ItsPki_TestCases.ttcn

/**
 *  @Author   ETSI / STF545
 *  @version  $URL$
 *            $Id$
 *  @desc     Testcases  file for Security Protocol
 *  @reference   ETSI TS ITS-00546v006
 *  @copyright   ETSI Copyright Notification
 *               No part may be reproduced except as authorized by written permission.
 *               The copyright and the foregoing restriction extend to reproduction in all media.
 *               All rights reserved.
 */
module ItsPki_TestCases {
  
  // Libcommon
  import from LibCommon_Time all;
  import from LibCommon_VerdictControl all;
  import from LibCommon_Sync all;
  import from LibCommon_BasicTypesAndValues all;
  import from LibCommon_DataStrings all;
  
  // LibIts
  import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
  import from IEEE1609dot2 language "ASN.1:1997" all;
  import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
  import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorization language "ASN.1:1997" all;
  import from EtsiTs102941TypesAuthorizationValidation language "ASN.1:1997" all;
  import from EtsiTs102941MessagesCa language "ASN.1:1997" all;
  import from EtsiTs103097Module language "ASN.1:1997" all;
  import from ITS_Container language "ASN.1:1997" all;
  import from CAM_PDU_Descriptions language "ASN.1:1997" all;
  
  // LibItsCommon
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_Functions all;
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_ASN1_NamedNumbers all;
  
  // LibItsGeoNetworking
  import from LibItsGeoNetworking_TypesAndValues all;
  import from LibItsGeoNetworking_Functions all;
  import from LibItsGeoNetworking_Templates all;
  import from LibItsGeoNetworking_Pics all;
  import from LibItsGeoNetworking_TestSystem all;
  
  // LibItsSecurity
  import from LibItsSecurity_TypesAndValues all;
  import from LibItsSecurity_TestSystem all;
  import from LibItsSecurity_Templates all;
  import from LibItsSecurity_Functions all;
  import from LibItsSecurity_Pixits all;
  import from LibItsSecurity_Pics all;
  
  // LibItsHttp
  import from LibItsHttp_TypesAndValues all;
  import from LibItsHttp_Templates all;
  import from LibItsHttp_BinaryTemplates all;
  import from LibItsHttp_Functions all;
  import from LibItsHttp_TestSystem all;
  
  // LibItsPki
  import from LibItsPki_TypesAndValues all;
  import from LibItsPki_Templates all;
  import from LibItsPki_Functions all;
  import from LibItsPki_TestSystem all;
  import from LibItsPki_Pics all;
  import from LibItsPki_Pixits all;

  // ItsPki
  import from ItsPki_Pixits all;
  
  /**
   * @desc 5.2	ITS-S behaviour
   */
  group itss_behavior {
    
    group itss_helpers {

      function f_verify_http_ec_request_from_iut_itss(
                                                      in Request p_request,
                                                      in HeaderLines p_headers,
                                                      out InnerEcRequest p_inner_ec_request,
                                                      out HttpMessage p_response,
                                                      out integer p_result,
                                                      in template octetstring p_its_id := PICS_ITS_S_CANONICAL_ID,
                                                      in template SignerIdentifier p_signer := m_signerIdentifier_self,
                                                      in EnrolmentResponseCode p_force_response_code := ok
                                                      ) runs on ItsPkiHttp {
        // Local variables
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        var Oct16 v_request_hash;
        var Oct16 v_aes_enc_key;
        var InnerEcResponse v_inner_ec_response;
        var template (value) HttpMessage v_response;
        
        log(">>> f_verify_http_ec_request_from_iut_itss: ", p_request);
        
        p_result := 0;
        
