Newer
Older
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating certificate
// * containing certificate
// * containing subject_attributes['verification_key']
// * containing key.public_key.type
// * indicating compressed_lsb_y_0
// * or indicating compressed_lsb_y_1
// * or indicating x_coordinate_only
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_10_01_BV
8017
8018
8019
8020
8021
8022
8023
8024
8025
8026
8027
8028
8029
8030
8031
8032
8033
8034
8035
8036
8037
8038
8039
8040
8041
8042
8043
8044
8045
8046
8047
8048
8049
8050
8051
8052
8053
8054
8055
8056
8057
8058
8059
8060
8061
8062
8063
8064
8065
8066
8067
8068
8069
8070
8071
8072
8073
8074
8075
8076
8077
8078
8079
8080
8081
8082
8083
8084
8085
8086
8087
8088
8089
8090
8091
8092
8093
8094
8095
8096
8097
8098
8099
8100
8101
8102
8103
8104
8105
8106
8107
8108
8109
8110
8111
8112
8113
8114
8115
8116
8117
8118
8119
8120
8121
8122
8123
8124
8125
8126
8127
8128
8129
8130
8131
8132
8133
8134
8135
8136
8137
8138
8139
8140
8141
8142
8143
8144
8145
8146
8147
8148
8149
8150
8151
8152
8153
// * @reference ETSI TS 103 097 [1], clause 4.2.4
// */
// testcase TC_SEC_ITSS_SND_CERT_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// tc_ac.start;
// alt {
// [] geoNetworkingPort.receive(
// mw_geoNwInd(
// mw_geoNwSecPdu(
// mw_securedMessage(
// superset(
// mw_header_info_signer_info_certificate(
// mw_at_certificate(
// ?,
// superset(
// mw_subject_attribute_verification_key(
// mw_publicKey_eccPoint_compressed_lsb_y_0
// )
// ),
// ?,
// mw_signature
// ))))))) {
// tc_ac.stop;
// log("*** " & testcasename() & ": PASS: AT certificate contains verification key with the ECC point of type set to compressed_lsb_y_0 received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// }
// [] geoNetworkingPort.receive(
// mw_geoNwInd(
// mw_geoNwSecPdu(
// mw_securedMessage(
// superset(
// mw_header_info_signer_info_certificate(
// mw_at_certificate(
// ?,
// superset(
// mw_subject_attribute_verification_key(
// mw_publicKey_eccPoint_compressed_lsb_y_1
// )
// ),
// ?,
// mw_signature
// ))))))) {
// tc_ac.stop;
// log("*** " & testcasename() & ": PASS: AT certificate contains verification key with the ECC point of type set to compressed_lsb_y_1 received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// }
// [] geoNetworkingPort.receive(
// mw_geoNwInd(
// mw_geoNwSecPdu(
// mw_securedMessage(
// superset(
// mw_header_info_signer_info_certificate(
// mw_at_certificate(
// ?,
// superset(
// mw_subject_attribute_verification_key(
// mw_publicKey_eccPoint_uncompressed
// )
// ),
// ?,
// mw_signature
// ))))))) {
// tc_ac.stop;
// log("*** " & testcasename() & ": PASS: AT certificate contains verification key with the ECC point of type set to uncompressed received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// }
// [] geoNetworkingPort.receive(
// mw_geoNwInd(
// mw_geoNwSecPdu(
// mw_securedMessage(
// superset(
// mw_header_info_signer_info_certificate(
// mw_at_certificate
// )))))) {
// tc_ac.stop;
// log("*** " & testcasename() & ": FAIL: AT certificate signature mismatch ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// [] tc_ac.timeout {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
// }
// } // End of 'alt' statement
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
//
// } // End of testcase TC_SEC_ITSS_SND_CERT_10_01_BV
//
// /**
// * @desc Check that all certificate in a chain have verification keys contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1
// * or uncompressed
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * Initial conditions:
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate in the next CAM
// * }
// * Expected Behaviour:
// * ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates
// * indicating length N > 1
// * and indicating certificates[n] (0..N)
// * containing signature.ecdsa_signature
// * containing subject_attributes['verification_key']
// * indicating compressed_lsb_y_0
