Skip to content
GitLab
Switch branch/tag
Find file Normal viewHistoryPermalink
ItsSecurity_TestCases.ttcn3 1.4 MB
Newer Older
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6001
6002
6003
6004
6005
6006
6007
6008
6009
6010
6011
6012
6013
6014
6015
6016
6017
6018
6019
6020
6021
6022
6023
6024
6025
6026
6027
6028
6029
6030
6031
6032
6033
6034
6035
6036
6037
6038
6039
6040
6041
6042
6043
6044
6045
6046
6047
6048
6049
6050
6051
6052
6053
6054
6055
6056
6057
6058
6059
6060
6061
6062
6063
6064
6065
6066
6067
6068
6069
6070
6071
6072
6073
6074 
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                }
                tc_ac.stop;
                if (lengthof(v_chain) < 2) {
                    log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                }
                v_aa_cert := v_chain[lengthof(v_chain) - 1];
                if (match (v_aa_cert.validity_restrictions, (superset(mw_validity_restriction_time_end,
                                                                      mw_validity_restriction_time_start_and_duration)))
                ) {
                    log("*** " & testcasename() & ": FAIL: AA certificate must not contain time_end and time_start_and_duration restrictions ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
                
                if ( true != f_getCertificateValidityRestriction(v_aa_cert, e_time_start_and_end, v_vr)) {
                    log("*** " & testcasename() & ": FAIL: AA certificate must contain time_start_and_end restrictions ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
                
                if (v_vr.validity.time_start_and_end.start_validity > v_vr.validity.time_start_and_end.end_validity ) {
                    log("*** " & testcasename() & ": FAIL: start validity mus not be greater then end validity in the validity restrictions of AA certificate ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
                
                // Process signerInfo field
                if ( true != f_getCertificateSignerInfo(v_aa_cert, v_si)) {
                    log("*** " & testcasename() & ": FAIL: AA certificate must contain SignerInfo fields ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
                if (v_si.type_ == e_certificate) {
                    log("*** " & testcasename() & ": FAIL: AA certificate must contain SignerInfo field containing a certificate ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
                for (var integer v_counter := 0; v_counter < lengthof(v_si.signerInfo.certificate.validity_restrictions); v_counter := v_counter + 1) {
                    if (v_si.signerInfo.certificate.validity_restrictions[v_counter].type_ == e_time_end) {
                        v_endTime := v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.end_validity * 1000000;
                        if (not match(v_generationTime, Time64:(0 .. v_endTime))){
                            log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    } else if (v_si.signerInfo.certificate.validity_restrictions[v_counter].type_ == e_time_start_and_end) {
                        v_endTime := v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.time_start_and_end.end_validity * 1000000;
                        v_startTime := v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.time_start_and_end.start_validity * 1000000;
                        if (not match(v_generationTime, Time64:(v_startTime .. v_endTime))){
                            log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    } else if (v_si.signerInfo.certificate.validity_restrictions[v_counter].type_ == e_time_start_and_duration) {
                        v_startTime := v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.time_start_and_duration.start_validity * 1000000;
                        v_duration  := f_duration2time(v_si.signerInfo.certificate.validity_restrictions[v_counter].validity.time_start_and_duration.duration_) * 1000000;
                        if (not match(v_generationTime, Time64:(v_startTime .. v_duration))){
                            log("*** " & testcasename() & ": FAIL: DENM generation time is not inside the validity of the certificate");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    } else {
                        log("*** " & testcasename() & ": FAIL: Mal-formed the certificate");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                } // End of 'for' statement
                
                log("*** " & testcasename() & ": PASS: Time validity restriction of the AA certificate is good ***");
                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6075 
            } // End of testcase TC_SEC_ITSS_SND_CERT_08_01_BV
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6076
6077
6078
6079 
            
