Newer
Older
* Initial conditions:
* with
* the IUT has been authorized with the AT certificate (CERT_AT_C)
* containing validity_restrictions ['region']
* containing region
* containing region_type
* indicating 'rectangle'
* containing rectangular_region
* containing instance of RectangularRegion
* indicating REGION
* Expected results:
* ensure that
* when
* the IUT is requested to send a Beacon
* then
* containing exactly one header_fields['generation_location']
* containing generation_location
* indicating value inside the REGION
* </pre>
* @see ETSI TS 103 096-2 v1.3.1 TP_SEC_ITSS_SND_GENMSG_05_03_BV
* @reference ETSI TS 103 097 v1.2.1, clause 7.3
4024
4025
4026
4027
4028
4029
4030
4031
4032
4033
4034
4035
4036
4037
4038
4039
4040
4041
4042
4043
4044
4045
4046
4047
4048
4049
4050
4051
4052
4053
4054
4055
4056
4057
*/
testcase TC_SEC_ITSS_SND_GENMSG_05_03_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_C; // Load IUT certificate CERT_IUT_C
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_rectangular);
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_05_03_BV
/**
* @desc Check that the secured GeoNetworking message contains exactly one HeaderField generation_location which is inside the polygonal region containing in the validity restriction of the certificate pointed by the signer_info field
* Pics Selection: PICS_GN_SECURITY AND PICS_ITS_AID_OTHER_PROFILE = non-zero AND PICS_CERTIFICATE_SELECTION AND PICS_USE_POLYGONAL_REGION
* Initial conditions:
* with
* the IUT has been authorized with the AT certificate (CERT_AT_D)
* containing validity_restrictions ['region']
* containing region
* containing region_type
* indicating 'polygon'
* containing polygonal_region
* indicating REGION
* Expected results:
* ensure that
* when
* the IUT is requested to send a Beacon
* then
* the IUT sends a SecuredMessage
* containing exactly one header_fields['generation_location']
* containing generation_location
* indicating value inside the REGION
* </pre>
* @see ETSI TS 103 096-2 v1.3.1 TP_SEC_ITSS_SND_GENMSG_05_04_BV
* @reference ETSI TS 103 097 v1.2.1, clause 7.3
4083
4084
4085
4086
4087
4088
4089
4090
4091
4092
4093
4094
4095
4096
4097
4098
4099
4100
4101
4102
4103
4104
4105
4106
4107
4108
4109
4110
4111
4112
4113
4114
4115
4116
*/
testcase TC_SEC_ITSS_SND_GENMSG_05_04_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_POLYGONAL_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_POLYGONAL_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_D; // Load IUT certificate CERT_IUT_D
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_polygonal);
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_05_04_BV
/**
* @desc Check that the secured GeoNetworking message contains exactly one HeaderField generation_location which is inside the identified region containing in the validity restriction of the certificate pointed by the signer_info field
* Pics Selection: PICS_GN_SECURITY AND PICS_ITS_AID_OTHER_PROFILE = non-zero AND PICS_CERTIFICATE_SELECTION AND PICS_USE_IDENTIFIED_REGION
4121
4122
4123
4124
4125
4126
4127
4128
4129
4130
4131
4132
4133
4134
4135
4136
4137
4138
4139
4140
4141
* Initial conditions:
* with
* the IUT has been authorized with the AT certificate (CERT_AT_E)
* containing validity_restrictions ['region']
* containing region
* containing region_type
* indicating 'id_region'
* containing identified_region
* indicating REGION
* Expected results:
* ensure that
* when
* the IUT is requested to send a Beacon
* then
* the IUT sends a SecuredMessage
