Newer
Older
// * indicating 'certificate_chain'
// * and containing certificates
// * indicating length > 0
// * and containing certificates [n] (0..n)
// * containing validity_restrictions['region']
// * containing region_type
// * indicating 'polygon'
// * and containing polygonal_region
// * indicating length >=3 and <=12
// * and indicating continuous region without holes and intersections
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_05_02_BV
7015
7016
7017
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7030
7031
7032
7033
7034
7035
7036
7037
7038
7039
7040
7041
7042
7043
7044
7045
7046
7047
7048
7049
7050
7051
7052
7053
7054
7055
7056
7057
7058
7059
7060
7061
7062
7063
7064
7065
7066
7067
7068
7069
7070
7071
7072
7073
7074
7075
7076
7077
7078
7079
7080
7081
7082
7083
7084
7085
7086
7087
7088
7089
7090
7091
7092
7093
7094
7095
7096
7097
7098
7099
7100
7101
7102
7103
7104
7105
7106
7107
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
// * @reference ETSI TS 103 097 [1], clause 4.2.24
// */
// testcase TC_SEC_ITSS_SND_CERT_05_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// // Local declarations
// var SequenceOfCertificate v_chain;
// var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
// var boolean f_vr := false, f_vri := false;
//
// // Test control
// if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// vc_hashedId8ToBeUsed := cc_iutCert_D;
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// } else {
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// }
//
// // Test Body
// f_vr := false;
// tc_ac.stop;
// for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
// v_vri := v_vr;
// f_vri := f_vr;
// f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
// if (f_vr) {
// var PolygonalRegion v_pr;
// var integer v_length;
//
// if (v_vr.validity.region.region_type != e_polygon) {
// log("*** " & testcasename() & ": INCONC: Certificate validity restriction region is not polygonal ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// v_pr := v_vr.validity.region.region.polygonal_region;
// v_length := lengthof(v_pr);
//
// if (v_length < 3) {
// log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too small in cert " & int2str(v_counter) & " ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// if (v_length > 12) {
// log("*** " & testcasename() & ": FAIL: Count of points in polygonal region is too big in cert " & int2str(v_counter) & "***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// if (true != f_isValidPolygonalRegion(v_pr)) {
// log("*** " & testcasename() & ": FAIL: Polygonal region is not valid (self-intersected) in cert " & int2str(v_counter) & " ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// if (f_vri) {
// // current restrictions must be inside of the parent one
// if (true != f_isPolygonalRegionInside(v_vri.validity.region.region.polygonal_region, v_pr)) {
// log("*** " & testcasename() & ": FAIL: Certificate validity restriction region in cert " & int2str(v_counter) & " is not inside the issuing one ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// // FIXME Check holes
// }
// } else {
// // Region validity restriction is not exist
// if (f_vri) {
// log("*** " & testcasename() & ": FAIL: Certificate validity restriction region must be set in the certificate " & int2str(v_counter) &
// "because this restriction exists in the issuing certificate ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// }
// } // End of 'for' statement
// log("*** " & testcasename() & ": PASS: All certificates has a valid polygonal region restrictions ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
//
// } // End of testcase TC_SEC_ITSS_SND_CERT_05_02_BV
//
// /**
// * @desc Check that the identified certificate validity region contains values that correspond to numeric country codes
// * as defined in ISO 3166-1 or defined by United Nations Statistics Division
// * <pre>
// * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
7123
7124
7125
7126
7127
7128
7129
7130
7131
7132
7133
7134
7135
7136
7137
7138
7139
7140
7141
7142
7143
// * and containing certificate
// * containing validity_restrictions['region']
// * containing region
// * containing region_type
// * indicating 'id'
// * and containing id_region
// * containing region_dictionary
// * indicating 'iso_3166_1' (0)
// * and containing region_identifier
// * indicating valid value according to 'iso_3166_1'
// * and containing local_region
// * or containing region
// * containing id_region
// * containing region_dictionary
// * indicating 'un_stats'
// * and containing region_identifier
