ItsPki_TestCases.ttcn 114 KB
Newer Older
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
                if (f_verify_ea_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, v_publicKeyCompressed, v_compressedMode)) {
                  log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Cannot verify EA certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
garciay's avatar
garciay committed
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_04
      
      /**
       * @desc Within the headerInfo of the tbsData, the psid shall be set to “secured certificate request” as assigned in 
       *       ETSI TS 102 965 and the generationTime shall be present.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing headerInfo
       *                             containing psid
       *                                 indicating AID_CERT_REQ
       *                             and containing generationTime
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 26
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_05() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
garciay's avatar
garciay committed
            tc_ac.stop;
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_peerEaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
                if (f_verify_ea_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, v_publicKeyCompressed, v_compressedMode)) {
                  log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Cannot verify EA certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
garciay's avatar
garciay committed
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_05
      
      /**
       * @desc Within the headerInfo of the tbsData, aside from psid and generationTime, 
       *       all other components of the component tbsData.headerInfo not used and absent.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing headerInfo
       *                             containing psid
       *                             and containing generationTime
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 27
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_06() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
      
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
                if (f_verify_ea_certificate(v_etsi_ts_102941_data.content.enrolmentResponse.certificate, v_publicKeyCompressed, v_compressedMode)) {
                  log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                } else {
                  log("*** " & testcasename() & ": FAIL: Cannot verify EA certificate signature ***");
                  f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_06
      
      /**
       * @desc The EtsiTS102941Data shall contain the version set to v1 (integer value set to 1) 
       *       and the content set to InnerECResponse.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing version
       *                                 indicating v1 (integer value set to 1)
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 28
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_07() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_07
      
      /**
       * @desc The InnerECResponse shall contain the requestHash, which is the left-most 16 octets of the SHA256 digest of the 
       *       EtsiTs103097Data - Signed structure received in the request and a responseCode indicating the result of the request.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing requestHash
       *                                 indicating the left-most 16 octets of the SHA256 digest of the EtsiTs103097Data-Signed structure received in the request
       *                             and containing responseCode
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 29
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_08() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_08
      
      /**
       * @desc If the responseCode is 0, the InnerECResponse shall also contain an (enrolment) certificate.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 containing an enrolment certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 30
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_09() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_inner_ec_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              log("*** " & testcasename() & ": DEBUG: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16)))), " ***"); // TODO In TITAN, this is the oly way to get the unmatching in log
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ok(substr(v_hash_inner_ec_request_signed_for_pop, 0, 16))))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_09
      
      /**
       * @desc If the responseCode is 0, the InnerECResponse shall also contain an (enrolment) certificate.
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT receives an EnrolmentRequestMessage
       *         }
       *         then {
       *             the IUT sends an EtsiTs103097Data-Encrypted structure
       *                 containing an encrypted EtsiTs103097Data-Signed structure
       *                     containing tbsData
       *                         containing EtsiTS102941Data
       *                             containing InnerECResponse
       *                                 containing an enrolment certificate
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 31
       * @reference ETSI TS 102 941, clause 6.2.3.2.2
       */
      testcase TC_SEC_PKI_SND_EA_BV_10() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var Oct32 v_hash_inner_ec_request_signed_for_pop;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
Yann Garcia's avatar
Yann Garcia committed
        f_http_build_invalid_enrolment_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_ec_request_signed_for_pop);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_enrolmentResponseMessage(
                                                                                                                                                            mw_encryptedData(
                                                                                                                                                                             -,
                                                                                                                                                                             mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                             ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              if (match(v_etsi_ts_102941_data.content, mw_enrolmentResponse(mw_innerEcResponse_ko))) {
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_10
      
    } // End of group enrolment_response

    group authorization_vaidation_response {
      
      /**
       * @desc The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface 
       *       at reference point S4 in response to a received AuthorizationValidationRequest message
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
garciay's avatar
garciay committed
       *             the IUT receives a AuthorizationValidationRequest  message
garciay's avatar
garciay committed
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP AuthValRes_1_EA
       * @reference ETSI TS 102 941, clause 6.2.3.4
       */
      testcase TC_SEC_PKI_SND_EA_BV_11() runs on ItsPki system ItsPkiSystem {
garciay's avatar
garciay committed
        var octetstring v_private_key;
        var octetstring v_publicKeyCompressed;
        var integer v_compressedMode;
        var AuthorizationValidationRequest v_authorization_validation_request;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
garciay's avatar
garciay committed
        LibItsPki_Functions.f_cfUp(
                                   PICS_TS_AA_CERTIFICATE_ID, // TS role is AA
                                   PICS_IUT_EA_CERTIFICATE_ID // Peer certificate, IUT
                                   );
        
        // Test adapter configuration
        
        // Preamble
garciay's avatar
garciay committed
        if (f_generate_authorization_validation_request(vc_eaCertificate, vc_eaHashedId8, v_private_key, v_publicKeyCompressed, v_compressedMode, v_authorization_validation_request) == false) {
          log("*** " & testcasename() & ": FAIL: Failed to setup AuthorisationValidationRequest message ***")
          f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
          stop;
        }
Yann Garcia's avatar
Yann Garcia committed
        f_sendAcPkiPrimitive(PICS_TS_AA_CERTIFICATE_ID, v_private_key, v_publicKeyCompressed, v_compressedMode);
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        pkiPort.send(v_authorization_validation_request);
        tc_ac.start;
        alt {
          [] pkiPort.receive(
                             mw_authorizationValidationResponse_ok
                             ) {
            tc_ac.stop;
            log("*** " & testcasename() & ": PASS: AuthorizationValidationResponse received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        LibItsPki_Functions.f_cfDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_11
Yann Garcia's avatar
Yann Garcia committed
      