// * or indicating compressed_lsb_y_1
// * or indicating uncompressed
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_10_02_BV
8155
8156
8157
8158
8159
8160
8161
8162
8163
8164
8165
8166
8167
8168
8169
8170
8171
8172
8173
8174
8175
8176
8177
8178
8179
8180
8181
8182
8183
8184
8185
8186
8187
8188
8189
8190
8191
8192
8193
8194
8195
8196
8197
8198
8199
8200
8201
8202
8203
8204
8205
8206
8207
8208
8209
8210
8211
8212
8213
8214
8215
8216
8217
8218
8219
8220
8221
8222
8223
8224
8225
8226
8227
8228
8229
8230
8231
8232
8233
8234
// * @reference ETSI TS 103 097 [1], clause 4.2.4
// */
// testcase TC_SEC_ITSS_SND_CERT_10_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// // Local variables
// var GeoNetworkingInd v_geoNwInd;
// var SignerInfo v_si;
// var SequenceOfCertificate v_chain;
// var integer v_counter;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// tc_ac.start;
// alt {
// [] geoNetworkingPort.receive(
// mw_geoNwInd(
// mw_geoNwSecPdu(
// mw_securedMessage(
// superset(
// mw_header_info_signer_info_certificate_chain
// ))))) {
// tc_ac.stop;
// // Check certificate chain
// if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) {
// v_chain := v_si.signerInfo.certificates;
// for (v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1 ) {
// if (
// (not match(v_chain[v_counter], mw_certificate(?, ?, superset(mw_subject_attribute_verification_key(mw_publicKey_eccPoint_compressed_lsb_y_0))))) and
// (not match(v_chain[v_counter], mw_certificate(?, ?, superset(mw_subject_attribute_verification_key(mw_publicKey_eccPoint_compressed_lsb_y_1))))) and
// (not match(v_chain[v_counter], mw_certificate(?, ?, superset(mw_subject_attribute_verification_key(mw_publicKey_eccPoint_uncompressed)))))
// ) {
// log("*** " & testcasename() & ": FAIL: Wrong verification key algorithm ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
// }
// } // End of 'for' statement
// }
// log("*** " & testcasename() & ": PASS: All certificates in a chain have the correct verification key ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// }
// [] tc_ac.timeout {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
// }
// } // End of 'alt' statement
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
//
// } // End of testcase TC_SEC_ITSS_SND_CERT_10_02_BV
//
// /**
// * @desc Check the certificate signature
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * Initial conditions:
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * ND containing certificate
// * containing signer_info
// * containing type
// * indicating 'certificate_digest_with_sha256'
// * containing digest
// * referenced to the certificate CERT
// * and containing signature
// * verifiable using CERT.subject_attributes['verification_key'].key
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_09_01_BV
8248
8249
8250
8251
8252
8253
8254
8255
8256
8257
8258
8259
8260
8261
8262
8263
8264
8265
8266
8267
8268
8269
8270
8271
8272
8273
8274
8275
8276
8277
8278
8279
8280
8281
8282
8283
8284
8285
8286
8287
8288
8289
8290
8291
8292
8293
8294
8295
8296
8297
8298
8299
8300
8301
8302
8303
8304
8305
8306
8307
8308
8309
8310
8311
8312
8313
8314
8315
8316
8317
8318
8319
8320
8321
8322
8323
8324
8325
8326
8327
8328
8329
8330
8331
8332
8333
8334
8335
8336
8337
8338
8339
8340
8341
8342
8343
8344
8345
8346
8347
8348
8349
8350
8351
8352
8353
8354
8355
8356
8357
8358
8359
8360
8361
8362
8363
8364
8365
8366
8367
8368
8369
8370
8371
8372
8373
8374
8375
8376
8377
8378
8379
8380
8381
8382
8383
8384
8385
8386
8387
8388
// * @reference ETSI TS 103 097 [1], clauses 6.1 and 7.4.1
// */
// testcase TC_SEC_ITSS_SND_CERT_11_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// // Local declarations
// var GeoNetworkingInd v_geoNwInd;
// var Certificate v_at_cert;
// var Certificate v_aa_cert;
// var HashedId8 v_aa_digest;
// var SignerInfo v_si;
// var integer v_counter;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Wait for the message with the certificate to get the AA cert digest.