// * indicating valid value according to UN STATS
// * and containing local_region
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_06_01_BV
7145
7146
7147
7148
7149
7150
7151
7152
7153
7154
7155
7156
7157
7158
7159
7160
7161
7162
7163
7164
7165
7166
7167
7168
7169
7170
7171
7172
7173
7174
7175
7176
7177
7178
7179
7180
7181
7182
7183
7184
7185
7186
7187
7188
7189
7190
7191
7192
7193
7194
7195
7196
7197
7198
7199
7200
7201
7202
7203
7204
7205
7206
7207
7208
7209
7210
7211
7212
7213
7214
7215
7216
7217
7218
7219
7220
7221
7222
7223
7224
7225
7226
7227
7228
7229
7230
7231
7232
7233
7234
7235
7236
7237
7238
7239
7240
// * @reference ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1
// */
// testcase TC_SEC_ITSS_SND_CERT_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var Certificate v_cert;
// var ValidityRestriction v_vr;
// var integer v_counter;
//
// // Test control
// if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// vc_hashedId8ToBeUsed := cc_iutCert_E;
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test body
// tc_ac.start;
// if (not f_waitForCertificate(v_cert)) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
// if (v_vr.validity.region.region_type == e_id) {
// if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) {
// log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// } else if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) {
// log("*** " & testcasename() & ": FAIL: Identified region is not conformed to United Nations Statistics Division ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// }
// log("*** " & testcasename() & ": PASS: Certificate has a valid region ID restrictions ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// } else {
// log("*** " & testcasename() & ": FAIL: Certificate doesn't have any location restrictions ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
//
// } // End of testcase TC_SEC_ITSS_SND_CERT_06_01_BV
//
// /**
// * @desc Check that the identified certificate validity region contains values that correspond to numeric country codes
// * as defined in ISO 3166-1 or defined by United Nations Statistics Division
// * Check that the identified certificate validity region contains values defining the region which is inside
// * the validity region of the issuing certificate
// * @remark The case when signing certificate and issuing certificate contain different type of region validity restriction is not supported by this test
// * <pre>
// * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * and containing certificate
// * indicating length N > 1
// * and containing certificates[n] (0..N)
// * containing validity_restrictions['region']
// * containing region
// * containing region_type
// * indicating 'id'
// * and containing id_region
// * containing region_dictionary
// * indicating 'iso_3166_1' (0)
// * and containing region_identifier
// * indicating valid value according to 'iso_3166_1'
// * and containing local_region
// * or containing region
// * containing id_region
// * containing region_dictionary
// * indicating 'un_stats'
// * and containing region_identifier
// * indicating valid value according to UN STATS
// * and containing local_region
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_06_02_BV
7242
7243
7244
7245
7246
7247
7248
7249
7250
7251
7252
7253
7254
7255
7256
7257
7258
7259
7260
7261
7262
7263
7264
7265
7266
7267
7268
7269
7270
7271
7272
7273
7274
7275
7276
7277
7278
7279
7280
7281
7282
7283
7284
7285
7286
7287
7288
7289
7290
7291
7292
7293
7294
7295
7296
7297
7298
7299
7300
7301
7302
7303
7304
7305
7306
7307
7308
7309
7310
7311
7312
7313
7314
7315
7316
7317
7318
7319
7320
7321
7322
7323
7324
7325
7326
7327
7328
7329
7330
7331
7332
7333
7334
7335
7336
7337
7338
7339
7340
7341
7342
7343
7344
7345
7346
7347
7348
7349
7350
7351
7352
7353
7354
7355
7356
7357
7358
7359
7360
7361
7362
7363
7364
7365
7366
7367
7368
7369
7370
7371
7372
7373
7374
7375
7376
7377
7378
7379
// * @reference ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1
// */
// testcase TC_SEC_ITSS_SND_CERT_06_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
// var boolean f_vr := false, f_vri := false;
//
// // Test control
// if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// vc_hashedId8ToBeUsed := cc_iutCert_E;
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// } else {
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// }
//
// // Test Body
// f_vr := false;
// tc_ac.stop;
// for (var integer v_counter := 0; v_counter < lengthof(v_chain); v_counter := v_counter + 1) {
// v_vri := v_vr;
// f_vri := f_vr;
