Newer
Older
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_ENC_03_BV
7012
7013
7014
7015
7016
7017
7018
7019
7020
7021
7022
7023
7024
7025
7026
7027
7028
7029
7030
7031
7032
7033
7034
7035
7036
7037
7038
7039
7040
7041
7042
/**
* @desc Check that the ciphertext of encrypted message contains encrypted EtsiTs103097Data structure.
* <pre>
* Pics Selection: PICS_GN_SECURITY AND PICS_SEC_ENCRYPTION_SUPPORT
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (CERT_IUT_A_AT)
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send an encrypted message
* } then {
* the IUT sends a message of type EtsiTs103097Data
* containing encryptedData
* containing ciphertext
* containing encrypted data
* containing COER encoded data
* containing structure of type EtsiTs103097Data
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_ENC_04_BV
* @reference IEEE 1609.2 [2], clauses 6.3.31
* @reference ETSI TS 103 097 [1] Clause 7.1.4
*/
testcase TC_SEC_ITSS_SND_ENC_04_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var EtsiTs103097Data v_decryptedMsg;
7045
7046
7047
7048
7049
7050
7051
7052
7053
7054
7055
7056
7057
7058
7059
7060
7061
7062
7063
7064
7065
7066
7067
7068
7069
7070
7071
7072
7073
7074
7075
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_ENCRYPTION_SUPPORT)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_ENCRYPTION_SUPPORT' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_encrypted(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm(
mw_aesCcmCiphertext
)))))) -> value v_geoNwInd {
tc_ac.stop;
if (f_decrypt(vc_encryptPrivateKey, f_getSecuredMessage(v_geoNwInd.msgIn), ''O, v_decryptedMsg, v_aes_sym_enc_key) == false) { // No salt value
log("*** " & testcasename() & ": FAIL: Unable to process encryption data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else if (match(v_decryptedMsg, mw_etsiTs103097Data) == false) {
log("*** " & testcasename() & ": FAIL: Unable to parse EtsiTs103097Data data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: IUT sends signed and encrypted message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_ENC_04_BV
/**
* @desc Check that when the IUT sends SignedAndEncrypted message then it sends the
7101
7102
7103
7104
7105
7106
7107
7108
7109
7110
7111
7112
7113
7114
7115
7116
7117
7118
7119
7120
7121
7122
7123
7124
7125
7126
7127
7128
7129
7130
7131
7132
* EtsiTs103097Data-Encrypted message containing the EtsiTs103097Data-Signed
* structure as the ToBeSignedDataContent.
* <pre>
* Pics Selection: PICS_GN_SECURITY AND PICS_SEC_ENCRYPTION_SUPPORT
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (CERT_IUT_A_AT)
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send an encrypted and signed message
* } then {
* the IUT sends a message of type EtsiTs103097Data
* containing encryptedData
* containing ciphertext
* containing encrypted data
* containing COER encoded data
* containing structure of type EtsiTs103097Data
* containing signedData
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_ENC_05_BV
* @reference IEEE 1609.2 [2], clauses 6.3.31
* @reference ETSI TS 103 097 [1] Clause 7.1.5
*/
testcase TC_SEC_ITSS_SND_ENC_05_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var EtsiTs103097Data v_decryptedMsg;
7135
7136
7137
7138
7139
7140
7141
7142
7143
7144
7145
7146
7147
7148
7149
7150
7151
7152
7153
7154
7155
7156
7157
7158
7159
7160
7161
7162
7163
7164
7165
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_ENCRYPTION_SUPPORT)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_ENCRYPTION_SUPPORT' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_encrypted(
mw_encryptedData(
-,
mw_SymmetricCiphertext_aes128ccm(
mw_aesCcmCiphertext
)))))) -> value v_geoNwInd {
tc_ac.stop;
if (f_decrypt(vc_encryptPrivateKey, f_getSecuredMessage(v_geoNwInd.msgIn), ''O, v_decryptedMsg, v_aes_sym_enc_key) == false) { // No salt value
log("*** " & testcasename() & ": FAIL: Unable to process encryption data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else if (match(v_decryptedMsg, mw_etsiTs103097Data_signed) == false) {
log("*** " & testcasename() & ": FAIL: Unable to parse signed data ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
// TODO Check signature?
log("*** " & testcasename() & ": PASS: IUT sends signed and encrypted message ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_ENC_05_BV
} // End of group encryptedMessagesProfile
/**
* @desc Sending behaviour test cases for certificates profile
* @see ETSI TS 103 096-2 V1.3.32 (2018-01) Clause 5.2.8 Profiles for certificates
*/
7198
7199
7200
7201
7202
7203
7204
7205
7206
7207
7208
7209
7210
7211
7212
7213
7214
7215
7216
7217
7218
7219
7220
7221
7222
7223
7224
/**
* @desc Check that IUT certificate is explicit and has version 3.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected behaviour:
* ensure that {
* when {
* the AA is issued the certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing version
* indicating 3
* and containing type
* indicating 'explicit'
* and containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_01_BV
* @reference ETSI TS 103 097 [1], Clauses 6
* @reference IEEE 1609.2 [2] Clause 6.4.3
*/
testcase TC_SEC_ITSS_SND_CERT_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
f_askForCertificateChain(f_generateDefaultCam()); // TODO Rename f_askForCertificateChain into f_askForCertificateAA
tc_ac.stop;
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
mw_ieee1609Dot2_headerInfo_request_certificate(
7264
7265
7266
7267
7268
7269
7270
7271
7272
7273
7274
7275
7276
7277
7278
7279
7280
7281
7282
7283
7284
7285
7286
7287
7288
7289
7290
7291
7292
7293
7294
7295
7296
7297
7298
7299
7300
7301
7302
7303
7304
7305
7306
7307
7308
7309
7310
7311
7312
7313
7314
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_aa
)))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Security protocol version set to 3 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_01_BV
/**
* @desc Check that IUT certificate is conformed to ETSI TS 103 097 clause 6.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT being in the 'authorized' state
* }
* Expected behaviour:
* ensure that {
* when {
* the AA is issued the certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing id
* indicating 'none'
* or indicating 'name'
* and containing cracaId
* indicating '000000'H
* and containing crlSeries
* indicating '0'D
* and not containing certRequestPermissions
* and not containing canRequestRollover
* and containing signature
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_02_BV
* @reference ETSI TS 103 097 [1], Clauses 6
*/
testcase TC_SEC_ITSS_SND_CERT_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
7335
7336
7337
7338
7339
7340
7341
7342
7343
7344
7345
7346
7347
7348
7349
7350
7351
7352
7353
7354
7355
7356
7357
7358
7359
7360
7361
7362
7363
7364
7365
7366
7367
7368
7369
7370
7371
7372
7373
7374
7375
7376
7377
7378
7379
7380
7381
7382
7383
7384
7385
7386
7387
7388
7389
7390
7391
7392
7393
7394
7395
7396
7397
7398
7399
7400
7401
7402
7403
7404
7405
7406
7407
7408
7409
7410
7411
7412
7413
7414
7415
7416
7417
7418
7419
7420
tc_ac.start;
f_askForCertificateChain(f_generateDefaultCam());
tc_ac.stop;
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
-,
mw_ieee1609Dot2_headerInfo_request_certificate(
-,
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_aa(
mw_certificateId_name
))))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AA certificate is conformed to ETSI TS 103 097 clause 6, with named id ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
-,
mw_ieee1609Dot2_headerInfo_request_certificate(
-,
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_aa(
mw_certificateId_none
))))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AA certificate is conformed to ETSI TS 103 097 clause 6, with none id ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_02_BV
/**
* @desc Check that the certificate issuer of certificates is referenced using digest;
* Check that right digest field is used to reference to the certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (X_CERTIFICATE)
* }
* ensure that {
* when {
* the CA is issued the certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing signedData
* containing self
* or containing X_DIGEST
* indicating last 8 bytes of the hash of the certificate calculated using X_ALGORITHM
* referenced to certificate
* containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* containing X_KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_03_BV
* @reference ETSI TS 103 097 [1], Clauses 5.2 & 7.1.3
* @reference IEEE 1609.2 [2], Clauses 5.3.1, 6.3.4, 6.3.29, 6.3.30, 6.3.31
testcase TC_SEC_ITSS_SND_CERT_03_BV() runs on ItsGeoNetworking system ItsSecSystem {
var EtsiTs103097Certificate v_ca_certificate;
var EtsiTs103097Certificate v_aa_certificate;
var EtsiTs103097Certificate v_at_certificate;
var HashedId8 v_ca_hashedId8;
var HashedId8 v_aa_hashedId8;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
// Test component configuration
7441
7442
7443
7444
7445
7446
7447
7448
7449
7450
7451
7452
7453
7454
7455
7456
7457
7458
7459
7460
7461
7462
7463
7464
7465
7466
7467
7468
7469
7470
7471
7472
7473
7474
7475
7476
7477
7478
7479
7480
7481
7482
7483
7484
7485
7486
7487
7488
7489
7490
7491
7492
7493
7494
7495
7496
7497
7498
7499
7500
7501
7502
7503
7504
7505
7506
7507
7508
7509
7510
7511
7512
7513
7514
7515
7516
7517
7518
7519
7520
7521
7522
7523
7524
7525
7526
7527
7528
7529
7530
7531
7532
7533
7534
7535
7536
7537
7538
7539
7540
7541
7542
7543
7544
7545
7546
7547
7548
7549
7550
7551
7552
7553
7554
7555
7556
7557
7558
7559
7560
7561
7562
7563
7564
7565
7566
7567
7568
7569
7570
7571
7572
7573
7574
// Test adapter configuration
// Preamble
f_readCertificate(cc_taCert_CA1, v_ca_certificate); // TODO Use PIXIT as array of strings to change
// certificates to be checked
f_readCertificate(cc_taCert_CC_AA, v_aa_certificate);
f_readCertificate(cc_iutCert_A, v_at_certificate);
f_getCertificateDigest(cc_taCert_CC_AA, v_ca_hashedId8);
f_getCertificateDigest(cc_taCert_CC_AA, v_aa_hashedId8);
// Test Body
// 1. Check certificate format
if (match(
v_ca_certificate,
mw_etsiTs103097Certificate(
mw_issuerIdentifier_self,
mw_toBeSignedCertificate_ca
)) == true) {
log("*** " & testcasename() & ": INFO: CA certificate are well formatted ***");
} else {
log("*** " & testcasename() & ": FAIL: Invalid CA certificate ***");
setverdict(fail);
} // End of 'alt' statement
if (match(
v_aa_certificate,
mw_etsiTs103097Certificate(
?,
mw_toBeSignedCertificate_aa
)) == true) {
log("*** " & testcasename() & ": INFO: AA certificate are well formatted ***");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
if (match(
v_at_certificate,
mw_etsiTs103097Certificate(
?,
mw_toBeSignedCertificate_at
)) == true) {
log("*** " & testcasename() & ": INFO: AT sertificate are well formatted ***");
} else {
log("*** " & testcasename() & ": Invalid AT certificate ***");
setverdict(fail);
} // End of 'alt' statement
// 2. Check issuers
if (v_ca_certificate.issuer.self_ == sha256) {
if (match(v_ca_hashedId8, v_aa_certificate.issuer.sha256AndDigest) == true) {
log("*** " & testcasename() & ": INFO: AA certificate is issued from CA certificate ***");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
if (match(v_aa_hashedId8, v_at_certificate.issuer.sha256AndDigest) == true) {
log("*** " & testcasename() & ": INFO: AT certificate is issued from CA certificate ***");
setverdict(pass, "Certificates are well-formated and issuer chain is correct");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
} else if (v_ca_certificate.issuer.self_ == sha384) {
if (match(v_ca_hashedId8, v_aa_certificate.issuer.sha384AndDigest) == true) {
log("*** " & testcasename() & ": INFO: AA certificate is issued from CA certificate ***");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
if (match(v_aa_hashedId8, v_at_certificate.issuer.sha384AndDigest) == true) {
log("*** " & testcasename() & ": INFO: AT certificate is issued from CA certificate ***");
setverdict(pass, "Certificates are well-formated and issuer chain is correct");
} else {
log("*** " & testcasename() & ": FAIL: Invalid AA certificate ***");
setverdict(fail);
} // End of 'alt' statement
} else {
log("*** " & testcasename() & ": FAIL: Invalid CA certificate issuer ***");
setverdict(fail);
}
// Postamble
} // End of testcase TC_SEC_ITSS_SND_CERT_03_BV
/**
* @desc Check that the rectangular certificate validity region of the subordinate certificate is well formed
* and inside the validity region of the issuing certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_RECTANGULAR_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the CA is authorized with AA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT issued the AT certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing rectangularRegion
* containing items of type RectangularRegion
* containing northwest
* indicating a point inside the REGION
* and containing southeast
* indicating a point on the south from northwest
* and inside the REGION
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_04_BV
* @reference ETSI TS 103 097 [1], Clauses 6
*/
testcase TC_SEC_ITSS_SND_CERT_04_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SequenceOfCertificate v_aa_certificate;
var SignerIdentifier v_signerIdentifier;
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_RECTANGULAR_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
tc_ac.start;
f_askAndWaitForCertificateChain(v_aa_certificate, f_generateDefaultCam());
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
mw_toBeSignedData(
mw_signedDataPayload,
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_rectangular
)))))))) -> value v_geoNwInd {
if (f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var integer v_counter;
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate); v_counter := v_counter + 1) {
if (f_areRectanglesInside(v_signerIdentifier.certificate[v_counter].toBeSigned.region.rectangularRegion, v_aa_certificate[0].toBeSigned.region.rectangularRegion) == false) {
break;
}
} // End of of for statement
if (v_counter == lengthof(v_signerIdentifier.certificate)) {
log("*** " & testcasename() & ": PASS: AT certificate is inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: AT certificate is not inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
mw_toBeSignedData(
mw_signedDataPayload,
mw_signerIdentifier_digest // containing digest
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_04_BV
* @desc Check that the IUT supports at least 8 entries in the rectangular certificate validity
* region in the AT certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_RECTANGULAR_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (CERT_IUT_C_AT_8)
* containing toBeSigned
* containing region
* containing rectangularRegion
* containing 8 entries
* containing one entry (ENTRY)
* containing current IUT position
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a secured DENM
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing headerInfo
* containing generationLocation
* indicating position inside the ENTRY
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_05_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.17
*/
testcase TC_SEC_ITSS_SND_CERT_05_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var GeoNetworkingInd v_geoNwInd;
var HeaderInfo v_headerInfo;
var SignerIdentifier v_signerIdentifier;
var Certificate v_cert;
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_RECTANGULAR_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_A; // FIXME Review certificate to be used
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
v_denmComponent := f_triggerDenmEvent();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_rectangular
)
)
)
)
),
mw_geoNwBroadcastPacket
))) -> value v_geoNwInd {
if (f_getMsgHeaderInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_headerInfo) and f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var ThreeDLocation v_location := { v_headerInfo.generationLocation.latitude, v_headerInfo.generationLocation.longitude, v_headerInfo.generationLocation.elevation };
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate); v_counter := v_counter + 1) {
if (f_isLocationInsideRegion(v_signerIdentifier.certificate[v_counter].toBeSigned.region, v_location) == false) {
break;
}
} // End of of for statement
if (v_counter == lengthof(v_signerIdentifier.certificate)) {
log("*** " & testcasename() & ": PASS: AT certificate is inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: AT certificate is not inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
),
mw_signerIdentifier_digest // containing digest
)
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_05_BV
7792
7793
7794
7795
7796
7797
7798
7799
7800
7801
7802
7803
7804
7805
7806
7807
7808
7809
7810
7811
7812
7813
7814
7815
7816
7817
7818
7819
7820
7821
7822
7823
7824
7825
7826
7827
7828
7829
7830
7831
7832
7833
7834
7835
7836
7837
7838
7839
7840
7841
7842
7843
7844
7845
7846
7847
7848
7849
7850
7851
7852
7853
7854
7855
7856
7857
7858
7859
7860
7861
7862
7863
7864
7865
7866
7867
7868
7869
7870
7871
7872
7873
7874
7875
7876
7877
7878
7879
7880
7881
7882
7883
7884
7885
7886
7887
7888
7889
7890
7891
7892
7893
7894
7895
7896
7897
7898
7899
7900
7901
7902
7903
7904
7905
7906
7907
7908
7909
7910
7911
7912
7913
7914
7915
7916
7917
7918
7919
7920
7921
7922
7923
7924
7925
7926
7927
7928
7929
7930
7931
7932
7933
7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
7957
7958
7959
7960
7961
7962
7963
7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
7979
7980
7981
7982
7983
7984
7985
7986
7987
7988
7989
7990
7991
7992
7993
7994
7995
7996
7997
7998
7999
8000
/**
* @desc Check that the rectangular certificate validity region of the subordinate certificate is well formed
* and inside the validity region of the issuing certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_POLYGONAL_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the CA is authorized with AA certificate
* containing toBeSigned
* containing region
* indicating REGION
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT issued the AT certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing region
* containing polygonalRegion
* containing more than 2 items of type TwoDLocation
* indicating points inside the REGION
* and indicating unintercepting segments
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_06_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.21, 6.4.17,5.1.2.4
*/
testcase TC_SEC_ITSS_SND_CERT_06_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SequenceOfCertificate v_aa_certificate;
var SignerIdentifier v_signerIdentifier;
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_POLYGONAL_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
// Wait for the message with the certificate to retrieve the AA digest.
// Ask for the chain, containing AT and AA certificate
// Check AA Certificate
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
f_askAndWaitForCertificateChain(v_aa_certificate, f_generateDefaultCam());
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_polygonal
)))))))) -> value v_geoNwInd {
tc_ac.stop;
if (f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var integer v_counter;
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate); v_counter := v_counter + 1) {
if (f_arePolygonsInside(v_signerIdentifier.certificate[v_counter].toBeSigned.region.polygonalRegion, v_aa_certificate[0].toBeSigned.region.polygonalRegion) == false) {
break;
}
} // End of of for statement
if (v_counter == lengthof(v_signerIdentifier.certificate)) {
log("*** " & testcasename() & ": PASS: AT certificate is inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: AT certificate is not inside the validity region of the issuing certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_digest // containing digest
)
)
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_06_BV
/**
* @desc Check that the IUT supports at least 8 entries in the polygonal certificate validity
* region in the AT certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY and PICS_SEC_POLYGONAL_REGION
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (CERT_IUT_D_AT_8)
* containing toBeSigned
* containing region
* containing polygonalRegion
* containing 8 entries
* indicating polygon P
* and the IUT’s position is inside the polygon P
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a secured DENM
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing headerInfo
* containing generationLocation
* indicating position inside the P
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_07_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.17
*/
testcase TC_SEC_ITSS_SND_CERT_07_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var GeoNetworkingInd v_geoNwInd;
var HeaderInfo v_headerInfo;
var SignerIdentifier v_signerIdentifier;
var Certificate v_cert;
var ItsDenm v_denmComponent;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_SEC_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_SEC_POLYGONAL_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_A; // FIXME Review certificate to be used
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
v_denmComponent := f_triggerDenmEvent();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_denm
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
?,
mw_toBeSignedCertificate_at(
-, -, -,
mw_geographicRegion_polygonal
)
)
)