Newer
Older
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
}
} // End of 'alt' statement
// Test Body
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_certRecipInfo(mw_pKRecipientInfo(vc_eaHashedId8)), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
) {
f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": LOG: ", match(v_generated_keys, superset(v_inner_ec_request.publicKeys.verificationKey)), "***");
if (match(v_generated_keys, superset(v_inner_ec_request.publicKeys.verificationKey))) {
v_generated_keys[v_counter] := v_inner_ec_request.publicKeys.verificationKey;
v_counter := v_counter + 1;
f_selfOrClientSyncAndVerdictTestBody(c_prDone, e_success);
log("*** " & testcasename() & ": FAIL: Duplication of generated public keys ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
}
[] tc_ac.timeout {
if (v_counter == PX_RE_ENROLMENT_COUNTER) {
log("*** " & testcasename() & ": PASS: InnerEcRequest received with different key pairs ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_ENR_06_BV_pki
} // End of f_TC_SECPKI_ITSS_ENR_06_BV
/**
* @desc Within the InnerECRequest, the requestedSubjectAttributes shall not contain a certIssuePermissions field.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send an EnrolmentRequestMessage
* }
* then {
* the IUT sends an EtsiTs103097Data-Encrypted
* containing an encrypted EtsiTs103097Data-Signed
* containing EtsiTs103097Data
* containing InnerECRequestSignedForPOP
* containing InnerEcRequest
* containing requestedSubjectAttributes
* not containing certIssuePermissions
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.1 SECPKI_ITSS_ENR_07_BV
* @reference ETSI TS 102 941, clause 6.2.3.2.1
*/
testcase TC_SECPKI_ITSS_ENR_07_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var Oct32 v_private_key;
var Oct32 v_public_key_x;
var Oct32 v_public_key_y;
var Oct32 v_public_compressed_key;
var integer v_compressed_mode;
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
// Cleanup
} // End of TC_SECPKI_ITSS_ENR_07_BV
/**
* @desc In the headerInfo of the tbsData of the InnerECRequestSignedForPOP all other components
* of the component tbsdata.headerInfo except generationTime and psid are not used and absent.
* The psid shall be set to "secured certificate request" as assigned in ETSI TS 102 965 and
* the generationTime shall be present.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send an EnrolmentRequestMessage
* }
* then {
* the IUT sends an EtsiTs103097Data-Encrypted
* containing an encrypted EtsiTs103097Data-Signed
* containing EtsiTs103097Data
* containing InnerECRequestSignedForPOP
* containing tbsData
* containing headerInfo
* containing psid
* indicating AID_CERT_REQ
* and containing generationTime
* and not containing any other component of tbsdata.headerInfo
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.1 SECPKI_ITSS_ENR_08_BV
* @reference ETSI TS 102 941, clause 6.2.3.2.1
*/
testcase TC_SECPKI_ITSS_ENR_08_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
// Cleanup
} // End of TC_SECPKI_ITSS_ENR_08_BV
/**
* @desc In the headerInfo of the tbsData of the outer EtsiTs102941Data-Signed all other components
* of the component tbsdata.headerInfo except generationTime and psid are not used and absent.
* The psid shall be set to "secured certificate request" as assigned in ETSI TS 102 965 and
* the generationTime shall be present.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send an EnrolmentRequestMessage
* }
* then {
* the IUT sends an EtsiTs103097Data-Encrypted
* containing an encrypted EtsiTs103097Data-Signed
* containing EtsiTs103097Data
* containing InnerECRequestSignedForPOP
* containing tbsData
* containing headerInfo
* containing psid
* indicating AID_CERT_REQ
* and containing generationTime
* and not containing any other component of tbsdata.headerInfo
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.1 SECPKI_ITSS_ENR_09_BV
* @reference ETSI TS 102 941, clause 6.2.3.2.1
*/
testcase TC_SECPKI_ITSS_ENR_09_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
// Cleanup
} // End of TC_SECPKI_ITSS_ENR_09_BV
/**
* @desc The EtsiTs103097Data-Encrypted containing the correctly encrypted ciphertext and a recipients
* component containing one instance of RecipientInfo of choice certRecipInfo containing the
* hashedId8 of the EA certificate in recipientId and the encrypted data encryption key in encKey.