// f_vr := f_getCertificateValidityRestriction(v_chain[v_counter], e_region, v_vr);
//
// if (f_vr) {
// if (v_vr.validity.region.region_type == e_id) {
// if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_iso3166_any))) {
// log("*** " & testcasename() & ": FAIL: Identified region is not conformed to ISO 3166-1 ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// if (not match (v_vr.validity.region, mw_geographicRegion_identified(mw_identifiedRegion_un_stats_any))) {
// log("*** " & testcasename() & ": FAIL: Identified region is not conformed to United Nations Statistics Division ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// }
//
// if (f_vri) {
// // the region code must be the same
// if (v_vr.validity.region.region.id_region.region_identifier !=
// v_vri.validity.region.region.id_region.region_identifier) {
// log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// if ( v_vri.validity.region.region.id_region.local_region != 0
// and v_vri.validity.region.region.id_region.local_region != v_vr.validity.region.region.id_region.local_region ) {
// log("*** " & testcasename() & ": FAIL: Certificate validity restriction local identified region in cert " & int2str(v_counter) & " is not the same as in the issuing one ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// }
//
// } else {
// // Region validity restriction is not exist
// if (f_vri) {
// log("*** " & testcasename() & ": FAIL: Certificate validity restriction identified region must be set in the certificate " & int2str(v_counter) &
// "because this restriction exists in the issuing certificate ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// }
// }
// log("*** " & testcasename() & ": PASS: All certificates has a valid identified regionrestrictions ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_06_02_BV
//
// /**
// * @desc Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction
// * <pre>
// * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * and containing certificates
// * indicating length N > 1
// * and containing certificates[n] (0..N)
// * indicating certificate
// * not containing validity_restrictions['region']
// * and containing signer_info
// * containing digest
// * referenced to the certificate
// * not containing validity_restrictions['region']
// * or indicating certificate
// * containing validity_restrictions['region']
// * containing region.region_type
// * indicating 'none'
// * and containing signer_info
// * containing digest
// * referenced to the certificate
// * not containing validity_restrictions['region']
// * or containing validity_restrictions['region']
// * containing region.region_type
// * indicating 'none'
// * or indicating certificate
// * containing validity_restrictions['region']
// * containing region.region_type
// * indicated 'circle'
// * or indicated 'rectangle'
// * or indicated 'polygon'
// * or indicated 'id'
// * and containing region (X_CERT__REGION)
// * and containing signer_info
// * containing digest
// * referenced to the certificate
// * not containing validity_restrictions['region']
// * or containing validity_restrictions['region']
// * containing region.region_type
// * indicating 'none'
// * or containing validity_restrictions['region']
// * containing region
// * indicating region fully covering the X_CERT_REGION
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_07_01_BV
7381
7382
7383
7384
7385
7386
7387
7388
7389
7390
7391
7392
7393
7394
7395
7396
7397
7398
7399
7400
7401
7402
7403
7404
7405
7406
7407
7408
7409
7410
7411
7412
7413
7414
7415
7416
7417
7418
7419
7420
7421
7422
7423
7424
7425
7426
7427
7428
7429
7430
7431
7432
7433
7434
7435
7436
7437
7438
7439
7440
7441
7442
7443
7444
7445
7446
7447
7448
7449
7450
7451
7452
7453
7454
7455
7456
7457
7458
7459
7460
7461
7462
7463
7464
7465
7466
7467
7468
7469
7470
7471
7472
7473
7474
7475
7476
7477
7478
7479
7480
7481
7482
7483
7484
7485
7486
7487
7488
7489
7490
7491
7492
7493
7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
7504
7505
7506
7507
7508
7509
7510
7511
7512
7513
7514
7515
7516
7517
7518
7519
7520
7521
7522
7523
// * @reference ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1
// */
// testcase TC_SEC_ITSS_SND_CERT_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var Certificate v_cert, v_cert_issuer;
// var SignerInfo v_si;
// var UInt8 v_counter;
// var HashedId8 v_digest;
// var CertificatesCaching v_certificatesCaching;
// var FncRetCode v_result_status := e_success;
//
// // Test control
// if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
//// vc_hashedId8ToBeUsed := cc_iutCert_E;