// // Ask for the chain, containing AT and AA certificate
// // Check that the AT cert in the first message is signed with the AA cert
// log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate ***");
// tc_ac.start;
// if (not f_waitForCertificate(v_at_cert)) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// }
// tc_ac.stop;
//
// if (true != f_getCertificateSignerInfo(v_at_cert, v_si)) {
// log("*** " & testcasename() & ": FAIL: AT Certificate signer info is unknown ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
// }
// if (v_si.type_ != e_certificate_digest_with_sha256) {
// log("*** " & testcasename() & ": FAIL: AT Certificate is not signed well ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
// }
// v_aa_digest := v_si.signerInfo.digest;
//
// // Send a certificate request to the IUT
// f_sendCertificateRequest(v_aa_digest, f_generateDefaultCam());
//
// // Test Body
// tc_ac.start;
// alt {
// [] geoNetworkingPort.receive(
// mw_geoNwInd(
// mw_geoNwSecPdu(
// mw_securedMessage(
// superset(
// mw_header_info_signer_info_certificate_chain
// ))))) -> value v_geoNwInd {
// var Ieee1609Dot2Data v_secMsg;
// var integer v_chainLength;
// tc_ac.stop;
// // Check certificate chain
//
// if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) {
// v_chainLength := lengthof(v_si.signerInfo.certificates);
// if (v_chainLength < 2 ) {
// log("*** " & testcasename() & ": FAIL: Certificate chain doesn't contain the AA cert ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// // get aa cert
// v_aa_cert := v_si.signerInfo.certificates[v_chainLength-2];
// if (not match (v_aa_digest, f_calculateDigestFromCertificate(v_aa_cert))) {
// log("*** " & testcasename() & ": FAIL: AT certificate was not signed with the given AA cert ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// // Check that at cert is signed with aa cert
// if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_at_cert, v_aa_cert)) {
// log("*** " & testcasename() & ": FAIL: AT certificate signature error ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// log("*** " & testcasename() & ": PASS: AT certificate was well signed with AA certificate ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// } else {
// log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// }
// [] tc_ac.timeout {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
// }
// } // End of 'alt' statement
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
//
// } // End of testcase TC_SEC_ITSS_SND_CERT_11_01_BV
//
// /**
// * @desc Check the signatures of the certificates in the chain
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * Initial conditions:
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * and containing certificates
// * indicating length N > 1
// * and containing certificate[0]
// * containing signer_info
// * containing type
// * indicating 'certificate_digest_with_sha256'
// * and containing digest
// * referenced to the trusted certificate (CERT_ROOT)
// * and containing signature
// * verifiable using CERTIFICATES[N-1].subject_attributes['verification_key'].key
// * and containing certificates[n] (1..N)
// * containing signer_info {
// * containing type
// * indicating 'certificate_digest_with_sha256'
// * and containing digest
// * referenced to the certificates[n-1]
// * and containing signature
// * verifiable using certificates[n-1].subject_attributes['verification_key'].key
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_09_02_BV
8390
8391
8392
8393
8394
8395
8396
8397
8398
8399
8400
8401
8402
8403
8404
8405
8406
8407
8408
8409
8410
8411
8412
8413
8414
8415
8416
8417
8418
8419
8420
8421
8422
8423
8424
8425
8426
8427
8428
8429
8430
8431
8432
8433
8434
8435
8436
8437
8438
8439
8440
8441
8442
8443
8444
8445
8446
8447
8448
8449
8450
8451
8452
8453
8454
8455
8456
8457
8458
8459
8460
8461
8462
8463
8464
8465
8466
8467
8468
8469
8470
8471
8472
8473
8474
8475
8476
8477
8478