* The data encryption key is encrypted using the public key found in the EA certificate referenced
* in the recipientId.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send an EnrolmentRequestMessage
* }
* then {
* the IUT sends an EtsiTs103097Data-Encrypted
* containing recipients
* containing exactly one instance of RecipientInfo of choice certRecipInfo
* containing recipientId
* indicating the hashedId8
* referencing to the EA certificate
* containing encryptionKey (KEY)
* and containing encKey
* being a symmetric key (SYMKEY) encrypted using the key KEY
* containing ciphertext
* which is encrypted using the symmetric key SYMKEY contained in encKey
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.1 SECPKI_ITSS_ENR_10_BV
* @reference ETSI TS 102 941, clause 6.2.3.2.1
*/
testcase TC_SECPKI_ITSS_ENR_10_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
// Cleanup
} // End of TC_SECPKI_ITSS_ENR_10_BV
/**
* @desc In the inner signed data structure (InnerECRequestSignedForPOP), the signature is computed
* on InnerECRequest with the private key corresponding to the new verificationKey to prove
* possession of the generated verification key pair.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send an EnrolmentRequestMessage
* }
* then {
* the IUT sends an EtsiTs103097Data-Encrypted
* containing an encrypted EtsiTs103097Data-Signed
* containing EtsiTs103097Data
* containing InnerECRequestSignedForPOP
* containing tbsData
* containing InnerEcRequest
* containing verificationKey (VKEY)
* containing signature
* computed on InnerECRequest
* using the private key corresponding to VKEY
* contained in InnerECRequest
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.1 SECPKI_ITSS_ENR_11_BV
* @reference ETSI TS 102 941, clause 6.2.3.2.1
*/
testcase TC_SECPKI_ITSS_ENR_11_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
v_itss.start(f_TC_SECPKI_ITSS_ENR_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_ENR_01_BV_pki());
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
} // End of TC_SECPKI_ITSS_ENR_11_BV
/**
* @desc Check that signing of Enrolment HttpRequest message is permitted by the EC certificate.
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send an EnrolmentRequestMessage
* }
* then {
* the IUT sends an EtsiTs103097Data-Encrypted
* containing an encrypted EtsiTs103097Data-Signed
* containing signer
* containing digest
* indicating HashedId8 of the EC certificate
* containing appPermissions
* containing an item of type PsidSsp
* containing psid
* indicating AID_CERT_REQ
* and containing ssp
* containing opaque[0] (version)
* indicating 1
* containing opaque[1] (value)
* indicating "Enrolment Request" (bit 1) set to 1
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.1 SECPKI_ITSS_ENR_12_BV
* @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
*/
testcase TC_SECPKI_ITSS_ENR_12_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT or not PICS_SECPKI_REENROLMENT ) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT and PICS_SECPKI_REENROLMENT required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
v_itss.start(f_TC_SECPKI_ITSS_ENR_03_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_ENR_03_BV_pki());
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
// Cleanup
} // End of TC_SECPKI_ITSS_ENR_12_BV
} // End of group itss_enrolment_request
group itss_enrolment_response {
/**
* @desc If an enrolment request fails, the IUT returns to the state 'initialized.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send an EnrolmentRequestMessage
* and the EnrolmentResponseMessage is received
* containing a responseCode different than 0
* }
* then {
* the IUT returns to the "initialized" state
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.1 SECPKI_ITSS_ENR_RECV_01_BV
* @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
*/
testcase TC_SECPKI_ITSS_ENR_RECV_01_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
v_itss.start(f_TC_SECPKI_ITSS_ENR_RECV_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_ENR_RECV_01_BV_pki());
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
} // End of TC_SECPKI_ITSS_ENR_RECV_01_BV
group f_TC_SECPKI_ITSS_ENR_RECV_01_BV {
function f_TC_SECPKI_ITSS_ENR_RECV_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
// Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
f_cfUp_itss();
// Test adapter configuration
// Preamble
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
[] tc_noac.timeout {
f_sendUtTriggerEnrolmentRequestPrimitive();
log("*** " & testcasename() & ": PASS: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
// Test Body
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] tc_noac.timeout {
log("*** " & testcasename() & ": PASS: Enrolment trigger sent succesfully ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
} // End of 'alt' statement
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_ENR_RECV_01_BV_itss