            /**
             * @desc    Check that the certificate signature contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 
             *          or x_coordinate_only
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6080 
             * <pre>
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6081 
             * Pics Selection: PICS_GN_SECURITY
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6082
6083 
             * Config Id: CF01
             * Initial conditions:
garciay's avatar
STF507: Week #1    
garciay committed
6084
6085
6086
6087
6088
6089
6090 
             * with {
             *   the IUT being in the 'authorized' state
             *      the IUT being requested to include certificate in the next CAM
             * }
             * Expected Behaviour:
             * ensure that {
             *    when {
garciay's avatar
STF507 week#9:    
garciay committed
6091 
             *       the IUT is requested to send a CAM
garciay's avatar
STF507: Week #1    
garciay committed
6092 
             *   } then {
garciay's avatar
STF507 week#9:    
garciay committed
6093
6094
6095
6096
6097
6098
6099
6100
6101
6102 
             *       the IUT sends a SecuredMessage
             *           containing header_fields['signer_info'].signer
             *               containing type
             *                   indicating certificate
             *               containing certificate
             *                   containing signature.ecdsa_signature
             *                       containing R.type
             *                           indicating compressed_lsb_y_0
             *                           or indicating compressed_lsb_y_1 
             *                           or indicating x_coordinate_only
garciay's avatar
STF507: Week #1    
garciay committed
6103
6104 
             *   }
             * }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6105 
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
6106 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_09_01_BV
garciay's avatar
STF507: Week #1    
garciay committed
6107 
             * @reference   ETSI TS 103 097 [1], clause 4.2.9
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6108 
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6109 
            testcase TC_SEC_ITSS_SND_CERT_09_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6110
garciay's avatar
STF507: Week #1    
garciay committed
6111 
                // Test control
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6112
6113
6114
6115 
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6116
garciay's avatar
STF507: Week #1    
garciay committed
6117 
                // Test component configuration
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6118
6119 
                f_cf01Up();
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6120
6121 
                // Test adapter configuration
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6122
6123
6124
6125
6126 
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
garciay's avatar
STF507: Week #1    
garciay committed
6127
6128
6129
6130
6131
6132
6133
6134
6135
6136
6137
6138
6139
6140
6141
6142
6143
6144
6145
6146
6147
6148
6149
6150
6151
6152
6153
6154
6155
6156
6157
6158
6159
6160
6161
6162
6163
6164
6165
6166
6167
6168
6169
6170
6171
6172
6173
6174
6175
6176
6177
6178
6179
6180
6181
6182
6183
6184
6185
6186
6187
6188
6189
6190
6191
6192
6193
6194
6195
6196
6197
6198
6199 
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_at_certificate(
                                                ?,
                                                ?,
                                                ?,
                                                mw_signature(
                                                    mw_ecdsaSignature(
                                                        mw_eccPointecdsa_nistp256_with_sha256_y0_coordinate_only
                    ))))))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_0 received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_at_certificate(
                                                ?,
                                                ?,
                                                ?,
                                                mw_signature(
                                                    mw_ecdsaSignature(
                                                        mw_eccPointecdsa_nistp256_with_sha256_y1_coordinate_only
                    ))))))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to compressed_lsb_y_1 received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_at_certificate(
                                                ?,
                                                ?,
                                                ?,
                                                mw_signature(
                                                    mw_ecdsaSignature(
                                                        mw_eccPointecdsa_nistp256_with_sha256_x_coordinate_only
                    ))))))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: AT certificate contains signature with the ECC point of type set to x_coordinate_only received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_at_certificate
                    )))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": FAIL: AT certificate signature mismatch ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6200
6201
6202
6203 
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
STF507: Week #1    
garciay committed
6204
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6205 
            } // End of testcase TC_SEC_ITSS_SND_CERT_09_01_BV
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6206
6207 
            
            /**
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6208
6209 
             * @desc    Check that the all certificates in a chain have signatures contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 
             *          or x_coordinate_only
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6210 
             * <pre>
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6211 
             * Pics Selection: PICS_GN_SECURITY
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6212
6213 
             * Config Id: CF01
             * Initial conditions:
garciay's avatar
STF507: Week #1    
garciay committed
6214
6215 
             * with {
             *   the IUT being in the 'authorized' state
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6216 
             *   the IUT being requested to include certificate in the next CAM
garciay's avatar
STF507: Week #1    
garciay committed
6217
6218
6219
6220
6221
6222
6223 
             * }
             * Expected Behaviour:
             * ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6224
6225
6226
6227
6228
6229
6230
6231
6232
6233
6234 
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate_chain'
             *             containing certificates
             *                 indicating length N > 1
             *                 and indicating certificates[n] (0..N)
             *                     containing signature.ecdsa_signature
             *                         containing R.type
             *                             indicating compressed_lsb_y_0
             *                             or indicating compressed_lsb_y_1 
             *                             or indicating x_coordinate_only
garciay's avatar
STF507: Week #1    
garciay committed
6235
6236 
             *   }
             * }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6237 
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
6238 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_09_02_BV
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6239 
             * @reference   ETSI TS 103 097 [1], clause 4.2.9
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6240 
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6241 
            testcase TC_SEC_ITSS_SND_CERT_09_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6242
6243
6244
6245
6246 
                // Local variables
                var GeoNetworkingInd v_geoNwInd;
                var SignerInfo       v_si;
                var CertificateChain v_chain;
                var integer          v_counter;
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6247
garciay's avatar
STF507: Week #1    
garciay committed
6248 
                // Test control
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6249
6250
6251
6252 
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6253
garciay's avatar
STF507: Week #1    
garciay committed
6254 
                // Test component configuration
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6255
6256 
                f_cf01Up();
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6257
6258 
                // Test adapter configuration
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6259
6260
6261
6262
6263 
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
garciay's avatar
STF507: Week #1    
garciay committed
6264
6265
6266
6267
6268
6269
6270 
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6271
6272 
                                        mw_header_field_signer_info_certificate_chain
                    ))))) -> value v_geoNwInd {
garciay's avatar
STF507: Week #1    
garciay committed
6273 
                        tc_ac.stop;
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6274
6275
6276
6277
6278
6279
6280
6281
6282
6283
6284
6285
6286
6287
6288
6289
6290
6291
6292
6293
6294
6295
6296
6297
6298
6299
6300
6301
6302
6303 
                        // Check certificate chain
                        if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) {
                            v_chain  :=  v_si.signerInfo.certificates;
                            for (v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1 ) {
                                if (v_chain[v_counter].signature_.algorithm != e_ecdsa_nistp256_with_sha256) {
                                    log("*** " & testcasename() & ": FAIL: Wrong signature algorithm ***");
                                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                                } else if (
                                    (v_chain[v_counter].signature_.signature_.ecdsa_signature.r.type_ != e_x_coordinate_only) and 
                                    (v_chain[v_counter].signature_.signature_.ecdsa_signature.r.type_ != e_compressed_lsb_y_0) and 
                                    (v_chain[v_counter].signature_.signature_.ecdsa_signature.r.type_ != e_compressed_lsb_y_1) 
                                ) {
                                    log("*** " & testcasename() & ": FAIL: Wrong ECDSA R type ***");
                                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                                }
                            } // End of 'for' statement
                        }
                        log("*** " & testcasename() & ": PASS: All certificates in a chain have the correct signature type ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6304 
            } // End of testcase TC_SEC_ITSS_SND_CERT_09_02_BV
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6305
6306
6307
6308
6309
6310
6311
6312
6313
6314
6315
6316
6317
6318
6319
6320
6321
6322
6323
6324
6325
6326
6327
6328
6329
6330
6331
6332
6333
6334 
            
