Skip to content
ItsPki_TestCases.ttcn 114 KiB
Newer Older
garciay's avatar
garciay committed
/**
 *  @author   ETSI / STF545
 *  @version  $URL$
 *            $Id$
 *  @desc     Testcases  file for Security Protocol
 *  @reference   ETSI TS ITS-00546v006
 *  @copyright   ETSI Copyright Notification
 *               No part may be reproduced except as authorized by written permission.
 *               The copyright and the foregoing restriction extend to reproduction in all media.
 *               All rights reserved.
 */
module ItsPki_TestCases {
Yann Garcia's avatar
Yann Garcia committed
  
garciay's avatar
garciay committed
  // Libcommon
  import from LibCommon_Time all;
  import from LibCommon_VerdictControl all;
  import from LibCommon_Sync all;
  import from LibCommon_BasicTypesAndValues all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibCommon_DataStrings all;
garciay's avatar
garciay committed
    
  // LibIts
  import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
  import from IEEE1609dot2 language "ASN.1:1997" all;
  import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
  import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
  import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
garciay's avatar
garciay committed
  import from EtsiTs103097Module language "ASN.1:1997" all;
  import from ITS_Container language "ASN.1:1997" all;
  import from CAM_PDU_Descriptions language "ASN.1:1997" all;
Yann Garcia's avatar
Yann Garcia committed
  
garciay's avatar
garciay committed
  // LibItsCommon
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsCommon_TypesAndValues all;
garciay's avatar
garciay committed
  import from LibItsCommon_Functions all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsCommon_TypesAndValues all;
garciay's avatar
garciay committed
  import from LibItsCommon_ASN1_NamedNumbers all;
Yann Garcia's avatar
Yann Garcia committed
  
  // LibItsGeoNetworking
  import from LibItsGeoNetworking_TypesAndValues all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsGeoNetworking_Functions all;
  import from LibItsGeoNetworking_Templates all;
  import from LibItsGeoNetworking_Pics all;
  import from LibItsGeoNetworking_TestSystem all;
Yann Garcia's avatar
Yann Garcia committed
  
garciay's avatar
garciay committed
  // LibItsSecurity
  import from LibItsSecurity_TypesAndValues all;
  import from LibItsSecurity_TestSystem all;
  import from LibItsSecurity_Templates all;
  import from LibItsSecurity_Functions all;
  import from LibItsSecurity_Pixits all;
  import from LibItsSecurity_Pics all;
Yann Garcia's avatar
Yann Garcia committed
  
garciay's avatar
garciay committed
  // LibItsHttp
  import from LibItsHttp_TypesAndValues all;
  import from LibItsHttp_Templates all;
  import from LibItsHttp_BinaryTemplates all;
  import from LibItsHttp_Functions all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsHttp_TestSystem all;
garciay's avatar
garciay committed
  // LibItsPki
  import from LibItsPki_Templates all;
Yann Garcia's avatar
Yann Garcia committed
  import from LibItsPki_Functions all;
garciay's avatar
garciay committed
  import from LibItsPki_TestSystem all;
  import from LibItsPki_Pics all;
  
garciay's avatar
garciay committed
  // AtsPki
  import from ItsPki_Functions all;

  /**
   * @desc 5.2	ITS-S behaviour
   */
  group itss_behavior {

    group itss_manufacturing {
Yann Garcia's avatar
Yann Garcia committed
      
garciay's avatar
garciay committed
      /**
       * @desc Check that IUT sends an enrolment request when triggered.
       * <pre>
       * Pics Selection: 
       * Initial conditions: 
       *     with {
       *         the IUT being in the "initial state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Enrolment Certificate (EC)
       *         }
       *         then {
       *             the IUT sends to EA an EnrolmentRequestMessage
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 2
       * @reference ETSI TS 102 941 [2], clause 6.1.3
       */
      testcase TC_SEC_PKI_ITSS_ENR_BV_01() runs on ItsMtc /*system ItsPkiItssSystem*/ {
garciay's avatar
garciay committed
        // Local variables
        var Oct32      v_private_key;
        var Oct32      v_publicKeyX;
        var Oct32      v_publicKeyY;
        var Oct32      v_publicKeyCompressed;
        var integer    v_compressedMode;
Yann Garcia's avatar
Yann Garcia committed
        var ItsPkiItss v_itss;
        var ItsPki     v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
garciay's avatar
garciay committed
        // Test component configuration
        if (f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode) == false) {
          log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***")
          setverdict(inconc);
          stop;
        }
        v_itss.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(cc_taCert_A, v_private_key, v_publicKeyCompressed, v_compressedMode));
        v_ea.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(cc_taCert_A, v_private_key, v_publicKeyCompressed, v_compressedMode));
Yann Garcia's avatar
Yann Garcia committed
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone});
garciay's avatar
garciay committed
        