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// } else {
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// }
//
// // Test Body
// // 1. Create a cache of certificates
// f_createCertificatesCaching(v_chain, v_certificatesCaching);
// // 2. Process the certificates
// v_counter := f_getCertificatesCachingItemSize(v_certificatesCaching) - 1;
// while (v_counter != 0) {
// // Get the first certificate
// if (f_getCertificatesCachingItem(v_certificatesCaching, v_counter, v_cert) == false) {
// v_result_status := e_error;
// break;
// }
// // Retrive SigneInfo field
// if (not f_getCertificateSignerInfo(v_cert, v_si)) {
// log("*** " & testcasename() & ": FAIL: Certificate " & int2str(v_counter) & " doesn't have a signer info ***");
// v_result_status := e_error;
// break;
// }
// if (v_si.type_ != e_certificate_digest_with_sha256) {
// log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
// v_result_status := e_error;
// break;
// }
// // Get issuer
// if (f_getCertificateFromCaching(v_certificatesCaching, v_si.signerInfo.digest, v_cert_issuer) == false) {
// log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
// v_result_status := e_error;
// break;
// }
// // Check that cert is signed by issuing cert
// v_digest := f_calculateDigestFromCertificate(v_cert_issuer);
// if (not match (v_si.signerInfo.digest, v_si.signerInfo.digest)) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
// v_result_status := e_error;
// break;
// }
// // Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction
// if (f_checkRegionValidityRestiction(v_cert, v_cert_issuer) == false) {
// v_result_status := e_error;
// break;
// }
//
// // Prepare next loop
// v_counter := v_counter - 1;
//
// } // End of 'while' statement
// if (v_result_status == e_success) {
// log("*** " & testcasename() & ": PASS: All certificates has a valid identified region restrictions ***");
// }
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, v_result_status);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_07_01_BV
//
// /**
// * @desc Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction
// * <pre>
// * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * and containing certificates
// * indicating length N > 1
// * and containing certificates[n] (0..N)
// * indicating certificate
// * containing validity_restrictions['region']
// * containing region.region_type
// * indicated 'id'
// * and containing id_region
// * containing region_dictionary
// * indicating 'iso_3166_1'
// * or indicating 'un_stat'
// * and containing region_identifier (X_CERT_REGION_ID)
// * indicating valid value according to 'iso_3166_1' or 'un_stat'
// * and containing local_region (X_CERT_LOCAL_REGION)
// * and containing signer_info
// * containing digest
// * referenced to the certificate
// * containing validity_restrictions['region']
// * containing region
// * indicated 'id'
// * and containing id_region
// * containing region_dictionary
// * indicating 'iso_3166_1'
// * or indicating 'un_stat'
// * and containing region_identifier
// * indicating value == X_CERT_REGION_ID
// * and containing local_region
// * indicating value == X_CERT_LOCAL_REGION
// * or indicating 0
// * or containing id_region
// * containing region_dictionary
// * indicating 'un_stats'
// * and containing region_identifier
// * indicating region fully covering the X_CERT_REGION
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_07_02_BV
7525
7526
7527
7528
7529
7530
7531
7532
7533
7534
7535
7536
7537
7538
7539
7540
7541
7542
7543
7544
7545
7546
7547
7548
7549
7550
7551
7552
7553
7554
7555
7556
7557
7558
7559
7560
7561
7562
7563
7564
7565
7566
7567
7568
7569
7570
7571
7572
7573
7574
7575
7576
7577
7578
7579
7580
7581
7582
7583
7584
7585
7586
7587
7588
7589
7590
7591
7592
7593
7594
7595
7596
7597
7598
7599
7600
7601
7602
7603
7604
7605
7606
7607
7608
7609
7610
7611
7612
7613
7614
7615
7616
7617
7618
7619
7620
7621
7622
7623
7624
7625
7626
7627
7628
7629
7630
7631
7632
7633
7634
7635
7636
7637
7638
7639
7640
7641
7642
7643
7644
7645
7646
7647
7648
7649
7650
7651
7652
7653
7654
7655
7656
// * @reference ETSI TS 103 097 [1], clause 4.2.26 and 7.4.1
// */
// testcase TC_SEC_ITSS_SND_CERT_07_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var Certificate v_cert, v_cert_issuer;
// var SignerInfo v_si;
// var UInt8 v_counter;
// var HashedId8 v_digest;
// var CertificatesCaching v_certificatesCaching;
// var FncRetCode v_result_status := e_success;
//
// // Test control
// if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
//// vc_hashedId8ToBeUsed := cc_iutCert_E;