            /**
             * @desc    Check that the certificate verification key contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 
             *          or uncompressed
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate in the next CAM
             * }
             * Expected Behaviour:
             * ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *       containing header_fields['signer_info'].signer
             *         containing type
             *           indicating certificate
             *         containing certificate
             *             containing subject_attributes['verification_key']
             *                 containing key.public_key.type
             *                     indicating compressed_lsb_y_0
             *                     or indicating compressed_lsb_y_1 
             *                     or indicating x_coordinate_only
             *   }
             * }
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
6335 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_10_01_BV
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6336
6337 
             * @reference   ETSI TS 103 097 [1], clause 4.2.4
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6338 
            testcase TC_SEC_ITSS_SND_CERT_10_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6339
6340
6341
6342
6343
6344
6345
6346
6347
6348
6349
6350
6351
6352
6353
6354
6355
6356
6357
6358
6359
6360
6361
6362
6363
6364
6365
6366
6367
6368
6369
6370
6371
6372
6373
6374
6375
6376
6377
6378
6379
6380 
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_at_certificate(
                                                ?,
                                                superset(
                                                    mw_subject_attribute_verification_key(
                                                        mw_publicKey_eccPoint_compressed_lsb_y_0
                                                    )
                                                ),
                                                ?,
                                                mw_signature
                    ))))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": PASS: AT certificate contains verification key with the ECC point of type set to compressed_lsb_y_0 received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
garciay's avatar
STF507: Week #1    
garciay committed
6381
6382
6383
6384
6385
6386
6387
6388
6389
6390
6391 
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_at_certificate(
                                                ?,
                                                superset(
                                                    mw_subject_attribute_verification_key(
                                                        mw_publicKey_eccPoint_compressed_lsb_y_1
                                                    )
                                                ),
                                                ?,
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6392 
                                                mw_signature
garciay's avatar
STF507: Week #1    
garciay committed
6393
6394 
                    ))))))) {
                        tc_ac.stop;
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6395 
                        log("*** " & testcasename() & ": PASS: AT certificate contains verification key with the ECC point of type set to compressed_lsb_y_1 received ***");
garciay's avatar
STF507: Week #1    
garciay committed
6396
6397
6398
6399
6400
6401
6402
6403
6404
6405
6406
6407
6408
6409
6410
6411 
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_at_certificate(
                                                ?,
                                                superset(
                                                    mw_subject_attribute_verification_key(
                                                        mw_publicKey_eccPoint_uncompressed
                                                    )
                                                ),
                                                ?,
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6412 
                                                mw_signature
garciay's avatar
STF507: Week #1    
garciay committed
6413
6414 
                    ))))))) {
                        tc_ac.stop;
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6415 
                        log("*** " & testcasename() & ": PASS: AT certificate contains verification key with the ECC point of type set to uncompressed received ***");
garciay's avatar
STF507: Week #1    
garciay committed
6416
6417
6418
6419
6420
6421
6422
6423
6424
6425
6426
6427
6428
6429
6430
6431
6432
6433
6434
6435
6436
6437
6438
6439 
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate(
                                            mw_at_certificate
                    )))))) {
                        tc_ac.stop;
                        log("*** " & testcasename() & ": FAIL: AT certificate signature mismatch ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6440 
            } // End of testcase TC_SEC_ITSS_SND_CERT_10_01_BV
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6441
6442
6443
6444
6445
6446
6447
6448
6449
6450
6451
6452
6453
6454
6455
6456
6457
6458
6459
6460
6461
6462
6463
6464
6465
6466
6467
6468
6469
6470
6471
6472 
            