Yann Garcia's avatar
Yann Garcia committed
        // Cleanup
garciay's avatar
garciay committed
        
      } // End of testcase TC_SEC_PKI_ITSS_ENR_BV_01
      
Yann Garcia's avatar
Yann Garcia committed
      group f_TC_SEC_PKI_ITSS_ENR_BV_01 {
        
        function f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(
garciay's avatar
garciay committed
                                                  in charstring p_certificate_id,
                                                  in octetstring p_private_key,
                                                  in octetstring p_publicKeyCompressed,
                                                  in integer p_compressedMode
                                                  ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
garciay's avatar
garciay committed
          // Local variables
garciay's avatar
garciay committed
          // Test component configuration
          f_cfUp_itss();
garciay's avatar
garciay committed
          // Test adapter configuration
garciay's avatar
garciay committed
          // Preamble
          f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressedMode);
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
garciay committed
          // Test Body
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          
garciay's avatar
garciay committed
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SEC_PKI_ITSS_ENR_BV_01_itss
        function f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(
                                                 in charstring p_certificate_id,
                                                 in octetstring p_private_key,
                                                 in octetstring p_publicKeyCompressed,
                                                 in integer p_compressedMode
                                                 ) runs on ItsPki /*system ItsPkiSystem*/ {
          // Local variables
          
          // Test component configuration
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
          
          // Test Body
Yann Garcia's avatar
Yann Garcia committed
            [PICS_SEC_NIST_P256 and p_compressedMode == 0] pkiPort.receive(
                                                                           mw_innerEcRequest(
                                                                                             PICS_ITS_S_CANONICAL_ID,
                                                                                             mw_publicKeys(
                                                                                                           mw_publicVerificationKey_ecdsaNistP256(
                                                                                                                                                  mw_eccP256CurvePoint_compressed_y_0(
                                                                                                                                                                                      p_publicKeyCompressed
                                                                                                                                                                                      )
                                                                                                                                                 ),
                                                                                                           omit
                                                                                                           )
                                                                                             )
                                                                           ) {
              log("*** " & testcasename() & ": INFO: InnerEcRequest received ***");
              // TODO Send InnerEcResponse;
              log("*** " & testcasename() & ": PASS: Message triggered ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
            }
            [PICS_SEC_NIST_P256 and p_compressedMode == 1] pkiPort.receive(
                                                                           mw_innerEcRequest(
                                                                                             PICS_ITS_S_CANONICAL_ID,
                                                                                             mw_publicKeys(
                                                                                                           mw_publicVerificationKey_ecdsaNistP256(
                                                                                                                                                  mw_eccP256CurvePoint_compressed_y_1(
                                                                                                                                                                                      p_publicKeyCompressed
                                                                                                                                                                                      )
                                                                                                                                                 ),
                                                                                                           omit
                                                                                                           )
                                                                                             )
                                                                           ) {
              log("*** " & testcasename() & ": INFO: InnerEcRequest received ***");
              // TODO Send InnerEcResponse;
              log("*** " & testcasename() & ": PASS: Message triggered ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Postamble
          LibItsPki_Functions.f_cfDown();
        } // End of function f_TC_SEC_PKI_ITSS_ENR_BV_01_pki
      } // End of group f_TC_SEC_PKI_ITSS_ENR_BV_01
garciay's avatar
garciay committed
      /**
       * @desc If the enrolment request of the IUT is an initial enrolment request, the itsId 
       *       (contained in the InnerECRequest) shall be set to the canonical identifier, the 
       *       signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and 
       *       the outer signature shall be computed using the canonical private key.
       * <pre>
       * Pics Selection: 
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is requested to send an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted
       *                 containing an encrypted EtsiTs103097Data-Signed
       *                     containing EtsiTs103097Data
       *                          containing InnerECRequestSignedForPOP
       *                             containing InnerEcRequest
       *                                 containing itsId
       *                                     indicating the canonical identifier of the ITS-S 
       *                 and containing signer
       *                     declared as self
       *                 and containing signature 
       *                     computed using the canonical private key
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 3
       * @reference ETSI TS 102 941, clause 6.1.3
       */
      testcase TC_SEC_PKI_ITSS_ENR_BV_02() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var Oct32      v_private_key;
        var Oct32      v_publicKeyX;
        var Oct32      v_publicKeyY;
        var Oct32      v_publicKeyCompressed;
        var integer    v_compressedMode;
        var ItsPkiItss v_itss;
        var ItsPkiHttp v_ea;
garciay's avatar
garciay committed
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        if (f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode) == false) {
          log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***")
          setverdict(inconc);
          stop;
        }
        v_itss.start(f_TC_SEC_PKI_ITSS_ENR_BV_02_itss(cc_taCert_A, v_private_key, v_publicKeyCompressed, v_compressedMode));
        v_ea.start(f_TC_SEC_PKI_ITSS_ENR_BV_02_pki(cc_taCert_A, v_private_key, v_publicKeyCompressed, v_compressedMode));
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone});
        
