Skip to content
ItsPki_TestCases.ttcn 122 KiB
Newer Older
garciay's avatar
garciay committed
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_AA_BV_01
      
      /**
       * @desc Check that the AA is able to decrypt the AuthorizationRequest message using the encryption private key corresponding to the recipient certificate
       *       Check that the AA is able to verify the request authenticity using the hmacKey verification
       *       Check that the AA sends the AuthorizationValidationRequest message to the correspondent EA
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *                    and containing cyphertext (ENC_DATA)
       *                        containing EtsiTs102941Data
       *                            containing content.authorizationRequest
       *                                containing hmacKey (HMAC)
       *                                and containing sharedAtRequest
       *                                    containing keyTag (KEY_TAG)
       *                                    and containing eaId (EA_ID)
       *                                        indicating HashedId8 of the known EA certificate
       *         }
       *         then {
       *            the IUT is able to decrypt the S_KEY
       *                using the private key
       *                    corresponding to the AA_ENC_PUB_KEY
       *            and the IUT is able to decrypt the cypthertext ENC_DATA
       *                using the S_KEY
       *            and the IUT is able to verify integrity of HMAC and KEY_TAG
       *            and the IUT sends the AuthorizationValidationRequest message to the EA
       *                identified by the EA_ID
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP BV
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SEC_PKI_SND_AA_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var HashedId8 v_hash_inner_at_request;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(
                   PICS_TS_CERTIFICATE_ID, // TS role is ITS-S
                   PICS_IUT_AA_CERTIFICATE_ID // Peer certificate, IUT
                   );
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_at_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_at_request);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
garciay's avatar
garciay committed
                                     m_http_request_post(
                                                         PICS_HTTP_GET_URI,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_ac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationResponseMessage(
                                                                                                                                                                mw_encryptedData(
                                                                                                                                                                                 -,
                                                                                                                                                                                 mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                 ))))))) -> value v_response {
            tc_ac.stop;
            
            /*if (f_verify_pki_message(vc_eaPrivateEncKey, vc_eaPeerWholeHash, vc_eaCertificate, v_response.response.body.binary_body.ieee1609dot2_data, false, v_etsi_ts_102941_data) == false) {
              log("*** " & testcasename() & ": FAIL: Failed to verify PKI message ***");
              f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
            } else {
              log("*** " & testcasename() & ": LOG: Receive ", v_etsi_ts_102941_data, " ***");
              if (match(v_etsi_ts_102941_data.content, mw_authorizationValidationResponse(mw_authorizationValidationResponse_ok))) { 
                // TODO Refined expected  mw_authorizationValidationResponse_ok
                log("*** " & testcasename() & ": PASS: Well-secured EA certificate received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
              } else {
                log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
              }
          }
          [] tc_ac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_AA_BV_02
      
      /**
       * @desc Check that the AA skips the AuthorizationRequest message if it is not addressed to this AA
       * <pre>
       * Pics Selection: PICS_IUT_AA_ROLE
       * Initial conditions: 
       *     with {
       *          the AA in "operational state"
       *              authorized with the certificate CERT_AA
       *                  containing encryptionKey (AA_ENC_PUB_KEY)
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *            the IUT receives an EtsiTs103097Data message
       *                containing content.encryptedData
       *                    containing recipients
       *                        containing the instance of RecipientInfo
       *                            containing certRecipInfo
       *                                containing recipientId
       *                                    indicating value
       *                                        NOT equal to the HashedId8 of the certificate CERT_AA
       *                                and containing encKey
       *                                    indicating symmetric key (S_KEY)
       *                                        encrypted with the private key correspondent to the AA_ENC_PUB_KEY
       *         }
       *         then {
       *            the IUT does not send the AuthorizationValidationRequest message
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP BV
       * @reference ETSI TS 102 941, clause 6.2.3.3.1
       */
      testcase TC_SEC_PKI_SND_AA_BV_03() runs on ItsPkiHttp system ItsPkiHttpSystem {
        var Oct32 v_private_key;
        var Oct32 v_publicKeyCompressed;
        var integer v_compressedMode;
        var HashedId8 v_hash_inner_at_request;
        var Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
        var HeaderLines v_headers;
        var HttpMessage v_response;
        var EtsiTs102941Data v_etsi_ts_102941_data;
        
        // Test control
        if (not PICS_IUT_AA_ROLE) {
          log("*** " & testcasename() & ": PICS_IUT_AA_ROLE required for executing the TC ***");
          setverdict(inconc);
          stop;
        }
        
        // Test component configuration
        f_cfHttpUp(
                   PICS_TS_CERTIFICATE_ID, // TS role is ITS-S
                   PICS_IUT_AA_CERTIFICATE_ID // Peer certificate, IUT
                   );
        
        // Test adapter configuration
        
        // Preamble
        f_http_build_inner_at_request(v_private_key, v_publicKeyCompressed, v_compressedMode, v_ieee1609dot2_signed_and_encrypted_data, v_hash_inner_at_request);
        f_init_default_headers_list(v_headers);
        httpPort.send(
                      m_http_request(
                                     m_http_request_post(
                                                         PICS_HTTP_GET_URI,
                                                         v_headers,
                                                         m_http_message_body_binary(
                                                                                    m_binary_body_ieee1609dot2_data(
                                                                                                                    v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                    )))));
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
        
        // Test Body
        tc_noac.start;
        alt {
          [] httpPort.receive(
                              mw_http_response(
                                               mw_http_response_ok(
                                                                   mw_http_message_body_binary(
                                                                                               mw_binary_body_ieee1609dot2_data(
                                                                                                                                mw_authorizationResponseMessage(
                                                                                                                                                                mw_encryptedData(
                                                                                                                                                                                 -,
                                                                                                                                                                                 mw_SymmetricCiphertext_aes128ccm
                                                                                                                                                                                 ))))))) -> value v_response {
            tc_noac.stop;
            
            log("*** " & testcasename() & ": FAIL: Unexpected message received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
          }
          [] tc_noac.timeout {
            log("*** " & testcasename() & ": INCONC: Expected message not received ***");
            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
          }
        } // End of 'alt' statement
        
        // Postamble
        f_cfHttpDown();
        
      } // End of testcase TC_SEC_PKI_SND_AA_BV_03
      
garciay's avatar
garciay committed
    } // End of group authorization_request
    
garciay's avatar
garciay committed
  } // End of group aa_beavior
  
} // End of module ItsPki_TestCases