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// } else {
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// }
//
// // Test Body
// // 1. Create a cache of certificates
// f_createCertificatesCaching(v_chain, v_certificatesCaching);
// // 2. Process the certificates
// v_counter := f_getCertificatesCachingItemSize(v_certificatesCaching) - 1;
// while (v_counter != 0) {
// // Get the first certificate
// if (f_getCertificatesCachingItem(v_certificatesCaching, v_counter, v_cert) == false) {
// v_result_status := e_error;
// break;
// }
// // Retrive SigneInfo field
// if (not f_getCertificateSignerInfo(v_cert, v_si)) {
// log("*** " & testcasename() & ": FAIL: Certificate " & int2str(v_counter) & " doesn't have a signer info ***");
// v_result_status := e_error;
// break;
// }
// if (v_si.type_ != e_certificate_digest_with_sha256) {
// log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
// v_result_status := e_error;
// break;
// }
// // Get issuer
// if (f_getCertificateFromCaching(v_certificatesCaching, v_si.signerInfo.digest, v_cert_issuer) == false) {
// log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
// v_result_status := e_error;
// break;
// }
// // Check that cert is signed by issuing cert
// v_digest := f_calculateDigestFromCertificate(v_cert_issuer);
// if (not match (v_si.signerInfo.digest, v_si.signerInfo.digest)) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
// v_result_status := e_error;
// break;
// }
// // Check that the region of the subordinate certificate validity restriction is inside the region of the issuing certificate validity restriction
// if (f_checkRegionValidityRestiction(v_cert, v_cert_issuer) == false) {
// v_result_status := e_error;
// break;
// }
//
// // Prepare next loop
// v_counter := v_counter - 1;
//
// } // End of 'while' statement
// if (v_result_status == e_success) {
// log("*** " & testcasename() & ": PASS: All certificates has a valid identified region restrictions ***");
// }
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, v_result_status);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_02_01_BV
//
// /**
// * @desc Check the certificate chain to ensure that the time validity restriction of the subordinate certificate is inside the time validity restriction of the issuing certificate
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates
// * containing certificates[last-1]
// * containing validity_restrictions
// * containing validity_restrictions['time_start_and_end']
// * containing start_validity
// * indicating START_AA_VALIDITY
// * containing end_validity
// * indicating END_AA_VALIDITY >= START_AA_VALIDITY
// * and containing signer_info
// * containing digest
// * referenced to the trusted certificate
// * containing validity_restrictions['time_end']
// * containing end_validity
// * indicating value > AA_END_VALIDITY
// * or containing validity_restrictions['time_start_and_end']
// * containing start_validity
// * indicating value <= AA_START_VALIDITY
// * and containing end_validity
// * indicating value > AA_END_VALIDITY
// * or containing validity_restrictions['time_start_and_duration']
// * containing start_validity
// * indicating X_START_VALIDITY <= AA_START_VALIDITY
// * and containing duration
// * indicating value > AA_END_VALIDITY - X_START_VALIDITY
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_08_01_BV
7658
7659
7660
7661
7662
7663
7664
7665
7666
7667
7668
7669
7670
7671
7672
7673
7674
7675
7676
7677
7678
7679
7680
7681
7682
7683
7684
7685
7686
7687
7688
7689
7690
7691
7692
7693
7694
7695
7696
7697
7698
7699
7700
7701
7702
7703
7704
7705
7706
7707
7708
7709
7710
7711
7712
7713
7714
7715
7716
7717
7718
7719
7720
7721
7722
7723
7724
7725
7726
7727
7728
7729
7730
7731
7732
7733
7734
7735
7736
7737
7738
7739
7740
7741
7742
7743
7744
7745
7746
7747
7748
7749
7750
7751
7752
7753
7754
7755
7756
7757
7758
7759
7760
7761
7762
7763
7764
7765
7766
7767
7768
7769
7770
7771
7772
7773
7774
7775
7776
7777
7778
7779
7780
7781
7782
7783
7784
7785
7786
// * @reference ETSI TS 103 097 [1], clauses 7.4.4
// */
// testcase TC_SEC_ITSS_SND_CERT_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var Certificate v_aa_cert;
// var ValidityRestriction v_vr;
// var SignerInfo v_si;
// var Time64 v_generationTime;
// var Time64 v_curTime;
// var Time64 v_startTime, v_endTime, v_duration;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
// }
// v_aa_cert := v_chain[lengthof(v_chain) - 1];
// if (match (v_aa_cert.validity_restrictions, superset(mw_validity_restriction_time_end,
// mw_validity_restriction_time_start_and_duration))