        // Cleanup
        
      } // End of TC_SEC_PKI_ITSS_ENR_BV_02
      
      group f_TC_SEC_PKI_ITSS_ENR_BV_02 {
        
        function f_TC_SEC_PKI_ITSS_ENR_BV_02_itss(
                                                  in charstring p_certificate_id,
                                                  in octetstring p_private_key,
                                                  in octetstring p_publicKeyCompressed,
                                                  in integer p_compressedMode
                                                  ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
          // Local variables
          
          // Test component configuration
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          f_sendUtTriggerPrimitive(PICS_ITS_S_CANONICAL_ID, '00'O, p_private_key, p_publicKeyCompressed, p_compressedMode);
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
          
          // Test Body
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          
          // Postamble
          f_cfDown_itss();
        } // End of function f_TC_SEC_PKI_ITSS_ENR_BV_02_itss
        
        function f_TC_SEC_PKI_ITSS_ENR_BV_02_pki(
                                                 in charstring p_certificate_id,
                                                 in octetstring p_private_key,
                                                 in octetstring p_publicKeyCompressed,
                                                 in integer p_compressedMode
Yann Garcia's avatar
Yann Garcia committed
                                                 ) runs on ItsPkiHttp system ItsPkiHttpSystem {
          // Local variable
          var HttpMessage v_response;
          var EtsiTs102941Data v_etsi_ts_102941_data;
          var InnerEcRequest v_inner_ec_request;
          
          // Test component configuration
          f_cfHttpUp();
          
          // Test adapter configuration
          
          // Preamble
          f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
          
          // Test Body
          tc_ac.start;
          alt {
            [] httpPort.receive(
                                mw_http_response(
                                                 mw_http_response_ok(
                                                                     mw_http_message_body_binary(
                                                                                                 mw_binary_body_ieee1609dot2_data(
                                                                                                                                  mw_enrolmentRequestMessage(
                                                                                                                                                             mw_encryptedData(
                                                                                                                                                                              -,
                                                                                                                                                                              mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                              ))))))) -> value v_response {
              tc_ac.stop;
              
              if (f_verify_pki_message(vc_eaPrivateEncKey, int2oct(0, 32), vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
                log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              } else {
                log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
                log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
                if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData)))) {
                  // TODO Verify signature of mw_innerEcRequestSignedForPop
                  log("*** " & testcasename() & ": PASS: InnerEcRequestSignedForPop received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              }
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Postamble
          f_cfHttpDown();
        } // End of function f_TC_SEC_PKI_ITSS_ENR_BV_02_pki
      } // End of f_TC_SEC_PKI_ITSS_ENR_BV_02
      
