Newer
Older
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_digest
)
),
mw_geoNwShbPacket
))) -> value v_geoNwInd {
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Message with certificate not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_13_BV
/**
* @desc Check that the certificate encryption key contains ECC point of type set to
* either compressed_lsb_y_0, compressed_lsb_y_1 or uncompressed.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
*
* }
* ensure that {
* when {
* the IUT issued the certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing encryptionKey
* containing publicKey
* containing uncompressed
* or containing compressed-y-0
* or containing compressed-y-1
* }
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_14_BV
* @reference IEEE 1609.2 [2], Clauses 6.4.38
testcase TC_SEC_ITSS_SND_CERT_14_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := PICS_CERTFICATES_FOI[PICS_CERTFICATES_VAR].certificate_id;
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[PICS_SEC_NIST_P256 == true] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_toBeSignedCertificate_at(
-, -, -, -, -,
mw_encryptionKey(
-,
mw_publicEncryptionKey_ecdsaNistP256(
mw_eccP256CurvePoint_uncompressed
)
)
)
)
)
)
),
mw_geoNwShbPacket
))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Message with well-formated signature received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
9112
9113
9114
9115
9116
9117
9118
9119
9120
9121
9122
9123
9124
9125
9126
9127
9128
9129
9130
9131
9132
9133
9134
9135
9136
9137
9138
9139
9140
9141
9142
}
[PICS_SEC_NIST_P256 == true] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at(
-, -, -, -, -,
mw_encryptionKey(
-,
mw_publicEncryptionKey_ecdsaNistP256(
mw_eccP256CurvePoint_compressed_y_0
)
)
)
)
)
)
),
mw_geoNwShbPacket
))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Message with well-formated signature received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
9144
9145
9146
9147
9148
9149
9150
9151
9152
9153
9154
9155
9156
9157
9158
9159
9160
9161
9162
9163
9164
9165
9166
9167
9168
9169
9170
9171
9172
9173
9174
}
[PICS_SEC_NIST_P256 == true] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at(
-, -, -, -, -,
mw_encryptionKey(
-,
mw_publicEncryptionKey_ecdsaNistP256(
mw_eccP256CurvePoint_compressed_y_1
)
)
)
)
)
)
),
mw_geoNwShbPacket
))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Message with well-formated signature received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
9176
9177
9178
9179
9180
9181
9182
9183
9184
9185
9186
9187
9188
9189
9190
9191
9192
9193
9194
9195
9196
9197
9198
9199
9200
9201
9202
9203
9204
9205
9206
}
[PICS_SEC_BRAINPOOL_P256R1 == true] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at(
-, -, -, -, -,
mw_encryptionKey(
-,
mw_publicEncryptionKey_eciesBrainpoolP256r1(
mw_eccP256CurvePoint_uncompressed
)
)
)
)
)
)
),
mw_geoNwShbPacket
))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Message with well-formated signature received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
9208
9209
9210
9211
9212
9213
9214
9215
9216
9217
9218
9219
9220
9221
9222
9223
9224
9225
9226
9227
9228
9229
9230
9231
9232
9233
9234
9235
9236
9237
9238
}
[PICS_SEC_BRAINPOOL_P256R1 == true] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at(
-, -, -, -, -,
mw_encryptionKey(
-,
mw_publicEncryptionKey_eciesBrainpoolP256r1(
mw_eccP256CurvePoint_compressed_y_0
)
)
)
)
)
)
),
mw_geoNwShbPacket
))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Message with well-formated signature received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
9240
9241
9242
9243
9244
9245
9246
9247
9248
9249
9250
9251
9252
9253
9254
9255
9256
9257
9258
9259
9260
9261
9262
9263
9264
9265
9266
9267
9268
9269
9270
}
[PICS_SEC_BRAINPOOL_P256R1 == true] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at(
-, -, -, -, -,
mw_encryptionKey(
-,
mw_publicEncryptionKey_eciesBrainpoolP256r1(
mw_eccP256CurvePoint_compressed_y_1
)
)
)
)
)
)
),
mw_geoNwShbPacket
))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: Message with well-formated signature received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
9272
9273
9274
9275
9276
9277
9278
9279
9280
9281
9282
9283
9284
9285
9286
9287
9288
9289
9290
9291
9292
9293
9294
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate(
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at
)
)
)
),
mw_geoNwShbPacket
))) -> value v_geoNwInd {
tc_ac.stop;
log("*** " & testcasename() & ": FAIL: Message with wrong signature received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_digest
)
),
mw_geoNwShbPacket
))) -> value v_geoNwInd {