            /**
             * @desc    Check that  all certificate in a chain have verification keys contains ECC point of type set to either compressed_lsb_y_0, compressed_lsb_y_1 
             *          or uncompressed
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
             * Config Id: CF01
             * Initial conditions:
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate in the next CAM
             * }
             * Expected Behaviour:
             * ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *         containing header_fields['signer_info'].signer
             *             containing type
             *                 indicating 'certificate_chain'
             *             containing certificates
             *                 indicating length N > 1
             *                 and indicating certificates[n] (0..N)
             *                     containing signature.ecdsa_signature
             *                         containing subject_attributes['verification_key']
             *                             indicating compressed_lsb_y_0
             *                             or indicating compressed_lsb_y_1 
             *                             or indicating uncompressed 
             *   }
             * }
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
6473 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_10_02_BV
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6474
6475 
             * @reference   ETSI TS 103 097 [1], clause 4.2.4
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6476 
            testcase TC_SEC_ITSS_SND_CERT_10_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6477
6478
6479
6480
6481
6482
6483
6484
6485
6486
6487
6488
6489
6490
6491
6492
6493
6494
6495
6496
6497
6498
6499
6500
6501
6502
6503
6504
6505
6506
6507
6508
6509
6510
6511
6512
6513
6514
6515
6516
6517
6518
6519
6520
6521
6522
6523
6524
6525
6526
6527
6528
6529
6530
6531
6532
6533
6534
6535 
                // Local variables
                var GeoNetworkingInd v_geoNwInd;
                var SignerInfo       v_si;
                var CertificateChain v_chain;
                var integer          v_counter;
                                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate_chain
                    ))))) {
                        tc_ac.stop;
                        // Check certificate chain
                        if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) {
                            v_chain  :=  v_si.signerInfo.certificates;
                            for (v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1 ) {
                                if (
                                    (not match(v_chain[v_counter], mw_certificate(?, ?, superset(mw_subject_attribute_verification_key(mw_publicKey_eccPoint_compressed_lsb_y_0))))) and
                                    (not match(v_chain[v_counter], mw_certificate(?, ?, superset(mw_subject_attribute_verification_key(mw_publicKey_eccPoint_compressed_lsb_y_1))))) and
                                    (not match(v_chain[v_counter], mw_certificate(?, ?, superset(mw_subject_attribute_verification_key(mw_publicKey_eccPoint_uncompressed)))))
                                ) {
                                    log("*** " & testcasename() & ": FAIL: Wrong verification key algorithm ***");
                                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                                }
                            } // End of 'for' statement
                        }
                        log("*** " & testcasename() & ": PASS: All certificates in a chain have the correct verification key ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6536 
            } // End of testcase TC_SEC_ITSS_SND_CERT_10_02_BV
garciay's avatar
STF507: Week #1    
garciay committed
6537
6538
6539
6540
6541 
            
            /**
             * @desc Check the certificate signature 
             * <pre>
             * Pics Selection: PICS_GN_SECURITY
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6542
6543 
             * Config Id: CF01
             * Initial conditions:
garciay's avatar
STF507: Week #1    
garciay committed
6544
6545
6546
6547
6548
6549
6550
6551 
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6552 
             *       containing header_fields['signer_info'].signer
garciay's avatar
STF507: Week #1    
garciay committed
6553
6554 
             *         containing type
             *           indicating 'certificate'
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6555
6556 
             *         ND containing certificate
             *           containing signer_info
garciay's avatar
STF507: Week #1    
garciay committed
6557
6558
6559
6560 
             *             containing type
             *               indicating 'certificate_digest_with_sha256'
             *             containing digest
             *               referenced to the certificate CERT
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6561 
             *           and containing signature
garciay's avatar
STF507: Week #1    
garciay committed
6562
6563
6564 
             *             verifiable using CERT.subject_attributes['verification_key'].key
             *   }
             * }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6565 
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
6566 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_09_01_BV
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6567 
             * @reference   ETSI TS 103 097 [1], clauses 6.1 and 7.4.1
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6568 
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6569 
            testcase TC_SEC_ITSS_SND_CERT_11_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
STF507: Week #1    
garciay committed
6570
6571
6572
6573
6574
6575
6576 
                // Local declarations
                var GeoNetworkingInd v_geoNwInd;
                var Certificate      v_at_cert;
                var Certificate      v_aa_cert;
                var HashedId8        v_aa_digest;
                var SignerInfo       v_si;
                var integer          v_counter;
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6577
garciay's avatar
STF507: Week #1    
garciay committed
6578 
                // Test control
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6579
6580
6581
6582 
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
garciay's avatar
STF507: Week #1    
garciay committed
6583
6584 
                    