// ) {
// log("*** " & testcasename() & ": FAIL: AA certificate must not contain time_end and time_start_and_duration restrictions ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// if ( true != f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_vr)) {
// log("*** " & testcasename() & ": FAIL: AA certificate must contain time_start_and_end restrictions ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) {
// log("*** " & testcasename() & ": FAIL: start validity mus not be greater then end validity in the validity restrictions of AA certificate ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// // Process signerInfo field
// if ( true != f_getCertificateSignerInfo(v_aa_cert, v_si)) {
// log("*** " & testcasename() & ": FAIL: AA certificate must contain SignerInfo fields ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// if (v_si.type_ == e_certificate) {
// log("*** " & testcasename() & ": FAIL: AA certificate must contain SignerInfo field containing a certificate ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// for (var integer v_counter := 0; v_counter < lengthof(v_si.signerInfo.certificate.validity_restrictions); v_counter := v_counter + 1) {
// if (v_si.signerInfo.certificate.validity_restrictions[v_counter].type_ == e_time_end) {
// v_endTime := v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.end_validity * 1000000;
// if (not match(v_generationTime, Time64:(0 .. v_endTime))){
// log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// } else if (v_si.signerInfo.certificate.validity_restrictions[v_counter].type_ == e_time_start_and_end) {
// v_endTime := v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.time_start_and_end.end_validity * 1000000;
// v_startTime := v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.time_start_and_end.start_validity * 1000000;
// if (not match(v_generationTime, Time64:(v_startTime .. v_endTime))){
// log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// } else if (v_si.signerInfo.certificate.validity_restrictions[v_counter].type_ == e_time_start_and_duration) {
// v_startTime := v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.time_start_and_duration.start_validity * 1000000;
// v_duration := f_duration2time(v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.time_start_and_duration.duration_) * 1000000;
// if (not match(v_generationTime, Time64:(v_startTime .. v_duration))){
// log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// } else {
// log("*** " & testcasename() & ": FAIL: Mal-formed the certificate");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// } // End of 'for' statement
//
// log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_08_01_BV
//
// /**
// * @desc Check that the certificate signature contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1
// * or x_coordinate_only
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * Initial conditions:
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate in the next CAM
// * }
// * Expected Behaviour:
// * ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating certificate
// * containing certificate
// * containing signature.ecdsa_signature
// * containing R.type
// * indicating compressed_lsb_y_0
// * or indicating compressed_lsb_y_1
// * or indicating x_coordinate_only
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_09_01_BV
7788
7789
7790
7791
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815
7816
7817
7818
7819
7820
7821
7822
7823
7824
7825
7826
7827
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847
7848
7849
7850
7851
7852
7853
7854
7855
7856
7857
7858
7859
7860
7861
7862
7863
7864
7865
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876
7877
7878
7879
7880
7881
7882
7883
7884
7885
7886
7887
7888
7889
7890
7891
7892
7893
7894
7895
7896
7897
7898
7899
7900
7901
7902
7903
7904
7905
7906
7907
7908
7909
7910
7911
7912
7913
7914
7915
7916
7917
7918
// * @reference ETSI TS 103 097 [1], clause 4.2.9
// */
// testcase TC_SEC_ITSS_SND_CERT_09_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// tc_ac.start;
// alt {
// [] geoNetworkingPort.receive(
// mw_geoNwInd(
// mw_geoNwSecPdu(
// mw_securedMessage(
// superset(
// mw_header_info_signer_info_certificate(
// mw_at_certificate(
// ?,
// ?,
// ?,
// mw_signature(
// mw_ecdsaSignature(
// mw_eccPointecdsa_nistp256_with_sha256_y0_coordinate_only
// ))))))))) {
// tc_ac.stop;
// log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_0 received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// }
// [] geoNetworkingPort.receive(
// mw_geoNwInd(
// mw_geoNwSecPdu(