      /**
       * @desc Check that IUT sends an enrolment request when triggered.
       * <pre>
       * Pics Selection: 
       * Initial conditions: 
       *     with {
       *         the IUT being in the "initial state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Enrolment Certificate (EC)
       *         }
       *         then {
       *             the IUT sends to EA an EnrolmentRequestMessage
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 2
       * @reference ETSI TS 102 941 [2], clause 6.1.3
       */
      testcase TEST() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var Oct32      v_private_key;
        var Oct32      v_publicKeyX;
        var Oct32      v_publicKeyY;
        var Oct32      v_publicKeyCompressed;
        var integer    v_compressedMode;
        var ItsPkiItss v_itss;
        var ItsPki     v_ea;
        
        // Test control
        if (not PICS_IUT_ITS_S_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        
        if (f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode) == false) {
          log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***")
          setverdict(inconc);
          stop;
        }
        v_itss.start(f_TEST_itss(cc_taCert_A, v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode));
        v_ea.start(f_TEST_pki(cc_taCert_A, v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode));
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone});
        
        // Cleanup
        
      } // End of testcase TEST
      
      group f_TEST {
        
        function f_TEST_itss(
                                                  in charstring p_certificate_id,
                                                  in octetstring p_private_key,
                                                  in octetstring p_publicKeyX,
                                                  in octetstring p_publicKeyY,
                                                  in octetstring p_publicKeyCompressed,
                                                  in integer p_compressedMode
                                                  ) runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
          
          // Local variables
          var GeoNetworkingInd        v_geoNwInd;
          var EtsiTs103097Certificate v_initial_certificate;
          
          // Test component configuration
          f_cfUp_itss();
          
          // Test adapter configuration
          
          // Preamble
          tc_ac.start; // Wait for current certificate
          alt {
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed(
                                                                                               mw_signedData(
                                                                                                             -, 
                                                                                                             mw_toBeSignedData(
                                                                                                                               mw_signedDataPayload,
                                                                                                                               mw_headerInfo_cam
                                                                                                                               ),
                                                                                                             mw_signerIdentifier_certificate(
                                                                                                                                             mw_etsiTs103097Certificate(
                                                                                                                                                                        -,
                                                                                                                                                                        mw_toBeSignedCertificate_at(
                                                                                                                                                                                                    { mw_appPermissions(c_its_aid_CAM) }
                                                                                                                                                                                                    )
                                                                                                                                                                        )
                                                                                                                                             )
                                                                                                             )
                                                                                               ), 
                                                                    mw_geoNwShbPacket
                                                                    ))) -> value v_geoNwInd {
              tc_ac.stop;
              
              log("*** " & testcasename() & ": INFO: Receieve initial certificate");
              // Extract the initial certificate
              v_initial_certificate := v_geoNwInd.msgIn.gnPacket.securedMsg.content.signedData.signer.certificate[0];
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              log("*** " & testcasename() & ": DEBUG: Still waiting for certificate");
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected CA message not received ***");
              f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          tc_ac.start;
          alt {
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed(
                                                                                               mw_signedData(
                                                                                                             -,
                                                                                                             mw_toBeSignedData(
                                                                                                                               mw_signedDataPayload,
                                                                                                                               mw_headerInfo_cam
                                                                                                                               ),
                                                                                                             mw_signerIdentifier_certificate(
                                                                                                                                             v_initial_certificate
                                                                                                                                             )
                                                                                                             )
                                                                                               ),
                                                                    mw_geoNwShbPacket
                                                                    ))) {
              log("*** " & testcasename() & ": INFO: IUT still using initial certificate ***");
              repeat;
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed(
                                                                                               mw_signedData(
                                                                                                             -,
                                                                                                             mw_toBeSignedData(
                                                                                                                               mw_signedDataPayload,
                                                                                                                               mw_headerInfo_gn
                                                                                                                               ),
                                                                                                             mw_signerIdentifier_certificate
                                                                                                             )
                                                                                               )
                                                                    ))) -> value v_geoNwInd {
              tc_ac.stop;
              log("*** " & testcasename() & ": PASS: IUT uses new certificate ***");
              // TODO Check that is the expected one
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
            }
            [] geoNetworkingPort.receive(
                                         mw_geoNwInd(
                                                     mw_geoNwSecPdu(
                                                                    mw_etsiTs103097Data_signed
                                                                    ))) {
              log("*** " & testcasename() & ": INFO: Unexpected message received, continue ***");
              repeat;
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
            }
          } // End of 'alt' statement
            