                // Test component configuration
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6585
6586 
                f_cf01Up();
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6587
6588 
                // Test adapter configuration
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6589
6590
6591
6592 
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
STF507: Week #1    
garciay committed
6593
6594
6595
6596
6597 
                // Wait for the message with the certificate to get the AA cert digest.
                // Ask for the chain, containing AT and AA certificate
                // Check that the AT cert in the first message is signed with the AA cert
                log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate  ***");
                tc_ac.start;
garciay's avatar
STF507 week#11: Enforce f_waitForCertificate    
garciay committed
6598
6599
6600
6601 
                if (not f_waitForCertificate(v_at_cert)) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                }
garciay's avatar
STF507: Week #1    
garciay committed
6602 
                tc_ac.stop;
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6603
garciay's avatar
STF507: Week #1    
garciay committed
6604
6605
6606 
                if (true != f_getCertificateSignerInfo(v_at_cert, v_si)) {
                    log("*** " & testcasename() & ": FAIL: AT Certificate signer info is unknown ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6607 
                }
garciay's avatar
STF507: Week #1    
garciay committed
6608
6609
6610 
                if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
                    log("*** " & testcasename() & ": FAIL: AT Certificate is not signed well ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6611 
                }
garciay's avatar
STF507: Week #1    
garciay committed
6612
6613
6614
6615
6616
6617
6618
6619
6620
6621
6622
6623
6624
6625
6626
6627
6628
6629
6630
6631
6632
6633
6634
6635
6636
6637
6638
6639
6640
6641
6642
6643
6644
6645
6646
6647
6648
6649
6650
6651
6652
6653
6654
6655
6656
6657
6658
6659
6660
6661
6662 
                v_aa_digest := v_si.signerInfo.digest;
                
                // Send a certificate request to the IUT 
                f_sendCertificateRequest(v_aa_digest, f_generateDefaultCam());
                    
                // Test Body
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate_chain
                    ))))) -> value v_geoNwInd {
                        var SecuredMessage v_secMsg;
                        var integer v_chainLength;
                        tc_ac.stop;
                        // Check certificate chain
                        
                        if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) {
                            v_chainLength := lengthof(v_si.signerInfo.certificates);
                            if (v_chainLength < 2 ) {
                                log("*** " & testcasename() & ": FAIL: Certificate chain doesn't contain the AA cert ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            // get aa cert
                            v_aa_cert := v_si.signerInfo.certificates[v_chainLength-2];
                            if (not match (v_aa_digest, f_calculateDigestFromCertificate(v_aa_cert))) {
                                log("*** " & testcasename() & ": FAIL: AT certificate was not signed with the given AA cert ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            
                            // Check that at cert is signed with aa cert
                            if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_at_cert, v_aa_cert)) {
                                log("*** " & testcasename() & ": FAIL: AT certificate signature error ***");
                                f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                            }
                            
                            log("*** " & testcasename() & ": PASS: AT certificate was well signed with AA certificate ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                        } else {
                            log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
                } // End of 'alt' statement
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6663
6664
6665
6666 
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
STF507: Week #1    
garciay committed
6667
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6668 
            } // End of testcase TC_SEC_ITSS_SND_CERT_11_01_BV
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6669
6670 
            