8479
8480
8481
8482
8483
8484
8485
8486
8487
8488
8489
8490
8491
8492
8493
8494
8495
8496
8497
8498
8499
8500
8501
8502
8503
8504
8505
8506
8507
8508
8509
8510
8511
8512
8513
// * @reference ETSI TS 103 097 [1], clauses 6.1 and 7.4.1
// */
// testcase TC_SEC_ITSS_SND_CERT_11_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// // Local declarations
// var GeoNetworkingInd v_geoNwInd;
// var Certificate v_cert;
// var SequenceOfCertificate v_chain;
// var SignerInfo v_si;
// var HashedId8 v_digest;
// var integer v_counter;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Wait for the message with the certificate to get the AA cert digest.
// // Ask for the chain, containing AT and AA certificate
// // Check that the AT cert in the first message is signed with the AA cert
// log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate and ask for a certificate chain ***");
// tc_ac.start;
// f_askForCertificateChain(f_generateDefaultCam());
// tc_ac.stop;
//
// // Test Body
// tc_ac.start;
// alt {
// [] geoNetworkingPort.receive(
// mw_geoNwInd(
// mw_geoNwSecPdu(
// mw_securedMessage(
// superset(
// mw_header_info_signer_info_certificate_chain
// ))))) -> value v_geoNwInd {
// var Ieee1609Dot2Data v_secMsg;
// var integer v_chainLength;
// tc_ac.stop;
// // Check certificate chain
// if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) {
// v_chain := v_si.signerInfo.certificates;
// for (v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1 ) {
// if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) {
// log("*** " & testcasename() & ": FAIL: Certificate "&int2str(v_counter) & " doesn't have a signer info ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// if (v_si.type_ != e_certificate_digest_with_sha256) {
// log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// // Check that cert is signed by issuing cert
// v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]);
// if (not match (v_si.signerInfo.digest, v_digest)) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// // Check that the signature is valid
// if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_chain[v_counter], v_chain[v_counter - 1])) {
// log("*** " & testcasename() & ": FAIL: AT certificate signature error ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// } // End of 'for' statement
//
// log("*** " & testcasename() & ": PASS: All certificates in the chain signed by it's issuing certs ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// } else {
// log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// }
// [] tc_ac.timeout {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
// }
// }
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
//
// } // End of testcase TC_SEC_ITSS_SND_CERT_11_02_BV
//
// /**
// * @desc Check that the assurance level of the subordinate certificate is equal to or less than the assurance level of the issuing certificate
// * <pre>
// * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates
// * indicating length N > 1
// * and containing certificates[n](0..N)
// * containing subject_attributes ['assurance_level']
// * containig assurance_level
// * containing bits [5-7]
// * indicating assurance level CERT_AL
// * and containing signer_info
// * containing digest
// * referenced to the certificate
// * containing subject_attributes ['assurance_level']
// * containing assurance_level
// * containing bits [5-7]
// * indicating value <= CERT_AL
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_12_01_BV
8515
8516
8517
8518
8519
8520
8521
8522
8523
8524
8525
8526
8527
8528
8529
8530
8531
8532
8533
8534
8535
8536
8537
8538
8539
8540
8541
8542
8543
8544
8545
8546
8547
8548
8549
8550
8551
8552
8553
8554
8555
8556
8557
8558
8559
8560
8561
8562
8563
8564
8565
8566
8567
8568
8569
8570
8571
8572
8573
8574
8575
8576
8577
8578
// * @reference ETSI TS 103 097 [1], clause 7.4.1
// */
// testcase TC_SEC_ITSS_SND_CERT_12_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var Certificate v_aa_cert, v_at_cert;
// var SubjectAttribute v_sa;
// var SubjectAssurance v_aa_assurance_level, v_at_assurance_level;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
// }
// v_aa_cert := v_chain[lengthof(v_chain) - 2];
// v_at_cert := v_chain[lengthof(v_chain) - 1];
// if (not f_getCertificateSubjectAttribute(v_aa_cert, e_assurance_level, v_sa)) {
// log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// v_aa_assurance_level := v_sa.attribute.assurance_level;
//
// if (not f_getCertificateSubjectAttribute(v_at_cert, e_assurance_level, v_sa)) {
// log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// v_at_assurance_level := v_sa.attribute.assurance_level;
//
// if (bit2int(v_aa_assurance_level.levels) < bit2int(v_at_assurance_level.levels)) {
// log("*** " & testcasename() & ": FAIL: The assurence levels mismatch ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// } else {
// log("*** " & testcasename() & ": PASS: The assurence levels match ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// }
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_12_01_BV
//
// /**
// * @desc Sending behaviour test cases for AA certificate profil
// * @see ETSI TS 103 096-2 V1.3.32 (2018-01) Clause 5.2.7.7 AA certificate profile
8580
8581
8582
8583
8584
8585
8586
8587
8588
8589
8590
8591
8592
8593
8594
8595
8596
8597
8598
8599
8600
8601
8602
8603
8604
// */
// group AA_Certificates {
//
// /**
// * @desc Check that the subject_type of the AA certificate is set to authorization_authority
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates[last-1]
// * containing subject_info.subject_type
// * indicating 'authorization_authority' (2)
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_01_01_BV
8606
8607
8608
8609
8610
8611
8612
8613
8614
8615
8616
8617
8618
8619
8620
8621
8622
8623
8624
8625
8626
8627
8628
8629
8630
8631
8632
8633
8634
8635
8636
8637
8638
8639
8640
8641
8642
8643
8644
8645
8646
8647
8648
8649
8650
8651
8652
8653
8654
8655
8656
8657
8658
8659
8660
8661
8662
8663
8664
8665
8666
8667
8668
8669
8670
8671
// * @reference ETSI TS 103 097 [1], clause 7.4.4
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
// }
// if (not match(v_chain[lengthof(v_chain) - 2], mw_aa_certificate)) {
// log("*** " & testcasename() & ": FAIL: AA certificate not found in the chain[last-1] ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// log("*** " & testcasename() & ": PASS: AA certificate was found in the chain ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_01_01_BV
//
// /**
// * @desc Check that the AA certificsate subject_name variable-length vector contains 32 bytes maximum
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates[last-1]
// * containing subject_info.subject_name
// * indicating length <= 32 bytes
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_02_01_BV
8673
8674
8675
8676
8677
8678
8679
8680
8681
8682
8683
8684
8685
8686
8687
8688
8689
8690
8691
8692
8693
8694
8695
8696
8697
8698
8699
8700
8701
8702
8703
8704
8705
8706
8707
8708
8709
8710
8711
8712
8713
8714
8715
8716
8717
8718
8719
8720
8721
8722
8723
8724
8725
8726
8727
8728
8729
8730
8731
8732
8733
8734
8735
8736
8737
8738
8739
8740
// * @reference ETSI TS 103 097 [1], clause 6.2
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
// }
// // Verified automatically on decoding
// if (lengthof(v_chain[lengthof(v_chain) - 2].subject_info.subject_name) > 32 ) {
// log("*** " & testcasename() & ": FAIL: Subject name of the AA certificate is too long ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// log("*** " & testcasename() & ": PASS: Subject name of the AA certificate is good ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_02_01_BV
//
// /**
// * @desc Check that signer_info type of AA certificates is set to 'certificate_digest_with_sha256'
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates[last-1]
// * containing signer_info
// * containing type
// * indicating 'certificate_digest_with_sha256'
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_03_01_BV
8742
8743
8744
8745
8746
8747
8748
8749
8750
8751
8752
8753
8754
8755
8756
8757
8758
8759
8760
8761
8762
8763
8764
8765
8766
8767
8768
8769
8770
8771
8772
8773
8774
8775
8776
8777
8778
8779
8780
8781
8782
8783
8784
8785
8786
8787
8788
8789
8790
8791
8792
8793
8794
8795
8796
8797
8798
8799
8800
8801
8802
8803
8804
8805
8806
8807
8808
8809
8810
8811
8812
8813
8814
8815
8816
8817
// * @reference ETSI TS 103 097 [1], clause 7.4.4
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_03_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var Certificate v_aa_cert;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
// }
// v_aa_cert := v_chain[lengthof(v_chain) - 2];
// if (not match(v_aa_cert, mw_aa_certificate(mw_signerIdentifier_digest))) {
// log("*** " & testcasename() & ": FAIL: AA certificate not signed by digest ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// log("*** " & testcasename() & ": PASS: AA certificate is signed by digest ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_03_01_BV
//
// /**
// * @desc Check that AA certificate is signed by Root CA or other authority
// * @remark There is no clear specification that AA cert shall be signed by the Root CA only
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates
// * containing certificates[last-1]
// * containing signer_info
// * containing type
// * indicating 'certificate_digest_with_ecdsap256'
// * and containing digest
// * referencing to the trusted certificate
// * containing subject_info.subject_type
// * indicating 'root_ca'
// * or indicating 'authorisation_authority'
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_04_01_BV
8819
8820
8821
8822
8823
8824
8825
8826
8827
8828
8829
8830
8831
8832
8833
8834
8835
8836
8837
8838
8839
8840
8841
8842
8843
8844
8845
8846
8847
8848
8849
8850
8851
8852
8853
8854
8855
8856
8857
8858
8859
8860
8861
8862
8863
8864
8865
8866
8867
8868
8869
8870
8871
8872
8873
8874
8875
8876
8877
8878
8879
8880
8881
8882
8883
8884
8885
8886
8887
8888
8889
8890
8891
8892
8893
8894
8895
8896
8897
8898
8899
8900
8901
8902
8903
8904
8905
8906
// * @reference ETSI TS 103 097 [1], clauses 6.3
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var Certificate v_aa_cert, v_ca_cert;
// var SignerInfo v_si;
// var HashedId8 v_ca_digest;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// v_aa_cert := v_chain[lengthof(v_chain) - 2];
// // Process signerInfo field
// if ( true != f_getCertificateSignerInfo(v_aa_cert, v_si)) {
// log("*** " & testcasename() & ": FAIL: AA certificate must contain SignerInfo fields ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// if (v_si.type_ == e_certificate_digest_with_sha256) {
// log("*** " & testcasename() & ": FAIL: AA certificate must contain SignerInfo field containing a certificate_digest_with_ecdsap256 ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// f_readCertificate(cc_taCert_CA, v_ca_cert);
// v_ca_digest := f_calculateDigestFromCertificate(v_ca_cert);
//
// if (not match(v_aa_cert, mw_aa_certificate(mw_signerIdentifier_digest(v_ca_digest)))) {
// log("*** " & testcasename() & ": FAIL: AA certificate signer info doesn't reference the CA certificate from the chain ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// if (not f_verifyCertificateSignatureWithIssuingCertificate(v_aa_cert, v_ca_cert)) {
// log("*** " & testcasename() & ": FAIL: AT certificate signature verification failed ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// log("*** " & testcasename() & ": PASS: AA certificate was signed by the CA certificate from the given chain ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_04_01_BV
//
// /**
// * @desc Check that all neccesary subject attributes are present and arranged in accesing order
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates[last-1]
// * containing subject_attributes [0..N]
// * indicating subject_attributes[n].type < subject_attributes[n+ 1].type
// * containing subject_attributes['verification_key']
// * containing subject_attributes['assurance_level']
// * containing subject_attributes['its_aid_list']
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_05_01_BV
8908
8909
8910
8911
8912
8913
8914
8915
8916
8917
8918
8919
8920
8921
8922
8923
8924
8925
8926
8927
8928
8929
8930
8931
8932
8933
8934
8935
8936
8937
8938
8939
8940
8941
8942
8943
8944
8945
8946
8947
8948
8949
8950
8951
8952
8953
8954
8955
8956
8957
8958
8959
8960
8961
8962
8963
8964
8965
8966
8967
8968
8969
8970
8971
8972
8973
8974
8975
8976
8977
8978
8979
8980
8981
8982
8983
8984
8985
8986
8987
8988
8989
8990
// * @reference ETSI TS 103 097 [1], clauses 6.1, 7.4.1 and 7.4.4
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_05_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var SubjectAttributes v_attrs;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {
// log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
// stop;
// }
//
// // Test component configuration
// f_cf01Up();
//
// // Test adapter configuration
//
// // Preamble
// f_prNeighbour();
// f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
//
// // Test Body
// log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
// tc_ac.start;
// if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
// log("*** " & testcasename() & ": INCONC: Expected message not received ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
// }
// tc_ac.stop;
// if (lengthof(v_chain) < 2) {
// log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
// f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
// }
// if (not match(v_chain[lengthof(v_chain) - 2],
// mw_aa_certificate(?,
// superset(mw_subject_attribute_verification_key,
// mw_subject_attribute_assurance_level,
// mw_subject_attribute_its_aid_list)))
// ) {
// log("*** " & testcasename() & ": FAIL: Required subject attribute of AA certificate is not found ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
//
// v_attrs := v_chain[lengthof(v_chain) - 2].subject_attributes;
// for (var integer v_counter := 1; v_counter < lengthof(v_attrs); v_counter := v_counter + 1 ) {
// if (v_attrs[v_counter].type_ <= v_attrs[v_counter-1].type_) {
// log("*** " & testcasename() & ": FAIL: AA certificate subject attributes are not arranged in accening order ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
// }
// }
//
// log("*** " & testcasename() & ": PASS: All required AA certificate subject attributes are presents ***");
// f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
//
// // Postamble
// f_poNeighbour();
// f_cf01Down();
// } // End of testcase TC_SEC_ITSS_SND_CERT_AA_05_01_BV
//
// /**
// * @desc Check that all AIDs containing in the its_aid_list in AA certificate are unique
// * Check that AID list contains not more then 31 items
// * <pre>
// * Pics Selection: PICS_GN_SECURITY
// * Config Id: CF01
// * with {
// * the IUT being in the 'authorized' state
// * the IUT being requested to include certificate chain in the next CAM
// * } ensure that {
// * when {
// * the IUT is requested to send a CAM
// * } then {
// * the IUT sends a Ieee1609Dot2Data
// * containing header_fields['signer_info'].signer
// * containing type
// * indicating 'certificate_chain'
// * containing certificates[last-1]
// * containing subject_attributes['its_aid_list']
// * containing its_aid_list[0..N]
// * containing no more then 31 unique item
// * }
// * }
// * </pre>
// * @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_08_01_BV
// * @reference ETSI TS 103 097 [1], clauses 7.4.4
// */
// testcase TC_SEC_ITSS_SND_CERT_AA_08_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// var SequenceOfCertificate v_chain;
// var Certificate v_aa_cert;
// var SubjectAttribute v_sa;
//
// // Test control
// if (not(PICS_GN_SECURITY)) {