// mw_securedMessage(
// superset(
// mw_header_info_signer_info_certificate(
// mw_at_certificate(
// ?,
// ?,
// ?,
// mw_signature(
// mw_ecdsaSignature(
// mw_eccPointecdsa_nistp256_with_sha256_y1_coordinate_only
// ))))))))) {
// tc_ac.stop;
// log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_1 received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// }
// [] geoNetworkingPort.receive(
// mw_geoNwInd(
// mw_geoNwSecPdu(
// mw_securedMessage(
// superset(
// mw_header_info_signer_info_certificate(
// mw_at_certificate(
// ?,
// ?,
// ?,
// mw_signature(
// mw_ecdsaSignature(
// mw_eccPointecdsa_nistp256_with_sha256_x_coordinate_only
// ))))))))) {
// tc_ac.stop;
// log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to x_coordinate_only received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// }
// [] geoNetworkingPort.receive(
// mw_geoNwInd(
// mw_geoNwSecPdu(
// mw_securedMessage(
// superset(
// mw_header_info_signer_info_certificate(
// mw_at_certificate
// )))))) {
// tc_ac.stop;
// log("*** " & testcasename() & ": FAIL: AT certificate signature mismatch ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// [] tc_ac.timeout {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
// }
// } // End of 'alt' statement
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
//
// } // End of testcase TC_SEC_ITSS_SND_CERT_09_01_BV
//
// /**
// * @desc Check that the all certificates in a chain have signatures contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1
// * or x_coordinate_only
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * Initial conditions:
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate in the next CAM
// * }
// * Expected Behaviour:
// * ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates
// * indicating length N > 1
// * and indicating certificates[n] (0..N)
// * containing signature.ecdsa_signature
// * containing R.type
// * indicating compressed_lsb_y_0
// * or indicating compressed_lsb_y_1
// * or indicating x_coordinate_only
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_09_02_BV
7920
7921
7922
7923
7924
7925
7926
7927
7928
7929
7930
7931
7932
7933
7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
7957
7958
7959
7960
7961
7962
7963
7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
7979
7980
7981
7982
7983
7984
7985
7986
7987
7988
7989
7990
7991
7992
7993
7994
7995
7996
7997
7998
7999
8000
// * @reference ETSI TS 103 097 [1], clause 4.2.9
// */
// testcase TC_SEC_ITSS_SND_CERT_09_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// // Local variables
// var GeoNetworkingInd v_geoNwInd;
// var SignerInfo v_si;
// var SequenceOfCertificate v_chain;
// var integer v_counter;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// tc_ac.start;
// alt {
// [] geoNetworkingPort.receive(
// mw_geoNwInd(
// mw_geoNwSecPdu(
// mw_securedMessage(
// superset(
// mw_header_info_signer_info_certificate_chain
// ))))) -> value v_geoNwInd {
// tc_ac.stop;
// // Check certificate chain
// if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) {
// v_chain := v_si.signerInfo.certificates;
// for (v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1 ) {
// if (v_chain[v_counter].signature_.algorithm != e_ecdsa_nistp256_with_sha256) {
// log("*** " & testcasename() & ": FAIL: Wrong signature algorithm ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
// } else if (
// (v_chain[v_counter].signature_.signature_.ecdsa_signature.r.type_ != e_x_coordinate_only) and
// (v_chain[v_counter].signature_.signature_.ecdsa_signature.r.type_ != e_compressed_lsb_y_0) and
// (v_chain[v_counter].signature_.signature_.ecdsa_signature.r.type_ != e_compressed_lsb_y_1)
// ) {
// log("*** " & testcasename() & ": FAIL: Wrong ECDSA R type ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
// }
// } // End of 'for' statement
// }
// log("*** " & testcasename() & ": PASS: All certificates in a chain have the correct signature type ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// }
// [] tc_ac.timeout {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
// }
// } // End of 'alt' statement
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
//
// } // End of testcase TC_SEC_ITSS_SND_CERT_09_02_BV
//
// /**
// * @desc Check that the certificate verification key contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1
// * or uncompressed
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * Initial conditions:
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate in the next CAM
// * }
// * Expected Behaviour:
// * ensure that {
// * when {