            /**
garciay's avatar
STF507: Week #1    
garciay committed
6671 
             * @desc Check the signatures of the certificates in the chain
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6672 
             * <pre>
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6673 
             * Pics Selection: PICS_GN_SECURITY
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6674
6675 
             * Config Id: CF01
             * Initial conditions:
garciay's avatar
STF507: Week #1    
garciay committed
6676
6677
6678
6679
6680
6681
6682
6683 
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6684
6685
6686
6687
6688
6689
6690
6691
6692
6693
6694
6695
6696
6697
6698
6699
6700
6701
6702
6703
6704 
             *         containing header_fields['signer_info'].signer
             *           containing type
             *               indicating 'certificate_chain'
             *         and containing certificates
             *             indicating length N > 1
             *             and containing certificate[0]
             *                 containing signer_info
             *                     containing type
             *                         indicating 'certificate_digest_with_sha256'
             *                     and containing digest
             *                         referenced to the trusted certificate (CERT_ROOT)
             *                 and containing signature
             *                     verifiable using CERTIFICATES[N-1].subject_attributes['verification_key'].key
             *             and containing certificates[n] (1..N)
             *                 containing signer_info {
             *                     containing type
             *                         indicating 'certificate_digest_with_sha256'
             *                     and containing digest
             *                         referenced to the certificates[n-1]
             *                 and containing signature
             *                     verifiable using certificates[n-1].subject_attributes['verification_key'].key
garciay's avatar
STF507: Week #1    
garciay committed
6705
6706 
             *   }
             * }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6707 
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
6708 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_09_02_BV
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6709 
             * @reference   ETSI TS 103 097 [1], clauses 6.1 and 7.4.1
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6710 
             */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6711 
            testcase TC_SEC_ITSS_SND_CERT_11_02_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
STF507: Week #1    
garciay committed
6712
6713
6714
6715
6716
6717
6718 
                // Local declarations
                var GeoNetworkingInd v_geoNwInd;
                var Certificate      v_cert;
                var CertificateChain v_chain;
                var SignerInfo       v_si;
                var HashedId8        v_digest;
                var integer          v_counter;
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6719
garciay's avatar
STF507: Week #1    
garciay committed
6720 
                // Test control
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6721
6722
6723
6724
6725 
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
garciay's avatar
STF507: Week #1    
garciay committed
6726 
                // Test component configuration
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6727
6728 
                f_cf01Up();
mullers's avatar
Merged revision(s) 1925-2226 from branches/STF484_VALIDATION    
mullers committed
6729
6730 
                // Test adapter configuration
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6731
6732
6733
6734 
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
garciay's avatar
STF507: Week #1    
garciay committed
6735
6736
6737
6738
6739
6740
6741
6742 
                // Wait for the message with the certificate to get the AA cert digest.
                // Ask for the chain, containing AT and AA certificate
                // Check that the AT cert in the first message is signed with the AA cert
                log("*** " & testcasename() & ": INFO: Waiting for the message containing certificate and ask for a certificate chain ***");
                tc_ac.start;
                f_askForCertificateChain(f_generateDefaultCam());
                tc_ac.stop;
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6743 
                // Test Body
garciay's avatar
STF507: Week #1    
garciay committed
6744
6745
6746
6747
6748
6749
6750
6751
6752
6753
6754
6755
6756
6757
6758
6759
6760
6761
6762
6763
6764
6765
6766
6767
6768
6769
6770
6771
6772
6773
6774
6775
6776
6777
6778
6779
6780
6781
6782
6783
6784
6785
6786
6787
6788
6789
6790
6791 
                tc_ac.start;
                alt {
                    [] geoNetworkingPort.receive(
                        mw_geoNwInd(
                            mw_geoNwSecPdu(
                                mdw_securedMessage(
                                    superset(
                                        mw_header_field_signer_info_certificate_chain
                    ))))) -> value v_geoNwInd {
                        var SecuredMessage v_secMsg;
                        var integer v_chainLength;
                        tc_ac.stop;
                        // Check certificate chain
                        if (f_getMsgSignerInfo(f_getSecuredMessage(v_geoNwInd.msgIn), v_si)) {
                            v_chain  :=  v_si.signerInfo.certificates;
                            for (v_counter := lengthof(v_chain) - 1; v_counter > 0; v_counter := v_counter - 1 ) {
                                if (not f_getCertificateSignerInfo(v_chain[v_counter], v_si)) {
                                    log("*** " & testcasename() & ": FAIL: Certificate "&int2str(v_counter) & " doesn't have a signer info ***");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                                if (not match (v_si.type_, e_certificate_digest_with_sha256)) {
                                    log("*** " & testcasename() & ": FAIL: Certificate is not signed with digest ***");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                                // Check that cert is signed by issuing cert
                                v_digest := f_calculateDigestFromCertificate(v_chain[v_counter - 1]);
                                if (not match (v_si.signerInfo.digest, v_digest)) {
                                    log("*** " & testcasename() & ": FAIL: Certificate chain is not valid ***");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                                // Check that the signature is valid
                                if (false == f_verifyCertificateSignatureWithIssuingCertificate(v_chain[v_counter], v_chain[v_counter - 1])) {
                                    log("*** " & testcasename() & ": FAIL: AT certificate signature error ***");
                                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                                }
                            } // End of 'for' statement
                            
                            log("*** " & testcasename() & ": PASS: All certificates in the chain signed by it's issuing certs ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                        } else {
                            log("*** " & testcasename() & ": FAIL: The message signer info is unknown ***");
                            f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                        }
                    }
                    [] tc_ac.timeout {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                    }
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6792
6793
6794
6795
6796 
                }
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
garciay's avatar
STF507: Week #1    
garciay committed
6797
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6798
6799
6800
6801
6802
6803
6804
6805
6806
6807
6808
6809
6810
6811
6812
6813
6814 
            } // End of testcase TC_SEC_ITSS_SND_CERT_11_02_BV
            
            /**
             * @desc Check that the assurance level of the subordinate certificate is equal to or less than the assurance level of the issuing certificate
             * <pre>
             * Pics Selection: PICS_GN_SECURITY and PICS_CERTIFICATE_SELECTION
             * Config Id: CF01
             * with {
             *   the IUT being in the 'authorized' state
             *   the IUT being requested to include certificate chain in the next CAM
             * } ensure that {
             *    when {
             *     the IUT is requested to send a CAM
             *   } then {
             *     the IUT sends a SecuredMessage
             *       containing header_fields['signer_info'].signer
             *         containing type
garciay's avatar
STF507: Week #6    
garciay committed
6815 
             *           indicating 'certificate_chain'
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6816
6817
6818
6819
6820
6821
6822
6823
6824
6825
6826
6827
6828
6829
6830
6831
6832 
             *         containing certificates
             *           indicating length N > 1
             *           and containing certificates[n](0..N)
             *             containing subject_attributes ['assurance_level']
             *               containig assurance_level
             *                 containing bits [5-7]
             *                   indicating assurance level CERT_AL
             *             and containing signer_info
             *               containing digest
             *                 referenced to the certificate
             *                   containing subject_attributes ['assurance_level']
             *                     containing assurance_level
             *                       containing bits [5-7]
             *                         indicating value <= CERT_AL
             *   }
             * }
             * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
6833 
             * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_12_01_BV
garciay's avatar
STF507: Week #6    
garciay committed
6834 
             * @reference   ETSI TS 103 097 [1], clause 7.4.1
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6835
6836
6837
6838
6839
6840
6841
6842
6843
6844
6845
6846
6847
6848
6849
6850
6851
6852
6853
6854
6855
6856
6857
6858
6859
6860
6861
6862
6863
6864
6865
6866
6867
6868
6869
6870
6871
6872
6873
6874
6875
6876
6877
6878
6879
6880
6881
6882
6883
6884
6885
6886
6887
6888
6889
6890
6891
6892
6893
6894 
             */
            testcase TC_SEC_ITSS_SND_CERT_12_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
                var CertificateChain         v_chain;
                var Certificate              v_aa_cert, v_at_cert;
                var SubjectAttribute         v_sa;
                var SubjectAssurance         v_aa_assurance_level, v_at_assurance_level;
                
                // Test control
                if (not(PICS_GN_SECURITY)) {
                    log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                    stop;
                }
                
                // Test component configuration
                f_cf01Up();
                
                // Test adapter configuration
                
                // Preamble
                f_prNeighbour();
                f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                
                // Test Body
                log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                tc_ac.start;
                if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                }
                tc_ac.stop;
                if (lengthof(v_chain) < 2) {
                    log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                    f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                }
                v_aa_cert := v_chain[lengthof(v_chain) - 2];
                v_at_cert := v_chain[lengthof(v_chain) - 1];
                if (not f_getCertificateSubjectAttribute(v_aa_cert, e_assurance_level, v_sa)) {
                    log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
                v_aa_assurance_level := v_sa.attribute.assurance_level;
                
                if (not f_getCertificateSubjectAttribute(v_at_cert, e_assurance_level, v_sa)) {
                    log("*** " & testcasename() & ": FAIL: AA certificate does not contain its_aid_list subject attribute ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                }
                v_at_assurance_level := v_sa.attribute.assurance_level;
                
                if (bit2int(v_aa_assurance_level.levels) < bit2int(v_at_assurance_level.levels)) {
                    log("*** " & testcasename() & ": FAIL: The assurence levels mismatch ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                } else {
                    log("*** " & testcasename() & ": PASS: The assurence levels match ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
                
                // Postamble
                f_poNeighbour();
                f_cf01Down();
            } // End of testcase TC_SEC_ITSS_SND_CERT_12_01_BV
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6895
6896 
            
            /**
garciay's avatar
STF507: Week #1    
garciay committed
6897
6898
6899
6900
6901
6902 
             * @desc Sending behaviour test cases for AA certificate profil
             * @see ETSI TS 103 096-2 V1.2.2 (2016-01) Clause 5.2.7.7 AA certificate profile
             */
            group AA_Certificates {
                