          // Postamble
          f_cfDown_itss();
        } // End of function f_TEST_itss
        
        function f_TEST_pki(
                                                 in charstring p_certificate_id,
                                                 in octetstring p_private_key,
                                                 in octetstring p_publicKeyX,
                                                 in octetstring p_publicKeyY,
                                                 in octetstring p_publicKeyCompressed,
                                                 in integer p_compressedMode
                                                 ) runs on ItsPki /*system ItsPkiSystem*/ {
          // Local variables
          
          // Test component configuration
          LibItsPki_Functions.f_cfUp();
          
          // Test adapter configuration
          
          // Preamble
          tc_ac.start;
          alt {
            [] pkiPort.receive(
                               mw_innerEcRequest
                               ) {
              log("*** " & testcasename() & ": INFO: InnerEcRequest received ***");
              repeat;
            }
            [] pkiPort.receive(
                               mw_innerEcResponse_ok
                               ) {
              tc_ac.stop;
              log("*** " & testcasename() & ": INFO: InnerEcResponse received ***");
              f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            }
            [] tc_ac.timeout {
              log("*** " & testcasename() & ": INCONC: Expected message not received ***");
              f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_timeout);
            }
          } // End of 'alt' statement
          
          // Test Body
          log("*** " & testcasename() & ": PASS: Message triggered ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          
          // Postamble
          LibItsPki_Functions.f_cfDown();
        } // End of function f_TEST_pki
        
      } // End of f_TEST
garciay's avatar
garciay committed
    } // End of group itss_manufacturing
    
  } // End of group itss_behavior
garciay's avatar
garciay committed
  group ea_behavior {
garciay's avatar
garciay committed

    group enrolment_request_handling {
garciay's avatar
garciay committed
      /**
       * @desc The EnrolmentResponse message shall be sent by the EA to the 
       *       ITS-S across the interface at reference point S3 in response 
       *       to a received EnrolmentRequest message.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
garciay's avatar
garciay committed
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 20
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_01() runs on ItsPki system ItsPkiSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var InnerEcRequest v_inner_ec_request;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
Yann Garcia's avatar
Yann Garcia committed
        }
garciay's avatar
garciay committed
        
        // Test component configuration
Yann Garcia's avatar
Yann Garcia committed
        LibItsPki_Functions.f_cfUp(PICS_TS_CERTIFICATE_ID, PICS_IUT_EA_CERTIFICATE_ID);
garciay's avatar
garciay committed
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        if (f_generate_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_inner_ec_request) == false) {
garciay's avatar
garciay committed
          log("*** " & testcasename() & ": FAIL: Failed to setup InnerEcRequest message ***")
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
          stop;
Yann Garcia's avatar
Yann Garcia committed
        }
Yann Garcia's avatar
Yann Garcia committed
        f_sendAcPkiPrimitive(PICS_TS_CERTIFICATE_ID, v_private_key, v_publicKeyCompressed, v_compressedMode);
garciay's avatar
garciay committed
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        pkiPort.send(v_inner_ec_request);
        tc_ac.start;
        alt {
          [] pkiPort.receive(
                             mw_innerEcResponse_ok
                             ) {
            tc_ac.stop;
            log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        LibItsPki_Functions.f_cfDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_01

    } // End of group enrolment_request_handling
garciay's avatar
garciay committed
    group enrolment_response {
      
      /**
       * @desc The EnrolmentResponse message shall be encrypted using an ETSI TS 103 097 approved 
       *       algorithm and the encryption shall be done with the same AES key as the one used 
       *       by the ITS-S requestor for the encryption of the EnrolmentRequest message
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
garciay's avatar
garciay committed
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *                 containing encKey
       *                     containing an encrypted AES key (SYMKEY)
       *         }
       *         then {
       *             the IUT answers with an EnrolmentResponseMessage
       *                 containing cipherTex
       *                     being encrypted
       *                         using SYMKEY
       *                         and using an ETSI TS 103 097 approved algorithm
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 22
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
garciay's avatar
garciay committed
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
garciay's avatar
garciay committed
        // Test component configuration
        f_cfHttpUp("CERT_EA"); // Default value: CERT_TS_A_EA, CERT_TS_A_EC, CERT_IUT_A_EA
garciay's avatar
garciay committed
        // Test adapter configuration
garciay's avatar
garciay committed
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
garciay's avatar
garciay committed
        f_init_default_headers_list(v_headers);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
garciay committed
        // Test Body
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                         PICS_HTTP_GET_URI,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
garciay's avatar
garciay committed
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_peerEaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
              }
garciay's avatar
garciay committed
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ko
                                               )) {
            tc_ac.stop;
            