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Message with certificate not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
9317
9318
9319
9320
9321
9322
9323
9324
9325
9326
9327
9328
9329
9330
9331
9332
9333
9334
9335
9336
9337
9338
9339
9340
9341
9342
9343
9344
9345
9346
9347
9348
9349
9350
9351
9352
9353
9354
9355
9356
9357
9358
9359
9360
9361
9362
9363
9364
9365
9366
9367
9368
9369
9370
9371
9372
9373
9374
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_14_BV
/**
* @desc Check the certificate signature.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the CA is authorized with AA certificate
* containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* containing X_KEY
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT issued the AT certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing issuer
* referencing the certificate
* containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* containing X_KEY
* indicating KEY
* and containing signature
* containing X_SIGNATURE
* verifiable using KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_15_BV
* @reference ETSI TS 103 097 [1], Clauses 6
*/
testcase TC_SEC_ITSS_SND_CERT_15_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SequenceOfCertificate v_aa_certificate;
var SignerIdentifier v_signerIdentifier;
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := PICS_CERTFICATES_FOI[PICS_CERTFICATES_VAR].certificate_id;
9376
9377
9378
9379
9380
9381
9382
9383
9384
9385
9386
9387
9388
9389
9390
9391
9392
9393
9394
9395
9396
9397
9398
9399
9400
9401
9402
9403
9404
9405
9406
9407
9408
9409
9410
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
tc_ac.start;
f_askAndWaitForCertificateChain(v_aa_certificate, f_generateDefaultCam());
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate( // Get the AT certificate
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at
))))))) -> value v_geoNwInd {
tc_ac.stop;
if (f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
if (f_verifyCertificateSignatureWithIssuingCertificate(v_signerIdentifier.certificate[0], v_aa_certificate[0]) == true) {
log("*** " & testcasename() & ": PASS: AT certificate is signed by AA certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_success);
} else {
log("*** " & testcasename() & ": FAIL: AT/AA certificate signature mismatch ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
9428
9429
9430
9431
9432
9433
9434
9435
9436
9437
9438
9439
9440
9441
9442
9443
9444
9445
9446
9447
9448
9449
9450
9451
9452
9453
9454
9455
9456
9457
9458
9459
9460
9461
9462
9463
9464
9465
9466
9467
9468
9469
9470
9471
9472
9473
9474
9475
9476
9477
9478
9479
9480
9481
9482
9483
9484
9485
9486
9487
9488
9489
9490
9491
9492
9493
9494
9495
9496
9497
9498
9499
9500
9501
9502
9503
9504
9505
9506
9507
9508
9509
9510
9511
9512
9513
9514
9515
9516
9517
9518
9519
9520
9521
9522
9523
9524
9525
9526
9527
9528
9529
9530
9531
9532
9533
9534
9535
9536
9537
9538
9539
9540
9541
9542
9543
9544
9545
9546
9547
9548
9549
9550
9551
9552
9553
9554
9555
9556
9557
9558
9559
9560
9561
9562
9563
9564
9565
9566
9567
9568
9569
9570
9571
9572
9573
9574
9575
9576
9577
9578
9579
9580
9581
9582
9583
9584
9585
9586
9587
9588
9589
9590
9591
9592
9593
9594
9595
9596
9597
9598
9599
9600
9601
9602
9603
9604
9605
9606
9607
9608
9609
9610
9611
9612
9613
9614
9615
9616
9617
9618
9619
9620
9621
9622
9623
9624
9625
9626
9627
9628
9629
9630
9631
9632
9633
9634
9635
9636
9637
9638
9639
9640
9641
9642
9643
9644
9645
9646
9647
),
mw_signerIdentifier_digest // containing digest
)
)
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_15_BV
/**
* @desc Check the certificate signature.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the CA is authorized with AA certificate
* containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* containing X_KEY
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT issued the AT certificate
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing issuer
* referencing the certificate
* containing toBeSigned
* containing verifyKeyIndicator
* containing verificationKey
* containing X_KEY
* indicating KEY
* and containing signature
* containing X_SIGNATURE
* verifiable using KEY
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_16_BV
* @reference ETSI TS 103 097 [1], Clauses 6
*/
testcase TC_SEC_ITSS_SND_CERT_16_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SequenceOfCertificate v_aa_certificate;
var SignerIdentifier v_signerIdentifier;
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
tc_ac.start;
f_askAndWaitForCertificateChain(v_aa_certificate, f_generateDefaultCam());
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate( // Get the AT certificate