      /**
       * @desc The AuthorizationValidationResponse message shall be sent by the EA to the AA across the interface 
       *       at reference point S4 in response to a received AuthorizationValidationRequest message
       * <pre>
garciay's avatar
garciay committed
       * Pics Selection: PICS_IUT_EA_ROLE
Yann Garcia's avatar
Yann Garcia committed
       * Initial conditions: 
       *     with {
       *         the IUT being in the "operational state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
garciay's avatar
garciay committed
       *             the IUT receives a AuthorizationValidationRequest  message
Yann Garcia's avatar
Yann Garcia committed
       *         }
       *         then {
garciay's avatar
garciay committed
       *             the IUT sends a AuthorizationValidationResponse message
       *                 across the reference point S4 to the AA
Yann Garcia's avatar
Yann Garcia committed
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP AuthValRes_1_EA
       * @reference ETSI TS 102 941, clause 6.2.3.4
       */
      testcase TC_SEC_PKI_SND_EA_BV_12() runs on ItsPkiHttp system ItsPkiHttpSystem {
        // Local variables
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
garciay's avatar
garciay committed
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
Yann Garcia's avatar
Yann Garcia committed
        var HeaderLines v_headers;
        var HttpMessage v_response;
        
        // Test control
        if (not PICS_IUT_EA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_EA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(); // Default value: CERT_TS_A_EA
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_authorization_validation_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
Yann Garcia's avatar
Yann Garcia committed
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationValidationResponseMessage(
                                                                                                                                                                         mw_encryptedData(
                                                                                                                                                                                          -,
                                                                                                                                                                                          mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                          ))))))) -> value v_response {
            tc_ac.stop;
            log("*** " & testcasename() & ": PASS: AuthorizationValidationResponse received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_EA_BV_12
      
    } // End of group authorization_vaidation_response
garciay's avatar
garciay committed
  } // End of group ea_behavior

  group aa_behavior {
garciay's avatar
garciay committed
    
    group authorization_request {
garciay's avatar
garciay committed
      /**
       * @desc Check that the AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
       *       Check that the AA is able to verify the inner signature
       *       Check that the AA is able to verify the request authenticity using the hmacKey verification
       *       Check that the AA sends the AuthorizationValidationRequest message to the correspondent EA
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *                    and containing cyphertext (ENC_DATA)
       *                        containing encrypted representation of the EtsiTs103097Data-Signed
       *                            containing content.signedData
       *                                containing hashId
       *                                    indicating valid hash algorythm
       *                and containing signer
       *                    containing self
       *                and containing tbsData (SIGNED_DATA)
       *                    containing payload
       *                        containing EtsiTs102941Data
       *                            containing content.authorizationRequest
       *                                containing publicKeys.verificationKey (V_KEY)
       *                                and containing hmacKey (HMAC)
       *                                and containing sharedAtRequest
       *                                    containing keyTag (KEY_TAG)
       *                                    and containing eaId (EA_ID)
       (                                        indicating HashedId8 of the known EA certificate
       *                and containing signature (SIGNATURE)
       *         }
       *         then {
       *            the IUT is able to decrypt the S_KEY
       *                using the private key
       *                    corresponding to the AA_ENC_PUB_KEY
       *            and the IUT is able to decrypt the cypthertext ENC_DATA
       *                using the S_KEY
       *            and the IUT is able to verify the signature SIGNATURE over the SIGNED_DATA
       *                using the V_KEY
       *            and the IUT is able to verify integrity of HMAC and KEY_TAG
       *            and the IUT sends the AuthorizationValidationRequest message to the EA
       *                identified by the EA_ID
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP BV
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SEC_PKI_SND_AA_BV_01() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var HashedId8 v_hash_inner_at_request;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(
                   PICS_TS_CERTIFICATE_ID, // TS role is ITS-S
                   PICS_IUT_AA_CERTIFICATE_ID // Peer certificate, IUT
                   );
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_at_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_at_request);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
garciay's avatar
garciay committed
                                                        PICS_HTTP_GET_URI,
                                                        v_headers,
                                                        m_http_message_body_binary(
                                                                                   m_binary_body_ieee1609dot2_data(
                                                                                                                   v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                   )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationResponseMessage(
                                                                                                                                                                mw_encryptedData(
                                                                                                                                                                                 -,
                                                                                                                                                                                 mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                 ))))))) -> value v_response {
            tc_ac.stop;
            
            if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok))) { 
                // TODO Refined expected  mw_authorizationValidationResponse_ok
garciay's avatar
garciay committed
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
            }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_AA_BV_01
      
      /**
       * @desc Check that the AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
               Check that the AA is able to verify the request authenticity using the hmacKey verification
               Check that the AA sends the AuthorizationValidationRequest message to the correspondent EA
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *                    and containing cyphertext (ENC_DATA)
       *                        containing EtsiTs102941Data
       *                            containing content.authorizationRequest
       *                                containing hmacKey (HMAC)
       *                                and containing sharedAtRequest
       *                                    containing keyTag (KEY_TAG)
       *                                    and containing eaId (EA_ID)
       *                                        indicating HashedId8 of the known EA certificate