            log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
          }
garciay's avatar
garciay committed
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
garciay's avatar
garciay committed
        // Postamble
        f_cfHttpDown();
garciay's avatar
garciay committed
      } // End of testcase TC_SEC_PKI_SND_EA_BV_02
garciay's avatar
garciay committed
      /**
       * @desc The outermost structure is an EtsiTs103097Data-Encrypted structure containing 
       *       the component recipients containing one instance of RecipientInfo of choice 
       *       pskRecipInfo, which contains the HashedId8 of the symmetric key used by the 
       *       ITS-S to encrypt the EnrolmentRequest message to which the response is built 
       *       and containing the component ciphertext, once decrypted, contains an 
       *       EtsiTs103097Data-Signed structure
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
garciay's avatar
garciay committed
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing recipients
       *                     containing one instance of RecipientInfo of choice pskRecipInfo
       *                         containing the HashedId8 of the symmetric key used to encrypt the EnrolmentRequestMessage
       *                 and containing cipherText
       *                     being an encrypted EtsiTs103097Data-Signed structure
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 24
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_03() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
garciay's avatar
garciay committed
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
garciay's avatar
garciay committed
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
garciay's avatar
garciay committed
        // Test adapter configuration
garciay's avatar
garciay committed
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
garciay's avatar
garciay committed
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                         PICS_HTTP_GET_URI,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
garciay's avatar
garciay committed
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
garciay committed
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_peerEaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
garciay's avatar
garciay committed
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: InnerEcResponse received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
garciay's avatar
garciay committed
              }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_03

      /**
       * @desc If the ITS-S has been able to decrypt the content, this expected EtsiTs103097Data-Signed structure shall 
       *       contain hashId, tbsData, signer and signature. The hashId shall indicate the hash algorithm to be used as 
       *       specified in ETSI TS 103 097, the signer shall be declared as a digest, containing the HashedId8 of the 
       *       EA certificate and the signature over tbsData shall be computed using the EA private key corresponding to 
       *       its publicVerificationKey found in the referenced EA certificate.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing hashId
       *                        indicating the hash algorithm to be used as specified in ETSI TS 103 097
       *                     and containing tbsData
       *                     and containing signer
       *                         declared as a digest
       *                             containing the HashedId8 of the EA certificate
       *                     and containing signature
       *                         computed over tbsData
       *                             using the EA private key
       *                                 corresponding to the publicVerificationKey found in the referenced EA certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 25
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_04() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
      
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                         PICS_HTTP_GET_URI,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
garciay's avatar
garciay committed
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
garciay's avatar
garciay committed
            tc_ac.stop;
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_peerEaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
                if (f_verify_ea_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, v_publicKeyCompressed, v_compressedMode)) {
                  log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Cannot verify EA certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
garciay's avatar
garciay committed
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_04
      
      /**
       * @desc Within the headerInfo of the tbsData, the psid shall be set to “secured certificate request” as assigned in 
       *       ETSI TS 102 965 and the generationTime shall be present.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing headerInfo
       *                             containing psid
       *                                 indicating AID_CERT_REQ
       *                             and containing generationTime
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 26
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_05() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
garciay's avatar
garciay committed
            tc_ac.stop;
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_peerEaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
                if (f_verify_ea_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, v_publicKeyCompressed, v_compressedMode)) {
                  log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Cannot verify EA certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
garciay's avatar
garciay committed
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_05
      
      /**
       * @desc Within the headerInfo of the tbsData, aside from psid and generationTime, 
       *       all other components of the component tbsData.headerInfo not used and absent.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing headerInfo
       *                             containing psid
       *                             and containing generationTime
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 27
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_06() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
      
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
                if (f_verify_ea_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, v_publicKeyCompressed, v_compressedMode)) {
                  log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Cannot verify EA certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_06
      
