *            $Id$
 *  @desc     Testcases  file for Security Protocol
 *  @reference   ETSI TS ITS-00546v006
 *  @copyright   ETSI Copyright Notification
 *               No part may be reproduced except as authorized by written permission.
 *               The copyright and the foregoing restriction extend to reproduction in all media.
 *               All rights reserved.
 */
module ItsPki_TestCases {
  
  // Libcommon
  import from LibCommon_Time all;
  import from LibCommon_VerdictControl all;
  import from LibCommon_Sync all;
  import from LibCommon_BasicTypesAndValues all;
  import from LibCommon_DataStrings all;
    
  // LibIts
  import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
  import from IEEE1609dot2 language "ASN.1:1997" all;
  import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
  import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
  import from EtsiTs102941MessagesItss language "ASN.1:1997" all;
  import from EtsiTs103097Module language "ASN.1:1997" all;
  import from ITS_Container language "ASN.1:1997" all;
  import from CAM_PDU_Descriptions language "ASN.1:1997" all;
  
  // LibItsCommon
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_Functions all;
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_ASN1_NamedNumbers all;
  
  // LibItsGeoNetworking
  import from LibItsGeoNetworking_TestSystem all;
  import from LibItsGeoNetworking_Functions all;
  import from LibItsGeoNetworking_Templates all;
  import from LibItsGeoNetworking_TypesAndValues all;
  import from LibItsGeoNetworking_Pics all;
  
  // LibItsSecurity
  import from LibItsSecurity_TypesAndValues all;
  import from LibItsSecurity_TestSystem all;
  import from LibItsSecurity_Templates all;
  import from LibItsSecurity_Functions all;
  import from LibItsSecurity_Pixits all;
  import from LibItsSecurity_Pics all;
  
  // LibItsHttp
  import from LibItsHttp_TypesAndValues all;
  import from LibItsHttp_Templates all;
  import from LibItsHttp_BinaryTemplates all;
  import from LibItsHttp_Functions all;
  import from LibItsHttp_TestSystem all;
    
  // LibItsPki
  import from LibItsPki_Templates all;
  import from LibItsPki_Functions all;
  import from LibItsPki_TestSystem all;
    
  // AtsPki
  import from ItsPki_Functions all;

  /**
   * @desc 5.2	ITS-S behaviour
   */
  group itss_behavior {

    group itss_manufacturing {
      
      /**
       * @desc Check that IUT sends an enrolment request when triggered.
       * <pre>
       * Pics Selection: 
       * Initial conditions: 
       *     with {
       *         the IUT being in the "initial state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Enrolment Certificate (EC)
       *         }
       *         then {
       *             the IUT sends to EA an EnrolmentRequestMessage
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 2
       * @reference ETSI TS 102 941 [2], clause 6.1.3
       */
      testcase TC_SEC_PKI_ITSS_ENR_BV_01() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPki     v_ea;
        
        // Test component configuration
        //f_cfUp_itss();
        
        v_itss.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(cc_taCert_A));
        v_ea.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(cc_taCert_A));
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone});
        
        // Cleanup
        //f_cfDown_itss();
        
      } // End of testcase TC_SEC_PKI_ITSS_ENR_BV_01
      
      group f_TC_SEC_PKI_ITSS_ENR_BV_01 {
        
        function f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(in charstring p_certificate_id) runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
                
            // Local variables
            var LongPosVector v_longPosVectorIut;
            var GeoNetworkingInd v_response;
            var EtsiTs103097Certificate v_initial_certificate;
                
            // Test control
            if (not(PICS_GN_SECURITY)) {
                log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                stop;
            }
            
            // Test component configuration
            f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
            v_longPosVectorIut := f_getPosition(c_compIut);
                
            // Test adapter configuration
            
            // Preamble
            f_prNeighbour();
            f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
            // Wait for current certificate
            tc_ac.start;
            alt {
                [] geoNetworkingPort.receive(
                    mw_geoNwInd(
                        mw_geoNwSecPdu(
                            mw_etsiTs103097Data_signed(
                                mw_signedData(
                                    -, 
                                    mw_toBeSignedData(
                                        mw_signedDataPayload,
                                        mw_headerInfo_cam
                                    ),
                                    mw_signerIdentifier_certificate(
                                        mw_etsiTs103097Certificate(
                                            -,
                                            mw_toBeSignedCertificate_at(
                                                { mw_appPermissions(c_its_aid_CAM) }
                                            )
                                        )
                                    )
                                )
                            ), 
                            mw_geoNwShbPacket
                ))) -> value v_response {
                  tc_ac.stop;
                  
                  log("*** " & testcasename() & ": INFO: Receieve initial certificate");
                  // Extract the initial certificate
                  // TODO v_initial_certificate := 
                  f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                }
                [] geoNetworkingPort.receive(
                    mw_geoNwInd(
                        mw_geoNwSecPdu(
                            mw_etsiTs103097Data_signed
                ))) {
                    log("*** " & testcasename() & ": DEBUG: Still waiting for certificate");
                    repeat;
                }
                [] tc_ac.timeout {
                    log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
                } 
            } // End of 'alt' statement
            