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at
))))))) -> value v_geoNwInd {
tc_ac.stop;
if (f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var integer v_counter;
var charstring v_psid;
var template charstring v_found_pattern; // Used in regex to verify that 'v_psid' was not found before
// Check in AA certificate
var charstring v_psid_found_aa := ";"; // Used to build the list of the Psid already processed
for (v_counter := 0; v_counter < lengthof(v_aa_certificate[0].toBeSigned.appPermissions); v_counter := v_counter + 1) {
v_psid := int2str(v_aa_certificate[0].toBeSigned.appPermissions[v_counter].psid);
v_found_pattern := pattern "*({v_psid})*";
if (regexp(v_psid_found_aa, v_found_pattern, 0) == v_psid) {
break; // v_psid exist at least 2 times, uniqueness is not verified
}
v_psid_found_aa := v_psid_found_aa & v_psid & ";";
} // End of 'for' statement
if (v_counter == lengthof(v_aa_certificate[0].toBeSigned.appPermissions)) {
var charstring v_psid_found_at := ";"; // Used to build the list of the Psid already processed
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate[0].toBeSigned.appPermissions); v_counter := v_counter + 1) {
v_psid := int2str(v_signerIdentifier.certificate[0].toBeSigned.appPermissions[v_counter].psid);
v_found_pattern := pattern "*({v_psid})*";
if (regexp(v_psid_found_at, v_found_pattern, 0) == v_psid) {
log("*** " & testcasename() & ": FAIL: AT certificate contains duplicated Psid ***");
break; // v_psid exist at least 2 times, uniqueness is not verified
} else if (regexp(v_psid_found_aa, v_found_pattern, 0) == v_psid) {
log("*** " & testcasename() & ": FAIL: AT certificate contains a Psid not contained in AA certificate ***");
break;
}
v_psid_found_at := v_psid_found_at & v_psid & ";";
} // End of 'for' statement
if (v_counter == lengthof(v_signerIdentifier.certificate[0].toBeSigned.appPermissions)) {
log("*** " & testcasename() & ": PASS: Psid are unique in certificates ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: AA certificate contains duplicated Psid ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
} else {
log("*** " & testcasename() & ": FAIL: IMPOSSIBLE!!! CAM generation location or certificate region restriction header field does not exist ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_digest // containing digest
)
)
))) {
log("*** " & testcasename() & ": INFO: Generation of CAM messages including digest ***");
repeat;
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_16_BV
/**
* @desc Check that IUT supports at least 8 items in the appPermissions component of the certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (CERT_IUT_A_AT_A8)
* containing toBeSigned
* containing appPermissions
* containing 8 entries
* indicating the last item
* containing psid
* indicating the ‘AID_CAM’
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a secured CAM
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing containing content
* containing signedData
* containing tbsData
* containing headerInfo
* containing psid
* indicating 'AID_CAM'
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_17_BV
* @reference ETSI TS 103 097 [1], Clauses 6
*/
testcase TC_SEC_ITSS_SND_CERT_17_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := PICS_CERTFICATES_FOI[PICS_CERTFICATES_VAR].certificate_id; // FIXME
9649
9650
9651
9652
9653
9654
9655
9656
9657
9658
9659
9660
9661
9662
9663
9664
9665
9666
9667
9668
9669
9670
9671
9672
9673
9674
9675
9676
9677
9678
9679
9680
9681
9682
9683
9684
9685
9686
9687
9688
9689
9690
9691
9692
9693
9694
9695
9696
9697
9698
9699
9700
9701
9702
9703
9704
9705
9706
9707
9708
9709
9710
9711
9712
9713
9714
9715
9716
9717
9718
9719
9720
9721
9722
9723
9724
9725
9726
9727
9728
9729
9730
9731
9732
9733
9734
9735
9736
9737
9738
9739
9740
9741
9742
9743
9744
9745
9746
9747
9748
9749
9750
9751
9752
9753
9754
9755
9756
9757
9758
9759
9760
9761
9762
9763
9764
9765
9766
9767
9768
9769
9770
9771
9772
9773
9774
9775
9776
9777
9778
9779
9780
9781
9782
9783
9784
9785
9786
9787
9788
9789
9790
9791
9792
9793
9794
9795
9796
9797
9798
9799
9800
9801
9802
9803
9804
9805
9806
9807
9808
9809
9810
9811
9812
9813
9814
9815
9816
9817
9818
9819
9820
9821
9822
9823
9824
9825
9826
9827
9828
9829
9830
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
)
))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: ATS_AID was received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_17_BV
/**
* @desc Check that all PSID entries of the certIssuePermissions component of the certificate are unique.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
*
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT issued the certificate
* containing toBeSigned
* containing certIssuePermissions
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing toBeSigned
* containing certIssuePermissions
* containing items of type PsidGroupPermissions
* and containing subjectPermissions
* containing explicit
* containing items of type PsidSspRange
* containing psid
* indicating unique values in this sequence
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_18_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.28 & 5.1.2.4
*/
testcase TC_SEC_ITSS_SND_CERT_18_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
var SequenceOfCertificate v_aa_certificate;
var integer v_counter;
var integer v_counter1;
var charstring v_psid;
var charstring v_psid_found_aa := ";"; // Used to build the list of the Psid already processed
var template charstring v_found_pattern; // Used in regex to verify that 'v_psid' was not found before
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
tc_ac.start;
f_askAndWaitForCertificateChain(v_aa_certificate, f_generateDefaultCam());
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
if (not(ispresent(v_aa_certificate[0].toBeSigned.certIssuePermissions))) {
log("*** " & testcasename() & ": FAIL: PsidGroupPermissions required in AA certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
for (v_counter := 0; v_counter < lengthof(v_aa_certificate[0].toBeSigned.certIssuePermissions); v_counter := v_counter + 1) {
if (match(v_aa_certificate[0].toBeSigned.certIssuePermissions[v_counter], mw_psidGroupPermissions(mw_subjectPermissions_explicit)) == false){
break;
}
for (v_counter1 := 0; v_counter1 < lengthof(v_aa_certificate[0].toBeSigned.certIssuePermissions[v_counter].subjectPermissions.explicit); v_counter1 := v_counter1 + 1) {
v_psid := int2str(v_aa_certificate[0].toBeSigned.certIssuePermissions[v_counter].subjectPermissions.explicit[v_counter1].psid);
v_found_pattern := pattern "*({v_psid})*";
if (regexp(v_psid_found_aa, v_found_pattern, 0) == v_psid) {
break; // v_psid exist at least 2 times, uniqueness is not verified
}
v_psid_found_aa := v_psid_found_aa & v_psid & ";";
} // End of 'for' statement
if (v_counter < lengthof(v_aa_certificate[0].toBeSigned.certIssuePermissions[v_counter].subjectPermissions.explicit)) {
break;
}
} // End of 'for' statement
if (v_counter == lengthof(v_aa_certificate[0].toBeSigned.certIssuePermissions)) {
log("*** " & testcasename() & ": PASS: Psid are unique in certificates ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
log("*** " & testcasename() & ": FAIL: Wrong PsidGroupPermissions in AA certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
}
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_18_BV
/**
* @desc Check that IUT supports at least 8 items in the certIssuePermissions component of the certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* the IUT is authorized with AT certificate (CERT_IUT_A_AT_A8)
* containing appPermissions
* conformed to the certIssuePermissions
* issued by AA certificate (CERT_IUT_A_AA_C8)
* containing toBeSigned
* containing certIssuePermissions
* containing 8 entries
* indicating the last item
* containing psid
* indicating the ‘AID_CAM’
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT is requested to send a secured CAM
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing containing content
* containing signedData
* containing tbsData
* containing headerInfo
* containing psid
* indicating 'AID_CAM'
* }
* }
* </pre>
*
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_19_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.8
*/
testcase TC_SEC_ITSS_SND_CERT_19_BV() runs on ItsGeoNetworking system ItsSecSystem {
// Local variables
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
vc_hashedId8ToBeUsed := PICS_CERTFICATES_FOI[PICS_CERTFICATES_VAR].certificate_id; // FIXME
9832
9833
9834
9835
9836
9837
9838
9839
9840
9841
9842
9843
9844
9845
9846
9847
9848
9849
9850
9851
9852
9853
9854
9855
9856
f_cf01Up();
// Test adapter configuration
// Preamble
f_prNeighbour();
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
)
))))) {
tc_ac.stop;
log("*** " & testcasename() & ": PASS: ATS_AID was received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
}
[] tc_ac.timeout {
log("*** " & testcasename() & ": INCONC: Expected message not received ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_timeout);
}
} // End of 'alt' statement
// Postamble
f_poNeighbour();
f_cf01Down();
} // End of testcase TC_SEC_ITSS_SND_CERT_19_BV
* @desc Check that all PSID entries of the appPermissions component of the certificate are also
* contained in the certIssuePermissions component in the issuing certificate.