      /**
       * @desc The EtsiTS102941Data shall contain the version set to v1 (integer value set to 1) 
       *       and the content set to InnerECResponse.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing version
       *                                 indicating v1 (integer value set to 1)
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 28
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_07() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_07
      
      /**
       * @desc The InnerECResponse shall contain the requestHash, which is the left-most 16 octets of the SHA256 digest of the 
       *       EtsiTs103097Data - Signed structure received in the request and a responseCode indicating the result of the request.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing requestHash
       *                                 indicating the left-most 16 octets of the SHA256 digest of the EtsiTs103097Data-Signed structure received in the request
       *                             and containing responseCode
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 29
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_08() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_08
      
      /**
       * @desc If the responseCode is 0, the InnerECResponse shall also contain an (enrolment) certificate.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 containing an enrolment certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 30
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_09() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_09
      
      /**
       * @desc If the responseCode is 0, the InnerECResponse shall also contain an (enrolment) certificate.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 containing an enrolment certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 31
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_10() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_invalid_enrolment_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ko))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_10
      
    } // End of group enrolment_response

    group authorization_vaidation_response {
      
      /**
       * @desc The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface 
       *       at reference point S4 in response to a received AuthorizationValidationRequest message
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
garciay's avatar
garciay committed
       *             the IUT receives a AuthorizationValidationRequest  message
garciay's avatar
garciay committed
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP AuthValRes_1_EA
       * @reference ETSI TS 102 941, clause 6.2.3.4
       */
      testcase TC_SEC_PKI_SND_EA_BV_11() runs on ItsPki system ItsPkiSystem {
garciay's avatar
garciay committed
        var octetstring v_private_key;
        var octetstring v_publicKeyCompressed;
        var integer v_compressedMode;
        var AuthorizationValidationRequest v_authorization_validation_request;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
garciay's avatar
garciay committed
        LibItsPki_Functions.f_cfUp(
                                   PICS_TS_AA_CERTIFICATE_ID, // TS role is AA
                                   PICS_IUT_EA_CERTIFICATE_ID // Peer certificate, IUT
                                   );
        
        // Test adapter configuration
        
        // Preamble
garciay's avatar
garciay committed
        if (f_generate_authorization_validation_request(vc_eaCertificate, vc_eaHashedId8, v_private_key, v_publicKeyCompressed, v_compressedMode, v_authorization_validation_request) == false) {
          log("*** " & testcasename() & ": FAIL: Failed to setup AuthorisationValidationRequest message ***")
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
          stop;
        }
Yann Garcia's avatar
Yann Garcia committed
        f_sendAcPkiPrimitive(PICS_TS_AA_CERTIFICATE_ID, v_private_key, v_publicKeyCompressed, v_compressedMode);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        pkiPort.send(v_authorization_validation_request);
        tc_ac.start;
        alt {
          [] pkiPort.receive(
                             mw_authorizationValidationResponse_ok
                             ) {
            tc_ac.stop;
            log("*** " & testcasename() & ": PASS: AuthorizationValidationResponse received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        LibItsPki_Functions.f_cfDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_11
Yann Garcia's avatar
Yann Garcia committed
      
      /**
       * @desc The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface 
       *       at reference point S4 in response to a received AuthorizationValidationRequest message
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
Yann Garcia's avatar
Yann Garcia committed
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
garciay's avatar
garciay committed
       *             the IUT receives a AuthorizationValidationRequest  message
Yann Garcia's avatar
Yann Garcia committed
       *         }
       *         then {
garciay's avatar
garciay committed
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
Yann Garcia's avatar
Yann Garcia committed
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP AuthValRes_1_EA
       * @reference ETSI TS 102 941, clause 6.2.3.4
       */
      testcase TC_SEC_PKI_SND_EA_BV_12() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
Yann Garcia's avatar
Yann Garcia committed
        var HeaderLines v_headers;
        var HttpMessage v_response;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_authorization_validation_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationValidationResponseMessage(
                                                                                                                                                                         mw_encryptedData(
                                                                                                                                                                                          -,
                                                                                                                                                                                          mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                          ))))))) -> value v_response {
            tc_ac.stop;
            log("*** " & testcasename() & ": PASS: AuthorizationValidationResponse received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_12
      
    } // End of group authorization_vaidation_response
garciay's avatar
garciay committed
  } // End of group ea_behavior

  group aa_behavior {
garciay's avatar
garciay committed
    
    group authorization_request {
garciay's avatar
garciay committed
      /**
       * @desc Check that the AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
       *       Check that the AA is able to verify the inner signature
       *       Check that the AA is able to verify the request authenticity using the hmacKey verification
       *       Check that the AA sends the AuthorizationValidationRequest message to the correspondent EA
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *                    and containing cyphertext (ENC_DATA)
       *                        containing encrypted representation of the EtsiTs103097Data-Signed
       *                            containing content.signedData
       *                                containing hashId
       *                                    indicating valid hash algorythm
       *                and containing signer
       *                    containing self
       *                and containing tbsData (SIGNED_DATA)
       *                    containing payload
       *                        containing EtsiTs102941Data
       *                            containing content.authorizationRequest
       *                                containing publicKeys.verificationKey (V_KEY)
       *                                and containing hmacKey (HMAC)
       *                                and containing sharedAtRequest
       *                                    containing keyTag (KEY_TAG)
       *                                    and containing eaId (EA_ID)
       (                                        indicating HashedId8 of the known EA certificate
       *                and containing signature (SIGNATURE)
       *         }
       *         then {
       *            the IUT is able to decrypt the S_KEY
       *                using the private key
       *                    corresponding to the AA_ENC_PUB_KEY
       *            and the IUT is able to decrypt the cypthertext ENC_DATA
       *                using the S_KEY
       *            and the IUT is able to verify the signature SIGNATURE over the SIGNED_DATA
       *                using the V_KEY
       *            and the IUT is able to verify integrity of HMAC and KEY_TAG
       *            and the IUT sends the AuthorizationValidationRequest message to the EA
       *                identified by the EA_ID
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP BV
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SEC_PKI_SND_AA_BV_01() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var HashedId8 v_hash_inner_at_request;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(
                   PICS_TS_CERTIFICATE_ID, // TS role is ITS-S
                   PICS_IUT_AA_CERTIFICATE_ID // Peer certificate, IUT
                   );
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_at_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_at_request);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
garciay's avatar
garciay committed
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationResponseMessage(
                                                                                                                                                                mw_encryptedData(
                                                                                                                                                                                 -,
                                                                                                                                                                                 mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                 ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok))) { 
                // TODO Refined expected  mw_authorizationValidationResponse_ok
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_AA_BV_01
      
      /**
       * @desc Check that the AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
               Check that the AA is able to verify the request authenticity using the hmacKey verification
               Check that the AA sends the AuthorizationValidationRequest message to the correspondent EA
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *                    and containing cyphertext (ENC_DATA)
       *                        containing EtsiTs102941Data
       *                            containing content.authorizationRequest
       *                                containing hmacKey (HMAC)
       *                                and containing sharedAtRequest
       *                                    containing keyTag (KEY_TAG)
       *                                    and containing eaId (EA_ID)
       *                                        indicating HashedId8 of the known EA certificate
       *         }
       *         then {
       *            the IUT is able to decrypt the S_KEY
       *                using the private key
       *                    corresponding to the AA_ENC_PUB_KEY
       *            and the IUT is able to decrypt the cypthertext ENC_DATA
       *                using the S_KEY
       *            and the IUT is able to verify integrity of HMAC and KEY_TAG
       *            and the IUT sends the AuthorizationValidationRequest message to the EA
       *                identified by the EA_ID
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP BV
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SEC_PKI_SND_AA_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var HashedId8 v_hash_inner_at_request;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(
                   PICS_TS_CERTIFICATE_ID, // TS role is ITS-S
                   PICS_IUT_AA_CERTIFICATE_ID // Peer certificate, IUT
                   );
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_at_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_at_request);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                         PICS_HTTP_GET_URI,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationResponseMessage(
                                                                                                                                                                mw_encryptedData(
                                                                                                                                                                                 -,
                                                                                                                                                                                 mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                 ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok))) { 
                // TODO Refined expected  mw_authorizationValidationResponse_ok
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_AA_BV_02
      
garciay's avatar
garciay committed
    } // End of group authorization_request
    
garciay's avatar
garciay committed
  } // End of group aa_beavior
  
} // End of module ItsPki_TestCases