function f_TC_SECPKI_ITSS_ENR_RECV_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
var HttpMessage v_request;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "inner_ec_response", v_headers);
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(vc_eaHashedId8), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
) {
var HttpMessage v_response;
var integer v_result;
var InnerEcRequest v_inner_ec_request;
tc_ac.stop;
// Verify IUT response
f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result, -, -, cantparse);
// Send response forcing error code
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": INFO: InnerEcRequest received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
// Test Body
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_ENR_RECV_01_BV_pki
} // End of group f_TC_SECPKI_ITSS_ENR_RECV_01_BV
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
/**
* @desc The IUT is capable of parsing and handling of positive EnrolmentResponse messages
* containing the requested EC. In case of a successful enrolment, the IUT switches
* to the state 'enrolled'.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send an initial EnrolmentRequestMessage
* and when the IUT receives a subsequent EnrolmentResponseMessage as an answer of the EA
* containing a responseCode
* indicating 0
* and containing an enrolment certificate
* }
* then {
* the IUT switches to the "enrolled" state
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.1 SECPKI_ITSS_ENR_RECV_02_BV
* @reference ETSI TS 102 941, clause 6.1.3, 6.2.3.2.1
*/
testcase TC_SECPKI_ITSS_ENR_RECV_02_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_ENROLMENT) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_ENROLMENT required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
v_itss.start(f_TC_SECPKI_ITSS_ENR_RECV_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_ENR_RECV_02_BV_pki());
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
} // End of testcase TC_SECPKI_ITSS_ENR_RECV_02_BV
group f_TC_SECPKI_ITSS_ENR_RECV_02_BV {
function f_TC_SECPKI_ITSS_ENR_RECV_02_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
var HttpMessage v_request;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
f_init_default_headers_list(-, "inner_ec_response", v_headers);
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(vc_eaHashedId8), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
) {
var HttpMessage v_response;
var integer v_result;
var InnerEcRequest v_inner_ec_request;
tc_ac.stop;
// Verify IUT response
f_verify_http_ec_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_request, v_inner_ec_response, v_response, v_result);
// Send response forcing error code
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_timeout);
// Test Body
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_ENR_RECV_02_BV_pki
} // End of group f_TC_SECPKI_ITSS_ENR_RECV_02_BV
} // End of group itss_enrolment_response
group itss_authorization_request {
* @desc Check that the ITS-S send the Authorization HttpRequest message to the Authorization Authority (AA) to request an authorization ticket.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.1 SECPKI_ITSS_AUTH_01_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.0
testcase TC_SECPKI_ITSS_AUTH_01_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
} // End of testcase TC_SECPKI_ITSS_AUTH_01_BV
group f_TC_SECPKI_ITSS_AUTH_01_BV {
function f_TC_SECPKI_ITSS_AUTH_01_BV_itss() runs on ItsPkiItss system ItsPkiItssSystem {
// Local variables
var HashedId8 v_certificate_digest;
var EtsiTs103097Certificate v_certificate;
var InfoPortData v_info_port_data;
var boolean v_start_awaiting := false;
// Test component configuration
vc_hashedId8ToBeUsed := PX_IUT_DEFAULT_CERTIFICATE;
f_cfUp_itss();
// Test adapter configuration
// Preamble
[] geoNetworkingPort.receive {
log("No CA message expected");
f_selfOrClientSyncAndVerdict(c_prDone, e_error);
[] tc_noac.timeout {
f_sendUtTriggerEnrolmentRequestPrimitive();
log("*** " & testcasename() & ": PASS: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
} // End of 'alt' statement
// Test Body
f_sendUtTriggerAuthorizationRequestPrimitive();
[v_start_awaiting == true] a_await_cam_with_current_cert(
v_info_port_data.hashed_id8,
v_info_port_data.at_certificate
) {
log("*** " & testcasename() & ": PASS: IUT started to send CA message using new AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
}
[] geoNetworkingPort.receive {
log("*** " & testcasename() & ": FAIL: IUT started to send CA message using wrong AT certificate ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
[] infoPort.receive(InfoPortData:?) -> value v_info_port_data {
log("*** " & testcasename() & ": INFO: Received new AT certificate ***");
v_start_awaiting := true;
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": PASS: No CA message received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfDown_itss();
} // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_itss
function f_TC_SECPKI_ITSS_AUTH_01_BV_pki() runs on ItsPkiHttp system ItsPkiItssSystem {
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
var HttpMessage v_request;
var InnerEcResponse v_inner_ec_response;
// Test component configuration
f_cfHttpUp(PICS_TS_EA_CERTIFICATE_ID, PICS_TS_AA_CERTIFICATE_ID);
// Test adapter configuration
// Preamble
if (PX_TRIGGER_EC_BEFORE_AT) {
if (f_await_ec_request_send_response(v_inner_ec_response) == true) {
log("*** " & testcasename() & ": INFO: Enrolment succeed ***");
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
} else {
log("*** " & testcasename() & ": INCONC: Enrolment failed ***");
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_timeout);
}
} else {
f_selfOrClientSyncAndVerdict(c_prDone, e_success);
}
// Test Body
tc_ac.start;
alt {
[] a_await_at_http_response_from_iut(
mw_http_request(
mw_http_request_post(
PICS_HTTP_POST_URI_EC,
-,
mw_http_message_body_binary(
mw_binary_body_ieee1609dot2_data(
mw_enrolmentRequestMessage(
mw_encryptedData(
{ *, mw_recipientInfo_pskRecipInfo(vc_aaHashedId8), * },
mw_SymmetricCiphertext_aes128ccm
)))))),
v_request
) {
var HttpMessage v_response;
var integer v_result;
var InnerAtRequest v_inner_at_request;
var InnerAtResponse v_inner_at_response;
tc_ac.stop;
// Verify IUT response
f_verify_http_at_request_from_iut_itss(v_request.request, v_headers, v_inner_ec_response.certificate, v_inner_at_request, v_inner_at_response, v_response, v_result);
// Send response
if (isvalue(v_response)) {
httpPort.send(v_response);
}
// Set verdict
if (v_result == 0) {
var octetstring v_msg;
var octetstring v_hashed_id8;
log("*** " & testcasename() & ": PASS: InnerEcRequest received ***");
v_msg := bit2oct(encvalue(v_inner_at_response.certificate));
if (ischosen(v_inner_at_response.certificate.toBeSigned.verifyKeyIndicator.verificationKey.ecdsaBrainpoolP384r1)) {
v_hashed_id8 := f_hashedId8FromSha384(f_hashWithSha384(v_msg));
} else {
v_hashed_id8 := f_hashedId8FromSha256(f_hashWithSha256(v_msg));
}
infoPort.send(InfoPortData : { hashed_id8 := v_hashed_id8, at_certificate := v_inner_at_response.certificate });
f_selfOrClientSyncAndVerdict(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: Failed to verify EA an EnrolmentRequestMessage ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_error);
}
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdict(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_cfHttpDown();
} // End of function f_TC_SECPKI_ITSS_AUTH_01_BV_pki
} // End of group f_TC_SECPKI_ITSS_AUTH_01_BV
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
/**
* @desc Check that the AuthorizationRequest message is encrypted and sent to only one Authorization Authority.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* authorized with CERT_AA certificate
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing content.encryptedData.recipients
* indicating size 1
* and containing the instance of RecipientInfo
* containing certRecipInfo
* containing recipientId
* indicating HashedId8 of the CERT_AA
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.1 SECPKI_ITSS_AUTH_02_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_02_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
} // End of testcase TC_SECPKI_ITSS_AUTH_02_BV
/**
* @desc Check that the AuthorizationRequest message is encrypted using the encryptionKey found in the AA certificate referenced in recipientId.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions:
* with {
* the IUT being in the "operational state"
* authorized with CERT_AA certificate
* containing encryptionKey (AA_ENC_PUB_KEY)
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is triggered to requested a new Authorization Ticket (AT)
* }
* then {
* the IUT sends EtsiTs103097Data to the AA
* containing content.encryptedData
* containing ciphertext
* containing data
* encrypted using AA_ENC_PUB_KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 525-2 v1.1.1 SECPKI_ITSS_AUTH_03_BV
* @reference ETSI TS 102 941 [2], clause 6.2.3.3.1
*/
testcase TC_SECPKI_ITSS_AUTH_03_BV() runs on ItsMtc system ItsPkiItssSystem {
// Local variables
var ItsPkiItss v_itss;
var ItsPkiHttp v_ea;
// Test control
if (not PICS_IUT_ITS_S_ROLE or not PICS_SECPKI_AUTHORIZATION) {
log("*** " & testcasename() & ": PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION required for executing the TC ***");
setverdict(inconc);
stop;
}
// Test component configuration
// Start component
v_itss.start(f_TC_SECPKI_ITSS_AUTH_01_BV_itss());
v_ea.start(f_TC_SECPKI_ITSS_AUTH_01_BV_pki());
// Synchronization
f_serverSync2ClientsAndStop({c_prDone, c_tbDone});
// Cleanup
} // End of testcase TC_SECPKI_ITSS_AUTH_03_BV
/**
* @desc Check that the AuthorizationRequest message is never reused the same encryption key and nonce.
* <pre>
* Pics Selection: PICS_IUT_ITS_S_ROLE and PICS_SECPKI_AUTHORIZATION
* Initial conditions: