ItsPki_TestCases.ttcn

/**
 *  @author   ETSI / STF545
 *  @version  $URL$
 *            $Id$
 *  @desc     Testcases  file for Security Protocol
 *  @reference   ETSI TS ITS-00546v006
 *  @copyright   ETSI Copyright Notification
 *               No part may be reproduced except as authorized by written permission.
 *               The copyright and the foregoing restriction extend to reproduction in all media.
 *               All rights reserved.
 */
module ItsPki_TestCases {
  
  // Libcommon
  import from LibCommon_Time all;
  import from LibCommon_VerdictControl all;
  import from LibCommon_Sync all;
  import from LibCommon_BasicTypesAndValues all;
  import from LibCommon_DataStrings all;
    
  // LibIts
  import from IEEE1609dot2BaseTypes language "ASN.1:1997" all;
  import from IEEE1609dot2 language "ASN.1:1997" all;
  import from EtsiTs102941BaseTypes language "ASN.1:1997" all;
  import from EtsiTs102941TypesEnrolment language "ASN.1:1997" all;
  import from EtsiTs102941MessagesItss language "ASN.1:1997" all;
  import from EtsiTs103097Module language "ASN.1:1997" all;
  import from ITS_Container language "ASN.1:1997" all;
  import from CAM_PDU_Descriptions language "ASN.1:1997" all;
  
  // LibItsCommon
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_Functions all;
  import from LibItsCommon_TypesAndValues all;
  import from LibItsCommon_ASN1_NamedNumbers all;
  
  // LibItsGeoNetworking
  import from LibItsGeoNetworking_TestSystem all;
  import from LibItsGeoNetworking_Functions all;
  import from LibItsGeoNetworking_Templates all;
  import from LibItsGeoNetworking_TypesAndValues all;
  import from LibItsGeoNetworking_Pics all;
  
  // LibItsSecurity
  import from LibItsSecurity_TypesAndValues all;
  import from LibItsSecurity_TestSystem all;
  import from LibItsSecurity_Templates all;
  import from LibItsSecurity_Functions all;
  import from LibItsSecurity_Pixits all;
  import from LibItsSecurity_Pics all;
  
  // LibItsHttp
  import from LibItsHttp_TypesAndValues all;
  import from LibItsHttp_Templates all;
  import from LibItsHttp_BinaryTemplates all;
  import from LibItsHttp_Functions all;
  import from LibItsHttp_TestSystem all;
    
  // LibItsPki
  import from LibItsPki_Templates all;
  import from LibItsPki_TestSystem all;
    
  // AtsPki
  import from ItsPki_Functions all;

  /**
   * @desc 5.2	ITS-S behaviour
   */
  group itss_behavior {

    group itss_manufacturing {
      
      /**
       * @desc Check that IUT sends an enrolment request when triggered.
       * <pre>
       * Pics Selection: 
       * Initial conditions: 
       *     with {
       *         the IUT being in the "initial state"
       *     }
       * Expected behaviour:
       *     ensure that {
       *         when {
       *             the IUT is triggered to requested a new Enrolment Certificate (EC)
       *         }
       *         then {
       *             the IUT sends to EA an EnrolmentRequestMessage
       *         }
       *     }
       * </pre>
       * 
       * @see       ETSI TS ITS-00546v006 TP 2
       * @reference ETSI TS 102 941 [2], clause 6.1.3
       */
      testcase TC_SEC_PKI_ITSS_ENR_BV_01() runs on ItsMtc /*system ItsPkiItssSystem*/ {
        // Local variables
        var ItsPkiItss v_itss;
        var ItsPki     v_ea;
        
        // Test component configuration
        //f_cfUp_itss();
        
        v_itss.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(cc_taCert_A));
        v_ea.start(f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(cc_taCert_A));
        
        // Synchronization
        f_serverSync2ClientsAndStop({c_prDone, c_tbDone, c_poDone});
        
        // Cleanup
        //f_cfDown_itss();
        
      } // End of testcase TC_SEC_PKI_ITSS_ENR_BV_01
      
      group f_TC_SEC_PKI_ITSS_ENR_BV_01 {
        
        function f_TC_SEC_PKI_ITSS_ENR_BV_01_itss(in charstring p_certificate_id) runs on ItsPkiItss /*system ItsPkiItssSystem*/ {
                
            // Local variables
            var LongPosVector v_longPosVectorIut;
                
            // Test control
            if (not(PICS_GN_SECURITY)) {
                log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
                stop;
            }
            
            // Test component configuration
            f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
            v_longPosVectorIut := f_getPosition(c_compIut);
                
            // Test adapter configuration
            
            // Preamble
            f_prNeighbour();
            f_acTriggerEvent(m_startPassBeaconing(m_beaconHeader(v_longPosVectorIut).beaconHeader)); // Authorize the TA to forward the received beacons
            f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
            
            // Test Body
            tc_ac.start;
            alt {
                [] geoNetworkingPort.receive(
                    mw_geoNwInd(
                        mw_geoNwSecPdu(
                            mw_etsiTs103097Data_signed
                ))) {
                    tc_ac.stop;
                    log("*** " & testcasename() & ": PASS: Security protocol version set to 3 ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
                }
                [] tc_ac.timeout {
                    log("*** " & testcasename() & ": INCONC: Expected message not received ***");
                    f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
                }
            } // End of 'alt' statement
            
            // Postamble
            f_acTriggerEvent(m_stopPassBeaconing);
            f_poNeighbour();
            f_cf01Down();
        } // End of testcase f_TC_SEC_PKI_ITSS_ENR_BV_01_itss
        
        function f_TC_SEC_PKI_ITSS_ENR_BV_01_pki(in charstring p_certificate_id) runs on ItsPki /*system ItsPkiItssSystem*/ { 
          
        } // End of testcase f_TC_SEC_PKI_ITSS_ENR_BV_01_pki
        
      } // End of f_TC_SEC_PKI_ITSS_ENR_BV_01
      
    } // End of group itss_manufacturing
    
    
  } // End of group itss_behavior
  
  group ea_behavior {
    
    /**
     * @desc The EnrolmentResponse message shall be sent by the EA to the 
     *       ITS-S across the interface at reference point S3 in response 
     *       to a received EnrolmentRequest message.
     * <pre>
     * Pics Selection: 
     * Initial conditions: 
     *     with {
     *         the IUT being in the "operational state"
     *     }
     * Expected behaviour:
     *     ensure that {
     *         when {
     *             the IUT receives an EnrolmentRequestMessage across the interface at the reference point S3
     *         }
     *         then {
     *             the IUT answers with an EnrolmentResponseMessage across the interface at reference point S3
     *         }
     *     }
     * </pre>
     * 
     * @see       ETSI TS ITS-00546v006 TP 20
     * @reference ETSI TS 102 941, clause 6.2.3.2.2
     */
    testcase TC_SEC_PKI_SND_EA_BV_01() runs on ItsPki system ItsPkiSystem {
      // Local variables
      var EtsiTs103097Certificate v_certificate;
    
      // Test control
    
      // Test component configuration
      vc_hashedId8ToBeUsed := "CERT_TS_B_AT";
      ItsPki_Functions.f_cfUp();
    
      // Test adapter configuration
    
      // Preamble
      f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
    
      // Test Body
      pkiPort.send(
                   m_innerEcRequest(
                                    "TODO",
                                    m_publicKeys(
                                                 v_certificate.toBeSigned.verifyKeyIndicator.verificationKey,
                                                 v_certificate.toBeSigned.encryptionKey
                                                 ),
                                    m_certificateSubjectAttributes(
                                                                   v_certificate.toBeSigned.appPermissions,
                                                                   v_certificate.toBeSigned.validityPeriod,
                                                                   v_certificate.toBeSigned.region,
                                                                   v_certificate.toBeSigned.assuranceLevel
                                                                   )));
      tc_ac.start;
      alt {
        [] pkiPort.receive(
                           mw_innerEcResponse_ok
                                               ) {
          tc_ac.stop;
          log("*** " & testcasename() & ": PASS: InnerEcReponse received ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
        }
        [] pkiPort.receive { // FIXME Use altstep
          tc_ac.stop;
          log("*** " & testcasename() & ": FAIL: HTTP error ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
        }
        [] tc_ac.timeout {
          log("*** " & testcasename() & ": INCONC: Expected message not received ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
        }
      } // End of 'alt' statement
    
      // Postamble
      ItsPki_Functions.f_cfDown();
    
    } // End of testcase TC_SEC_PKI_SND_EA_BV_01

    /**
     * @desc If the enrolment request of the IUT is an initial enrolment request, the itsId 
     *       (contained in the InnerECRequest) shall be set to the canonical identifier, the 
     *       signer (contained in the outer EtsiTs1030971Data-Signed) shall be set to self and 
     *       the outer signature shall be computed using the canonical private key.
     * <pre>
     * Pics Selection: 
     * Initial conditions: 
     *     with {
     *         the IUT being in the "operational state"
     *     }
     * Expected behaviour:
     *     ensure that {
     *         when {
     *             the IUT is requested to send an EnrolmentRequestMessage
     *         }
     *         then {
     *             the IUT sends an EtsiTs103097Data-Encrypted
     *                 containing an encrypted EtsiTs103097Data-Signed
     *                     containing EtsiTs103097Data
     *                          containing InnerECRequestSignedForPOP
     *                             containing InnerEcRequest
     *                                 containing itsId
     *                                     indicating the canonical identifier of the ITS-S 
     *                 and containing signer
     *                     declared as self
     *                 and containing signature 
     *                     computed using the canonical private key
     *         }
     *     }
     * </pre>
     * 
     * @see       ETSI TS ITS-00546v006 TP 20
     * @reference ETSI TS 102 941, clause 6.2.3.2.2
     */
    testcase TC_SEC_PKI_SND_EA_BV_02() runs on ItsPkiHttp system ItsPkiHttpSystem {
      // Local variables
      var Oct32 v_private_key;
      var Oct32 v_publicKeyX;
      var Oct32 v_publicKeyY;
      var Oct32 v_publicKeyCompressed;
      var integer v_compressedMode;
      var template (value) EccP256CurvePoint v_eccP256_curve_point;
      var template (value) InnerEcRequest v_inner_ec_request;
      var octetstring v_encoded_inner_ec_request;
      var template (value) ToBeSignedData v_tbs;
      var Oct32 v_tbs_signed;
      var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_data;
      var Oct16 v_authentication_vector;
      var Oct16 v_encrypted_sym_key;
      var Oct12 v_nonce;
      var HashedId8 v_recipientId;
      var template (value) Ieee1609Dot2Data v_ieee1609dot2_signed_and_encrypted_data;
      
      var HeaderLines      v_headers;
    
      // Test control
    
      // Test component configuration
      f_cfHttpUp("CERT_IUT_A_EA");
      
      // Test adapter configuration
    
      // Preamble
      // f_generate_innerEcRequestSignedForPop(v_inner_ec_request)
      // Generate jkeys for the certificate to be requested
      if (f_generate_key_pair_nistp256(v_private_key, v_publicKeyX, v_publicKeyY, v_publicKeyCompressed, v_compressedMode) == false) {
        f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_error);
        stop;
      }
      log("v_private_key = ", v_private_key);
      log("v_public_key X= ", v_publicKeyX);
      log("v_public_key Y= ", v_publicKeyY);
      log("v_public_key compressed= ", v_publicKeyCompressed, v_compressedMode);
      if (v_compressedMode == 0) {
        v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_0(v_publicKeyCompressed);
      } else {
        v_eccP256_curve_point := m_eccP256CurvePoint_compressed_y_1(v_publicKeyCompressed);
      }
      // Build the Proof of possession InnerEcRequestSignedForPop
      v_inner_ec_request := m_innerEcRequest(
                                             "CanonicalItsId",
                                             m_publicKeys(
                                                          m_publicVerificationKey_ecdsaNistP256(v_eccP256_curve_point),
                                                          m_encryptionKey(
                                                                          -,
                                                                          m_publicEncryptionKey_ecdsaNistP256(v_eccP256_curve_point)
                                                                         )
                                                          ),
                                             m_certificateSubjectAttributes(
                                                                            { // ETSI TS 102 965 Table A.1: ETSI ITS standardized ITS-AIDs
                                                                              valueof(m_appPermissions(36, { bitmapSsp := '830001'O })), 
                                                                              valueof(m_appPermissions(37, { bitmapSsp := '830001'O })) 
                                                                            },
                                                                            m_validityPeriod(
                                                                                             17469212,
                                                                                             m_duration_years(10)
                                                                                            ),
                                                                            m_geographicRegion_identifiedRegion(
                                                                                                                {
                                                                                                                  m_identifiedRegion_country_only(12), 
                                                                                                                  m_identifiedRegion_country_only(34)
                                                                                                                }
                                                                                                               ),
                                                                            'C0'O
                                                                           )
                                            );
      // Encode it
      v_encoded_inner_ec_request := bit2oct(encvalue(v_inner_ec_request));
      // f_buildPkiSecuredCam(v_encoded_inner_ec_request, )
      // Signed the encoded InnerEcRequestSignedForPop
      v_tbs := m_toBeSignedData(
                                m_signedDataPayload(
                                                    m_etsiTs103097Data_unsecured(v_encoded_inner_ec_request)
                                                   ),
                                m_headerInfo_inner_ec_request(12345, f_getCurrentTime()) // TODO Use PIXIT
                               );
      // Signed the encoded InnerEcRequestSignedForPop
      v_tbs_signed := fx_signWithEcdsaNistp256WithSha256_1(bit2oct(encvalue(v_tbs)), valueof(v_eccP256_curve_point), v_private_key); // TODO Use wrapping function
      // Finalyse signed InnerEcRequestSignedForPop
      v_ieee1609dot2_signed_data := m_etsiTs103097Data_signed(
                                                              m_signedData(
                                                                           sha256,
                                                                           v_tbs,
                                                                           m_signerIdentifier_self,
                                                                           m_signature_ecdsaNistP256(
                                                                                                     m_ecdsaP256Signature(
                                                                                                                          m_eccP256CurvePoint_x_only(
                                                                                                                                                     substr(v_tbs_signed, 0, 32)
                                                                                                                                                     ),
                                                                                                                          substr(v_tbs_signed, 32, 32)
                                                                                                                          )
                                                                                                     )
                                                                           )
                                                      );
      // Encode InnerEcRequestSignedForPop
      v_encoded_inner_ec_request := bit2oct(encvalue(v_ieee1609dot2_signed_data));
      // Encrypt the encoded signed InnerEcRequestSignedForPop
      v_encrypted_inner_ec_request := f_encryptWithEciesNistp256WithSha256(bit2oct(v_encoded_inner_ec_request), v_tsPublicKeyCompressed, v_tsCompressedMode, v_publicEphemeralKeyCompressed, v_ephemeralKeyModeCompressed, v_encrypted_sym_key, v_authentication_vector, v_nonce);
      v_recipientId := f_HashedId8FromSha256(f_hashWithSha256(bit2oct(v_encrypted_inner_ec_request))); // IEEE Std 1609.2a-2017 Clause 6.3.34 PKRecipientInfo
      // Fill Certificate template with the public compressed keys (canonical form)
      if (v_ephemeralKeyModeCompressed == 0) {
        v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_0(v_publicEphemeralKeyCompressed));
      } else {
        v_eccP256_curve_point := valueof(m_eccP256CurvePoint_compressed_y_1(v_publicEphemeralKeyCompressed));
      }
      v_ieee1609dot2_signed_and_encrypted_data := m_etsiTs103097Data_encrypted(
                                                       m_encryptedData(
                                                                       {
                                                                        m_recipientInfo_signedDataRecipInfo(
                                                                                                            m_pKRecipientInfo(
                                                                                                                              v_recipientId,
                                                                                                                              m_encryptedDataEncryptionKey_eciesNistP256(
                                                                                                                                                                      m_evciesP256EncryptedKey(
                                                                                                                                                                                               v_eccP256_curve_point,
                                                                                                                                                                                               v_encrypted_sym_key, 
                                                                                                                                                                                               v_authentication_vector
                                                                        ))))
                                                                       },
                                                                       m_SymmetricCiphertext_aes128ccm(
                                                                                                       m_aesCcmCiphertext(
                                                                                                                          v_nonce, 
                                                                                                                          v_encrypted_inner_ec_request
                                                                                                                         )
                                                                                                      )
                                                                      )
                                                       );
    log("v_ieee1609dot2_signed_and_encrypted_data = ", v_ieee1609dot2_signed_and_encrypted_data);
    v_encrypted_inner_ec_request := encvalue(v_ieee1609dot2_signed_and_encrypted_data);
      
      
      
      
      f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
    
      // Test Body
      f_init_default_headers_list(v_headers);
      //f_prepare_pki_message(v_pki_message);
      httpPort.send(
                    m_http_request(
                                   m_http_request_post(
                                                       "/", 
                                                       v_headers, 
                                                       m_http_message_body_binary(
                                                                                  m_binary_body_ieee1609dot2_data(
                                                                                                                  v_ieee1609dot2_signed_and_encrypted_data
                                                                                                                  )))));
      tc_ac.start;
      alt {
        [] httpPort.receive(
                            mw_http_response(
                                             mw_http_response_ok(
                                                                 mw_http_message_body_binary(
                                                                                             mw_binary_body_ieee1609dot2_data(
                                                                                                                              mw_etsiTs103097Data_encrypted(
                                                                                                                                  mw_encryptedData(
                                                                                                                                      -,
                                                                                                                                      mw_SymmetricCiphertext_aes128ccm
                                                                                             ))))))) {
          tc_ac.stop;
          log("*** " & testcasename() & ": PASS: InnerEcReponse received ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
        }
        [] httpPort.receive( // FIXME Use altstep
                            mw_http_response(
                                             mw_http_response_ko
                                             )) {
          tc_ac.stop;
          log("*** " & testcasename() & ": FAIL: HTTP error ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
        }
        [] httpPort.receive(mw_http_response) { // FIXME Use altstep
          tc_ac.stop;
          log("*** " & testcasename() & ": FAIL: Unexpected response received ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
        }
        [] tc_ac.timeout {
          log("*** " & testcasename() & ": INCONC: Expected message not received ***");
          f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
        }
      } // End of 'alt' statement
    
      // Postamble
      f_cfHttpDown();
    
    } // End of testcase TC_SEC_PKI_SND_EA_BV_02

  } // End of group ea_behavior

  group aa_behavior {

  } // End of group aa_beavior
  
} // End of module ItsPki_TestCases