* containing header_fields ['its_aid']
* indicating 'AID_BEACON'
* containing exactly one header_fields['generation_location']
* containing generation_location
* indicating value inside the REGION
* </pre>
* @see ETSI TS 103 096-2 v1.3.1 TP_SEC_ITSS_SND_GENMSG_05_05_BV
* @reference ETSI TS 103 097 v1.2.1, clause 7.3
4144
4145
4146
4147
4148
4149
4150
4151
4152
4153
4154
4155
4156
4157
4158
4159
4160
4161
4162
4163
4164
4165
4166
4167
4168
4169
4170
4171
4172
4173
4174
4175
4176
*/
testcase TC_SEC_ITSS_SND_GENMSG_05_05_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_IDENTIFIED_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and PICS_USE_IDENTIFIED_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_E; // Load IUT certificate CERT_IUT_E
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_GENMSG_05_BV(mw_geographicRegion_identified);
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_05_05_BV
/**
* @desc Check that the secured GeoNetworking message contains exactly one HeaderField generation_location and this location is inside the certificate validation restriction
* Pics Selection: PICS_GN_SECURITY AND PICS_ITS_AID_OTHER_PROFILE = non-zero AND NOT PICS_CERTIFICATE_SELECTION
* Initial conditions:
* with
* the IUT being in the 'authorized' state
* Expected results:
* ensure that
* when
* the IUT is requested to send a Beacon
* then
* the IUT sends a SecuredMessage
* containing header_fields['signed_info'].certificate
* containing validity_restrictions ['region']
* containing region.region_type
* indicating 'none'
* or containing region.region_type
* indicating 'circle'
* containing region.circular_region
* or containing region.region_type
* indicating 'rectangle'
* containing region.rectangular_region
* containing array of rectangles
* indicating REGION
* or containing region.region_type
* indicating 'polygonal'
* containing region.polygonal_region
* indicating REGION
* or containing region.region_type
* indicating 'id_region'
* containing region.circular_region
* indicating REGION
* and containing exactly one header_fields['generation_location']
* containing generation_location
* indicating location inside the REGION
* @see ETSI TS 103 096-2 v1.3.1 TP_SEC_ITSS_SND_GENMSG_05_06_BV
* @reference ETSI TS 103 097 v1.2.1, clause 7.3
4217
4218
4219
4220
4221
4222
4223
4224
4225
4226
4227
4228
4229
4230
4231
4232
4233
4234
4235
4236
4237
4238
4239
4240
4241
4242
4243
4244
4245
4246
4247
4248
4249
4250
4251
4252
4253
4254
4255
4256
4257
4258
4259
4260
4261
4262
4263
4264
4265
4266
4267
4268
4269
4270
4271
4272
4273
4274
4275
4276
4277
4278
4279
4280
4281
4282
4283
4284
4285
4286
4287
4288
4289
4290
4291
4292
4293
4294
4295
4296
4297
4298
4299
4300
4301
4302
4303
4304
4305
4306
4307
4308
4309
4310
4311
4312
4313
4314
4315
4316
4317
4318
4319
4320
4321
4322
4323
4324
4325
4326
4327
4328
4329
4330
4331
4332
4333
4334
4335
4336
4337
4338
4339
4340
4341
*/
testcase TC_SEC_ITSS_SND_GENMSG_05_06_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE) or PICS_CERTIFICATE_SELECTION) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE and not PICS_CERTIFICATE_SELECTION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_B; // Load IUT certificate CERT_IUT_B
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
f_TC_SEC_ITSS_SND_GENMSG_05_BV(); // any type of regions
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_05_06_BV
group f_TC_SEC_ITSS_SND_GENMSG_05_xx {
function f_TC_SEC_ITSS_SND_GENMSG_05_BV(
in template (present) GeographicRegion p_region := ?
) runs on ItsGeoNetworking {
// Local variables
var GeoNetworkingInd v_geoNwInd;
tc_ac.start;
alt {
// GN message must contain generation location and the certificate with region restrictions
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field(e_generation_location),
mw_header_field_signer_info_certificate(
mw_certificate(
?,
?,
?,
superset(
mw_validity_restriction_region(
p_region
))))))))) -> value v_geoNwInd {
var ValidityRestriction v_vr;
var HeaderField v_hf;
tc_ac.stop;
// Check that generation location
if (
f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf) and
f_getCertificateValidityRestriction(v_geoNwInd.msgIn.gnPacket.securedMsg.header_fields[0].headerField.signer.signerInfo.certificate, e_region, v_vr)
) {
if (f_isLocationInsideRegion(v_vr.validity.region, v_hf.headerField.generation_location)) {
log("*** " & testcasename() & ": PASS: DENM contains generation location inside the certificate validity region ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("v_vr.validity.region=", v_vr.validity.region);
log("v_hf.headerField.generation_location=", v_hf.headerField.generation_location);
log("*** " & testcasename() & ": FAIL: Invalid location");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! DENM generation location or certificate region restriction header field does not exist");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
// GN message doesn't contain generation location
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others
))) -> value v_geoNwInd {
var HeaderField v_hf;
tc_ac.stop;
// Check that generation location is not present
f_getMsgHeaderField(v_geoNwInd.msgIn.gnPacket.securedMsg, e_generation_location, v_hf);
if (not isbound(v_hf)) {
log("*** " & testcasename() & ": FAIL: DENM doesn't contain generation location header");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
// GN signing certificate doesn't contains region restriction
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
mw_header_field_signer_info_certificate(
mw_certificate(
?,
?,
?,
{ } // GN signing certificate doesn't contains region restriction
)))))) {
tc_ac.stop;
log("*** " & testcasename() & ": INCONC: DENM certificate doesn't contain region restriction");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected DENM not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
} // End of function f_TC_SEC_ITSS_SND_GENMSG_05_BV
} // End of group f_TC_SEC_ITSS_SND_GENMSG_05_xx
/**
* @desc Check that the secured message contains the Payload element of type signed, signed_external or signed_and_encrypted
* Pics Selection: PICS_GN_SECURITY AND PICS_ITS_AID_OTHER_PROFILE = non-zero
* Config Id: CF01
* Initial conditions:
* the IUT being in the 'authorized' state
* Expected results:
* ensure that
* when
* the IUT is requested to send a Beacon
* then
* the IUT sends a SecuredMessage
* containing payload_field
* containing type
* indicating 'signed' or 'signed_external' or 'signed_and_encrypted'
* @see ETSI TS 103 096-2 v1.3.1 TP_SEC_ITSS_SND_GENMSG_06_01_BV
* @reference ETSI TS 103 097 v1.2.1, clause 7.3
4361
4362
4363
4364
4365
4366
4367
4368
4369
4370
4371
4372
4373
4374
4375
4376
4377
4378
4379
4380
4381
4382
4383
4384
4385
4386
4387
4388
4389
4390
4391
4392
4393
4394
4395
4396
4397
4398
4399
4400
4401
4402
4403
4404
4405
4406
4407
4408
4409
4410
4411
4412
4413
4414
4415
4416
4417
4418
4419
4420
4421
4422
4423
4424
4425
4426
4427
4428
4429
4430
4431
4432
4433
4434
4435
4436
4437
4438
4439
4440
4441
4442
4443
4444
4445
4446
4447
4448
4449
4450
4451
4452
4453
4454
4455
4456
4457
*/
testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload(
e_signed
)
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": PASS: Beacon payload is 'signed'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload(
e_signed_external
)
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": PASS: Beacon payload is 'e_signed_external'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload(
e_signed_and_encrypted
)
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": PASS: Beacon payload is 'e_signed_and_encrypted'");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
?,
mw_payload
),
mw_geoNwBeaconPacket(
?
)))) {
log("*** " & testcasename() & ": FAIL: Beacon payload is not signed, signed_external or signed_and_encrypted");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected Message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_GENMSG_06_01_BV
/**
* @desc Check that the secured message contains only one TrailerField of type signature;
* Check that the signature contained in the SecuredMessage is calculated over the right fields by cryptographically verifying the signature
* Pics Selection: PICS_GN_SECURITY AND PICS_ITS_AID_OTHER_PROFILE = non-zero
* Config Id: CF01
* Initial conditions:
* with
* the IUT being in the 'authorized' state
* Expected results:
* ensure that
* when
* the IUT is requested to send a Beacon
* then
* the IUT sends a SecuredMessage
* containing header_fields ['signer_info']
* containing signer
* containing type
* indicating 'certificate'
* containing certificate
* indicating CERT
* and containing trailer_fields ['signature']
* containing signature
* verifiable using CERT.subject_attributes['verification_key']
* @see ETSI TS 103 096-2 v1.3.1 TP_SEC_ITSS_SND_GENMSG_07_01_BV
* @reference ETSI TS 103 097 v1.2.1, clause 7.3
4484
4485
4486
4487
4488
4489
4490
4491
4492
4493
4494
4495
4496
4497
4498
4499
4500
4501
4502
4503
4504
4505
4506
4507
4508
4509
4510
4511
4512
4513
4514
4515
4516
4517
4518
4519
4520
4521
4522
4523
4524
4525
4526
4527
4528
4529
4530
4531
4532
4533
4534
4535
4536
4537
4538
4539
4540
4541
4542
4543
4544
4545
4546
4547
4548
4549
4550
4551
4552
4553
4554
4555
4556
4557
4558
*/
testcase TC_SEC_ITSS_SND_GENMSG_07_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var LongPosVector v_longPosVectorIut;
var GeoNetworkingInd v_geoNwInd;
var SignerInfo v_signerInfo;
// Test adapter configuration
if (not(PICS_GN_SECURITY) or not(PICS_ITS_AID_OTHER_PROFILE)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_ITS_AID_OTHER_PROFILE' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
v_longPosVectorIut := f_getPosition(c_compIut);
// Test adapter configuration
// Preamble
f_prNeighbour();
f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others(
mw_header_field_signer_info_certificate
)))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": INFO: Beacon message with certificate received ***");
f_getMsgSignerInfo(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo);
if (f_verifyGnSecuredMessageSignatureWithCertificate(v_geoNwInd.msgIn.gnPacket.securedMsg, v_signerInfo.signerInfo.certificate) == false) {
log("*** " & testcasename() & ": FAIL: Beacon received with invalide signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage_Others
))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Beacon message without certificate received");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected GN Message not received");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
log("*** " & testcasename() & ": PASS: GN Message received with correct signature");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_acTriggerEvent(m_stopPassBeaconing);
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_DENM_07_01_BV
} // End of group sendOtherProfile
/**
* @desc Sending behaviour test cases for certificates profile
* @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7 Profiles for certificates
*/
group sendCertificatesProfile {
/**
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the SecuredMessage
* Expected results:
* ensure that
* when
* the IUT is requested to send a SecuredMessage
* then
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating certificate
* containing certificate
* containing version
* indicating '2'
* @see ETSI TS 103 096-2 v1.3.1 TP_SEC_ITSS_SND_CERT_01_01_BV
* @reference ETSI TS 103 097 v1.2.1, clauses 6.1 and 7.4.1
4582
4583
4584
4585
4586
4587
4588
4589
4590
4591
4592
4593
4594
4595
4596
4597
4598
4599
4600
4601
4602
4603
4604
4605
4606
4607
4608
4609
4610
4611
4612
4613
4614
4615
4616
4617
4618
4619
4620
4621
4622
4623
4624
4625
4626
4627
4628
4629
4630
4631
4632
4633
4634
4635
4636
4637
4638
4639
*/
testcase TC_SEC_ITSS_SND_CERT_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
mw_certificate(
))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AT Certificate version set to " & int2char(c_certificate_version) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate(
?
)))))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: AT Certificate version mismatch ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_01_01_BV
/**
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* Expected results:
* ensure that
* when
* the IUT is requested to send a CAM
* then
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate_chain'
* and containing certificates
* indicating length N > 0
* and containing certificates [n] (0..N)
* containing version
* indicating '2'
* </pre>
* @see ETSI TS 103 096-2 v1.3.1 TP_SEC_ITSS_SND_CERT_01_02_BV
* @reference ETSI TS 103 097 v1.2.1, clauses 6.1 and 7.4.1
4665
4666
4667
4668
4669
4670
4671
4672
4673
4674
4675
4676
4677
4678
4679
4680
4681
4682
4683
4684
4685
4686
4687
4688
4689
4690
4691
4692
4693
4694
4695
4696
4697
4698
4699
4700
4701
4702
4703
4704
4705
4706
4707
4708
4709
4710
4711
4712
4713
4714
4715
4716
4717
4718
4719
4720
4721
4722
4723
4724
4725
4726
4727
4728
4729
4730
4731
4732
4733
4734
4735
*/
testcase TC_SEC_ITSS_SND_CERT_01_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SecuredMessage v_recv;
var Certificate v_cert;
var SignerInfo v_si;
var HashedId8 v_digest;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
// Wait for the message with the certificate to retrieve the AA digest.
// Ask for the chain, containing AT and AA certificate
// Check AA Certificate
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for certificate chain ***");
tc_ac.start;
f_askForCertificateChain(f_generateDefaultCam());
tc_ac.stop;
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate_chain(
superset(
mw_aa_certificate
))))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: AA certificate version set to " & int2char(c_certificate_version) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mdw_securedMessage(
superset(
mw_header_field_signer_info_certificate_chain
))))) {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: AA certificate version mismatch or no AA cert received***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_01_02_BV
/**
* @desc Check that the references in the certificate chain are valid
* Check that signer_info type of all certificates in the chain are 'certificate_digest_with_sha256', 'certificate_digest_with_other_algorithm'or 'self'
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* Expected results:
* ensure that
* when
* the IUT is requested to send a CAM
* then
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate_chain'
* and containing certificates
* indicating length N > 1
* containing signer_info
* containing type
* indicating 'certificate_digest_with_sha256'
* or indicating 'certificate_digest_with_other_algorythm'
* and containing digest
* referencing the trusted certificate
* or containing signer_info
* containing type
* indicating 'self'
* and containing certificates[n] (1..N)
* containing signer_info
* containing type
* indicating 'certificate_digest_with_sha256'
* or indicating 'certificate_digest_with_other_algorythm'
* and containing digest
* referencing the certificates[n-1]
* </pre>
* @see ETSI TS 103 096-2 v1.3.1 TP_SEC_ITSS_SND_CERT_02_01_BV
* @reference ETSI TS 103 097 v1.2.1, clause 4.2.10, 6.1 and 7.4.1
4776
4777
4778
4779
4780
4781
4782
4783
4784
4785
4786
4787
4788
4789
4790
4791
4792
4793
4794
4795
4796
4797
4798
4799
4800
4801
4802
4803
4804
4805
4806
4807
4808
4809
4810
4811
4812
*/
testcase TC_SEC_ITSS_SND_CERT_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local declarations
var CertificateChain v_chain;
var SignerInfo v_si;
var HashedId8 v_digest;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain ***");
tc_ac.start;
if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
// Test Body
for (var integer v_counter := lengthof(v_chain) - 1; v_counter > 1; v_counter := v_counter - 1) { // Loop on []N-1..1]
if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) {
log("*** " & testcasename() & ": FAIL: Certificate[ " & int2str(v_counter) & "] doesn't contain signer info ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (v_si.type_ != e_certificate_digest_with_sha256) {
if (v_si.type_ != e_certificate_digest_with_other_algorithm or PICS_PLUGTEST_VERSION) {
log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
4817
4818
4819
4820
4821
4822
4823
4824
4825
4826
4827
4828
4829
4830
4831
4832
4833
4834
4835
4836
4837
4838
4839
4840
4841
4842
4843
4844
4845
4846
}
// signer_info.type indicates 'certificate_digest_with_sha256' or 'certificate_digest_with_other_algorythm'
v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]);
if (not match (v_si.signerInfo.digest, v_digest)) {
log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
// Process certificate[0]
if (not f_getCertificateSignerInfo(v_chain[0], v_si)) {
log("*** " & testcasename() & ": FAIL: Certificate[0] doesn't contain signer info ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Process certificate[0]
if (v_si.type_ != e_certificate_digest_with_sha256) {
log("*** " & testcasename() & ": FAIL: Certificate[0] is not signed with digest ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// signer_info.type indicates 'certificate_digest_with_sha256' only
log("*** " & testcasename() & ": PASS: Certificate chain is well signed ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_02_01_BV
/**
* @desc Check that the rectangular region validity restriction of the message signing certificate contains not more than six valid rectangles;
* Check that the rectangular region validity restriction of the message signing certificate is continuous and does not contain any holes
* Pics Selection: PICS_GN_SECURITY AND PICS_CERTIFICATE_SELECTION AND PICS_USE_RECTANGULAR_REGION
* Initial conditions:
* with
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate in the next CAM
* Expected results:
* ensure that
* when
* the IUT is requested to send a CAM
* then
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate'
* containing certificate
* containing validity_restrictions['region']
* containing region
* containing region_type
* indicating 'rectangle'
* and containing rectangular_region
* indicating length <= 6
* and containing elements of type RectangularRegion
* indicating continuous region without holes
* and containing northwest and southeast
* indicating northwest is on the north from southeast
* </pre>
* @see ETSI TS 103 096-2 v1.3.1 TP_SEC_ITSS_SND_CERT_04_01_BV
* @reference ETSI TS 103 097 v1.2.1, clauses 4.2.20 and 4.2.23
4879
4880
4881
4882
4883
4884
4885
4886
4887
4888
4889
4890
4891
4892
4893
4894
4895
4896
4897
4898
4899
4900
4901
4902
4903
4904
4905
4906
4907
4908
4909
4910
4911
4912
4913
4914
4915
4916
4917
4918
4919
4920
4921
4922
4923
4924
4925
4926
4927
4928
4929
4930
4931
4932
4933
4934
4935
4936
4937
4938
4939
4940
4941
4942
4943
4944
4945
4946
4947
4948
4949
4950
4951
4952
4953
4954
4955
4956
4957
4958
*/
testcase TC_SEC_ITSS_SND_CERT_04_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var Certificate v_cert;
var ValidityRestriction v_vr;
var integer v_counter;
// Test control
if (not(PICS_GN_SECURITY) or not(PICS_CERTIFICATE_SELECTION) or not(PICS_USE_RECTANGULAR_REGION)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION and PICS_USE_RECTANGULAR_REGION' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := cc_iutCert_C;
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test body
tc_ac.start;
if (not f_waitForCertificate(v_cert)) {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
}
tc_ac.stop;
if (f_getCertificateValidityRestriction(v_cert, e_region, v_vr)) {
if (v_vr.validity.region.region_type == e_rectangle) {
var RectangularRegions v_rects := v_vr.validity.region.region.rectangular_region;
if (lengthof(v_rects) > 6) {
log("*** " & testcasename() & ": FAIL: Rectangular regions count is greather than 6 ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
for (v_counter := 0; v_counter<lengthof(v_rects); v_counter := v_counter + 1) {
var RectangularRegion v_rect := v_rects[v_counter];
if (true != f_isValidTwoDLocation(v_rect.northwest)) {
log("*** " & testcasename() & ": FAIL: Northwest location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
if (true != f_isValidTwoDLocation(v_rect.southeast)) {
log("*** " & testcasename() & ": FAIL: Southeast location is invalid in rect " & int2str(v_counter) & " ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
// Check normality of the rectangle
if (v_rect.northwest.latitude < v_rect.southeast.latitude) {
log("*** " & testcasename() & ": FAIL: Rectangular region " & int2str(v_counter) & " is not normalized ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} // End of 'for' statement
// Check for continuous rectangles
if (lengthof(v_rects) > 1) {
if (true != f_isContinuousRectangularRegions(v_rects)) { // FIXME Not implemented
log("*** " & testcasename() & ": FAIL: Rectangular regions are not connected all together ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": PASS: Certificate has a valid rectangular region restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
}
} else {
log("*** " & testcasename() & ": INCONC: Certificate has other region type ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout); // to be inconc
}
} else {
log("*** " & testcasename() & ": PASS: Certificate doesn't have any location restrictions ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_04_01_BV
/**
* @desc Check that the rectangular region validity restriction of all certificates contains not more than six valid rectangles;
* Check that the rectangular region validity restriction of the AT certificate is continuous and does not contain any holes
* Check that the rectangular certificate validity region of the subordinate certificate is well formed and inside the validity region of the issuing certificate
* Pics Selection: PICS_GN_SECURITY AND PICS_CERTIFICATE_SELECTION AND PICS_USE_RECTANGULAR_REGION
* the IUT being in the 'authorized' state
* the IUT being requested to include certificate chain in the next CAM
* Expected results:
* ensure that
* when
* the IUT is requested to send a CAM
* then
* the IUT sends a SecuredMessage
* containing header_fields['signer_info'].signer
* containing type
* indicating 'certificate_chain'
* containing certificates
* indicating length N > 0
* and containing certificates [n] (0..N)
* containing validity_restrictions['region']
* containing region
* containing region_type
* indicating 'rectangle'
* and containing rectangular_region
* indicating length <= 6
* and containing elements of type RectangularRegion
* containing northwest and southeast
* indicating northwest on the north from southeast
* and indicating continuous region without holes
* </pre>
* @see ETSI TS 103 096-2 v1.3.1 TP_SEC_ITSS_SND_CERT_04_02_BV
* @reference ETSI TS 103 097 v1.2.1, clauses 4.2.20 and 4.2.23
*/
testcase TC_SEC_ITSS_SND_CERT_04_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var CertificateChain v_chain;
var ValidityRestriction v_vr := valueof(m_validity_restriction_unknown), v_vri := valueof(m_validity_restriction_unknown); // current and issuing cert validity restrictions
var boolean f_vr := false, f_vri := false;