            // Test Body
            tc_ac.start;
            alt {
              [] geoNetworkingPort.receive(
                  mw_geoNwInd(
                      mw_geoNwSecPdu(
                          mw_etsiTs103097Data_signed(
                              mw_signedData(
                                  -, 
                                  mw_toBeSignedData(
                                      mw_signedDataPayload,
                                      mw_headerInfo_cam
                                  ),
                                  mw_signerIdentifier_certificate(
                                      v_initial_certificate
                                  )
                              )
                          ), 
                          mw_geoNwShbPacket
                ))) {
                    log("*** " & testcasename() & ": INFO: IUT still using initial certificate ***");
                    repeat;
                }
                [] geoNetworkingPort.receive(
                    mw_geoNwInd(
                        mw_geoNwSecPdu(
                            mw_etsiTs103097Data_signed(
                                mw_signedData(
                                    -, 
                                    mw_toBeSignedData(
                                        mw_signedDataPayload,
                                        mw_headerInfo_gn
                                    ),
                                    mw_signerIdentifier_certificate
                                )
                            )
                ))) {
                  tc_ac.stop;
                  log("*** " & testcasename() & ": PASS: IUT uses new certificate ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
                [] geoNetworkingPort.receive(
                    mw_geoNwInd(
                        mw_geoNwSecPdu(
                            mw_etsiTs103097Data_signed
                ))) {
                    log("*** " & testcasename() & ": INFO: Unexpected message received, continue ***");
                    repeat;
                }
                [] tc_ac.timeout {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                }
            } // End of 'alt' statement
            
            // Postamble
            f_acTriggerEvent(m_stopPassBeaconing);
            f_poNeighbour();
            f_cf01Down();
        } // End of testcase f_TC_SEC_PKI_ITSS_ENR_BV_01_itss
        
        function f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(in charstring p_certificate_id) runs on ItsPki /*system ItsPkiItssSystem*/ { 
          
        } // End of testcase f_TC_SEC_PKI_ITSS_ENR_BV_01_pki
        
      } // End of f_TC_SEC_PKI_ITSS_ENR_BV_01
      
    } // End of group itss_manufacturing
    
    
  } // End of group itss_behavior
  
  group ea_behavior {
    
    /**
     * @desc The EnrolmentResponse message shall be sent by the EA to the 
     *       ITS-S across the interface at reference point S3 in response 
     *       to a received EnrolmentRequest message.
     * <pre>
     * Pics Selection: 
     * Initial conditions: 
     *     with {
     *         the IUT being in the "operational state"
     *     }
     * Expected behaviour:
     *     ensure that {
     *         when {
     *             the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3
     *         }
     *         then {
     *             the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3
     *         }
     *     }
     * </pre>
     * 
     * @see       ETSI TS ITS-00546v006 TP 20
     * @reference ETSI TS 102 941, clause 6.2.3.2.2
     */
    testcase TC_SEC_PKI_SND_EA_BV_01() runs on ItsPki system ItsPkiSystem {
      // Local variables
      var Oct32 v_private_key;
      var Oct32 v_publicKeyX;
      var Oct32 v_publicKeyY;
      var Oct32 v_publicKeyCompressed;
      var integer v_compressedMode;
      var InnerEcRequest v_inner_ec_request;
    
      // Test control
    
      // Test component configuration
      LibItsPki_Functions.f_cfUp();
    
      // Test adapter configuration
    
      // Preamble
      // Generate InnerEcRequest
      if (f_generate_inner_ec_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) {
        log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***")
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
        stop;
      }
      f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
    
      // Test Body
      pkiPort.send(v_inner_ec_request);
      tc_ac.start;
      alt {
        [] pkiPort.receive(
                           mw_innerEcResponse_ok
                                               ) {
          tc_ac.stop;
          log("*** " & testcasename() & ": PASS: InnerEcReponse received ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
        }
        [] pkiPort.receive { // FIXME Use altstep
          tc_ac.stop;
          log("*** " & testcasename() & ": FAIL: HTTP error ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
        }
        [] tc_ac.timeout {
          log("*** " & testcasename() & ": INCONC: Expected message not received ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
        }
      } // End of 'alt' statement
    
      // Postamble
      LibItsPki_Functions.f_cfDown();
    
    } // End of testcase TC_SEC_PKI_SND_EA_BV_01

    /**
     * @desc If the enrolment request of the IUT is an initial enrolment request, the itsId 
     *       (contained in the InnerECRequest) shall be set to the canonical identifier, the 
     *       signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and 
     *       the outer signature shall be computed using the canonical private key.
     * <pre>
     * Pics Selection: 
     * Initial conditions: 
     *     with {
     *         the IUT being in the "operational state"
     *     }
     * Expected behaviour:
     *     ensure that {
     *         when {
     *             the IUT is requested to send an EnrolmentRequestMessage
     *         }
     *         then {
     *             the IUT sends an EtsiTs103097Data-Encrypted
     *                 containing an encrypted EtsiTs103097Data-Signed
     *                     containing EtsiTs103097Data
     *                          containing InnerECRequestSignedForPOP
     *                             containing InnerEcRequest
     *                                 containing itsId
     *                                     indicating the canonical identifier of the ITS-S 
     *                 and containing signer
     *                     declared as self
     *                 and containing signature 
     *                     computed using the canonical private key
     *         }
     *     }
     * </pre>
     * 
     * @see       ETSI TS ITS-00546v006 TP 20
     * @reference ETSI TS 102 941, clause 6.2.3.2.2
     */
    testcase TC_SEC_PKI_SND_EA_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
      // Local variables
      var Oct32 v_private_key;
      var Oct32 v_publicKeyX;
      var Oct32 v_publicKeyY;
      var Oct32 v_publicKeyCompressed;
      var integer v_compressedMode;
      var InnerEcRequest v_inner_ec_request;
      var Ieee1609Dot2Data v_inner_ec_request_signed_for_pop;
      var bitstring v_inner_ec_request_signed_for_pop_msg;
      var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
      var HeaderLines v_headers;
      
      // Test control
      
      // Test component configuration
      f_cfHttpUp(); // Default value: CERT_TS_A_EA
      
      // Test adapter configuration
      
      // Preamble
      // Generate InnerEcRequest
      // TODO f_build_enrolment_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data);
      if (f_generate_inner_ec_request(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) {
        log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequestPoP message ***")
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
        stop;
      }
      // Generate InnerEcRequestSignedForPoP
      if (f_generate_inner_ec_request_signed_for_pop(v_private_key, v_inner_ec_request, v_inner_ec_request_signed_for_pop) == false) {
        log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequestPoP message ***")
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
        stop;
      }
      // Secure InnerEcRequestSignedForPoP message
      v_inner_ec_request_signed_for_pop_msg := encvalue(m_etsiTs102941Data_inner_ec_request_signed_for_pop(v_inner_ec_request_signed_for_pop));
      if (f_build_pki_secured_message(vc_eaPrivateKey, valueof(m_signerIdentifier_self), vc_eaHashedId8, v_publicKeyCompressed, v_compressedMode, bit2oct(v_inner_ec_request_signed_for_pop_msg), v_ieee1609dot2_signed_and_encrypted_data) == false) {
        log("*** " & testcasename() & ": FAIL: Failed to seucure InnerEcRequestPoP message ***")
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
        stop;
      }
      log("v_ieee1609dot2_signed_and_encrypted_data = ", v_ieee1609dot2_signed_and_encrypted_data);
      f_init_default_headers_list(v_headers);
      f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
      
      // Test Body
      httpPort.send(
                    m_http_request(
                                   m_http_request_get(
                                                      "/its/inner_ec_request",
                                                      v_headers,
                                                      m_http_message_body_binary(
                                                                                 m_binary_body_ieee1609dot2_data(
                                                                                                                 v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                 )))));
      tc_ac.start;
      alt {
        [] httpPort.receive(
                            mw_http_response(
                                             mw_http_response_ok(
                                                                 mw_http_message_body_binary(
                                                                                             mw_binary_body_ieee1609dot2_data(
                                                                                                                              mw_etsiTs103097Data_encrypted(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) {
          tc_ac.stop;
          log("*** " & testcasename() & ": PASS: InnerEcReponse received ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
        }
        [] httpPort.receive( // FIXME Use altstep
                            mw_http_response(
                                             mw_http_response_ko
                                             )) {
          tc_ac.stop;
          log("*** " & testcasename() & ": FAIL: HTTP error ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
        }
        [] httpPort.receive(mw_http_response) { // FIXME Use altstep
          tc_ac.stop;
          log("*** " & testcasename() & ": FAIL: Unexpected response received ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
        }
        [] tc_ac.timeout {
          log("*** " & testcasename() & ": INCONC: Expected message not received ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
        }
      } // End of 'alt' statement
    
      // Postamble
      f_cfHttpDown();
    
    } // End of testcase TC_SEC_PKI_SND_EA_BV_02

  } // End of group ea_behavior

  group aa_behavior {

  } // End of group aa_beavior
  
} // End of module ItsPki_TestCases