        if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, ''O, p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
          // Send error message
          v_response := m_http_response(m_http_response_ko_no_body(p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
          // Set verdict
          p_result := -1;
        } else {
          log("f_verify_http_ec_request_from_iut_itss: match ", match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer))))); // TODO In TITAN, this is the only way to get the unmatching in log
          if (match(v_etsi_ts_102941_data.content, mw_enrolmentRequest(mw_innerEcRequestSignedForPop(mw_signedData(sha256, mw_toBeSignedData(-, mw_headerInfo_inner_pki_request), p_signer)))) == false) {
            // Send error message
            f_http_build_inner_ec_response(p_inner_ec_request/*Not required*/, cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
            // Set verdict
            p_result := -2;
          } else {
            // Verify signature of mw_innerEcRequestSignedForPop
            if (f_verify_inner_ec_request_signed_for_pop(v_etsi_ts_102941_data, p_inner_ec_request) == false) {
              // Send error message
              f_http_build_inner_ec_response(p_inner_ec_request/*Not required*/, cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
              v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
              // Set verdict
              p_result := -3;
            } else {
              log("f_verify_http_ec_request_from_iut_itss: matching: ", match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes({mw_appPermissions(c_its_aid_SCR, ?)})))); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(p_inner_ec_request, mw_innerEcRequest(p_its_id, -, mw_certificate_subject_attributes_optional_assuranceLevel({mw_appPermissions(c_its_aid_SCR, ?)}, -, -, omit))) == false) {
                // Send error message: Not enrolmentrequest
                f_http_build_inner_ec_response(p_inner_ec_request, badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
                v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                // Set verdict
                p_result := -4;
              } else {
                // TODO Check ValidityPeriod
                // Send OK message
                log("f_verify_http_ec_request_from_iut_itss: Receive ", p_inner_ec_request);
                if (p_force_response_code == ok) {
                  f_http_build_inner_ec_response(p_inner_ec_request, ok, v_request_hash, vc_eaPrivateKey, vc_eaWholeHash, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
                } else {
                  log("f_verify_http_ec_request_from_iut_itss: Succeed buit force error code ", p_force_response_code);
                  f_http_build_inner_ec_response(p_inner_ec_request, p_force_response_code, v_request_hash, -, -, v_aes_enc_key, v_inner_ec_response, v_ieee1609dot2_signed_and_encrypted_data);
                }
                v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                // Set verdict
                p_result := 0;
              }
            }
          }
        }

        p_response := valueof(v_response);
        log("<<< f_verify_http_ec_request_from_iut_itss: p_response: ", p_response);
        log("<<< f_verify_http_ec_request_from_iut_itss: p_result: ", p_result);
      } // End of function f_verify_http_ec_request_from_iut_itss

      function f_verify_http_at_request_from_iut_itss(
                                                      in Request p_request,
                                                      in HeaderLines p_headers,
                                                      out InnerAtRequest p_inner_at_request,
                                                      out HttpMessage p_response,
                                                      out integer p_result,
                                                      in template octetstring p_its_id := PICS_ITS_S_CANONICAL_ID,
                                                      in AuthorizationResponseCode p_force_response_code := ok
                                                      ) runs on ItsPkiHttp {
        // Local variables
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        var Oct16 v_request_hash;
        var Oct16 v_aes_enc_key;
        var InnerAtResponse v_inner_at_response;
        var template (value) HttpMessage v_response;
        
        log(">>> f_verify_http_at_request_from_iut_itss:", p_request);
        
        p_result := 0;
        
        if (f_verify_pki_request_message(vc_eaPrivateEncKey, vc_eaWholeHash/*salt*/, ''O, p_request.body.binary_body.ieee1609dot2_data, true, v_request_hash, v_etsi_ts_102941_data, v_aes_enc_key) == false) { // Cannot decrypt the message
          // Send error message
          v_response := m_http_response(m_http_response_ko_no_body(p_headers, 400, "Bad request")); // Initialize v_reponse with an error message
          // Set verdict
          p_result := -1;
        } else {
          log("f_verify_http_at_request_from_iut_itss: matching: ", match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest))); // TODO In TITAN, this is the only way to get the unmatching in log
          if (match(v_etsi_ts_102941_data.content, mw_authorizationRequest(mw_innerAtRequest)) == false) {
            // Send error message
            f_http_build_authorization_response(p_inner_at_request, its_aa_cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
            // Set verdict
            p_result := -2;
          } else {
            // Verify signature of mw_innerATRequestSignedForPop
            if (f_verify_inner_at_request_signed_for_pop(v_etsi_ts_102941_data, p_inner_at_request) == false) {
              // Send error message
              f_http_build_authorization_response(p_inner_at_request, its_aa_cantparse, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
              v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
              // Set verdict
              p_result := -3;
            } else {
              log("f_verify_http_at_request_from_iut_itss: match ", match(p_inner_at_request, mw_innerAtRequest(mw_publicKeys, -, mw_shared_at_request, mw_ec_signature))); // TODO In TITAN, this is the only way to get the unmatching in log
              if (match(p_inner_at_request, mw_innerAtRequest(mw_publicKeys, -, mw_shared_at_request, mw_ec_signature)) == false) { // TODO To be refined
                // Send error message: No enrolment request
                f_http_build_authorization_response(p_inner_at_request, its_aa_badcontenttype, v_request_hash, -, -, v_aes_enc_key, v_inner_at_response, v_ieee1609dot2_signed_and_encrypted_data);
                v_response := m_http_response(m_http_response_ok(m_http_message_body_binary(m_binary_body_ieee1609dot2_data(v_ieee1609dot2_signed_and_encrypted_data)), p_headers));
                // Set verdict
                p_result := -4;