                /**
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6903 
                 * @desc Check that the subject_type of the AA certificate is set to authorization_authority
garciay's avatar
STF507: Week #1    
garciay committed
6904
6905
6906
6907
6908
6909
6910
6911
6912
6913
6914 
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6915 
                 *       containing header_fields['signer_info'].signer
garciay's avatar
STF507: Week #1    
garciay committed
6916 
                 *         containing type
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6917 
                 *           indicating 'certificate_chain'
garciay's avatar
STF507: Week #6    
garciay committed
6918 
                 *         containing certificates[last-1]
garciay's avatar
STF507: Week #1    
garciay committed
6919
6920
6921
6922
6923 
                 *           containing subject_info.subject_type
                 *             indicating 'authorization_authority' (2)
                 *   }
                 * }
                 * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
6924 
                 * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_01_01_BV
garciay's avatar
STF507: Week #6    
garciay committed
6925 
                 * @reference   ETSI TS 103 097 [1], clause 7.4.4
garciay's avatar
STF507: Week #1    
garciay committed
6926 
                 */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6927 
                testcase TC_SEC_ITSS_SND_CERT_AA_01_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
STF507: Week #1    
garciay committed
6928
6929
6930
6931
6932
6933
6934
6935
6936
6937
6938
6939
6940
6941
6942
6943
6944
6945
6946
6947
6948
6949
6950
6951
6952
6953
6954
6955
6956
6957
6958
6959
6960
6961 
                    var CertificateChain         v_chain;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
                    }
                    
                    // Test component configuration
                    f_cf01Up();
                    
                    // Test adapter configuration
                    
                    // Preamble
                    f_prNeighbour();
                    f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
                    
                    // Test Body
                    log("*** " & testcasename() & ": INFO: Request and waiting for the message containing certificate chain  ***");
                    tc_ac.start;
                    if (not f_askAndWaitForCertificateChain(v_chain, f_generateDefaultCam())) {
                        log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_timeout);
                    }
                    tc_ac.stop;
                    if (lengthof(v_chain) < 2) {
                        log("*** " & testcasename() & ": FAIL: Certificate chain is too short ***");
                        f_selfOrClientSyncAndVerdictPreamble(c_tbDone, e_error);
                    }
                    if (not match(v_chain[lengthof(v_chain) - 2], mw_aa_certificate)) {
                        log("*** " & testcasename() & ": FAIL: AA certificate not found in the chain[last-1] ***");
                        f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
                    }
                    log("*** " & testcasename() & ": PASS: AA certificate was found in the chain ***");
berge's avatar
Merged branches/Security/ttcn (r1471-1819) to trunk.  
berge committed
6962 
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
garciay's avatar
STF507: Week #1    
garciay committed
6963
6964
6965
6966 
                    
                    // Postamble
                    f_poNeighbour();
                    f_cf01Down();
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6967 
                } // End of testcase TC_SEC_ITSS_SND_CERT_AA_01_01_BV
garciay's avatar
STF507: Week #1    
garciay committed
6968
6969 
                
                /**
garciay's avatar
STF507: Week #6    
garciay committed
6970 
                 * @desc Check that the AA certificsate subject_name variable-length vector contains 32 bytes maximum
garciay's avatar
STF507: Week #1    
garciay committed
6971
6972
6973
6974
6975
6976
6977
6978
6979
6980
6981 
                 * <pre>
                 * Pics Selection: PICS_GN_SECURITY
                 * Config Id: CF01
                 * with {
                 *   the IUT being in the 'authorized' state
                 *   the IUT being requested to include certificate chain in the next CAM
                 * } ensure that {
                 *    when {
                 *     the IUT is requested to send a CAM
                 *   } then {
                 *     the IUT sends a SecuredMessage
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6982 
                 *       containing header_fields['signer_info'].signer
garciay's avatar
STF507: Week #1    
garciay committed
6983 
                 *         containing type
garciay's avatar
STF507: Week #6    
garciay committed
6984 
                 *           indicating 'certificate_chain'
garciay's avatar
WeekSTF507: Week #3    
garciay committed
6985 
                 *         containing certificates[last-1]
garciay's avatar
STF507: Week #1    
garciay committed
6986
6987
6988
6989
6990 
                 *           containing subject_info.subject_name
                 *             indicating length <= 32 bytes
                 *   }
                 * }
                 * </pre>
garciay's avatar
STF507 week#9:    
garciay committed
6991 
                 * @see         ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_AA_02_01_BV
garciay's avatar
STF507: Week #1    
garciay committed
6992
6993 
                 * @reference   ETSI TS 103 097 [1], clause 6.2
                 */
garciay's avatar
WeekSTF507: Week #6    
garciay committed
6994 
                testcase TC_SEC_ITSS_SND_CERT_AA_02_01_BV() runs on ItsGeoNetworking system ItsSecSystem {
garciay's avatar
STF507: Week #1    
garciay committed
6995
6996
6997
6998
6999
7000 
                    var CertificateChain         v_chain;
                    
                    // Test control
                    if (not(PICS_GN_SECURITY)) {
                        log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                        stop;
For faster browsing, not all history is shown. View entire blame