* <pre>
* Pics Selection: PICS_GN_SECURITY
* Config Id: CF01
* Initial conditions:
* with {
* }
* Expected behaviour:
* ensure that {
* when {
* the IUT issued the certificate
* containing toBeSigned
* containing certIssuePermissions
* } then {
* this certificate is of type EtsiTs103097Certificate
* containing issuer
* referenced to the certificate
* containing toBeSigned
* containing certIssuePermissions
* containing items of type PsidGroupPermissions
* containing eeType
* indicating app(0)
* and containing subjectPermissions
* containing explicit
* containing items of type PsidSspRange
* indicating X_PSID_RANGE_LIST
* or containing all
* and containing toBeSigned
* containing appPermissions
* containing items of type PsidSsp
* containing psid
* contained in the X_PSID_RANGE_LIST
* as a psid
* @see ETSI TS 103 096-2 v1.3.2 TP_SEC_ITSS_SND_CERT_20_BV
* @reference ETSI TS 103 097 [1], Clauses 6.4.28 & 5.1.2.4
testcase TC_SEC_ITSS_SND_CERT_20_BV() runs on ItsGeoNetworking system ItsSecSystem {
9914
9915
9916
9917
9918
9919
9920
9921
9922
9923
9924
9925
9926
9927
9928
9929
9930
9931
9932
9933
9934
9935
9936
// Local variables
var SequenceOfCertificate v_aa_certificate;
var SignerIdentifier v_signerIdentifier;
var GeoNetworkingInd v_geoNwInd;
// Test control
if (not(PICS_GN_SECURITY)) {
log("*** " & testcasename() & ":ERROR: 'PICS_GN_SECURITY' required for executing the TC ***");
stop;
}
// Test component configuration
f_cf01Up(); // Initialise IUT with CERT_IUT_A_AT signed with CERT_IUT_A_AA
// Test adapter configuration
// Preamble
f_prNeighbour();
log("*** " & testcasename() & ": INFO: Wait for certificate and ask for AA certificate ***");
tc_ac.start;
f_askAndWaitForCertificateChain(v_aa_certificate, f_generateDefaultCam());
f_selfOrClientSyncAndVerdictPreamble(c_prDone, e_success);
9938
9939
9940
9941
9942
9943
9944
9945
9946
9947
9948
9949
9950
9951
9952
9953
9954
9955
9956
9957
9958
// Test Body
tc_ac.start;
alt {
[] geoNetworkingPort.receive(
mw_geoNwInd(
mw_geoNwSecPdu(
mw_etsiTs103097Data_signed(
mw_signedData(
-,
mw_toBeSignedData(
mw_signedDataPayload,
mw_headerInfo_cam
),
mw_signerIdentifier_certificate( // Get the AT certificate
mw_etsiTs103097Certificate(
-,
mw_toBeSignedCertificate_at
))))))) -> value v_geoNwInd {
tc_ac.stop;
if (f_getMsgSignerIdentifier(f_getSecuredMessage(v_geoNwInd.msgIn), v_signerIdentifier)) {
var integer v_counter;
var charstring v_psid_found_aa := ";"; // Used to build the list of the Psid already processed
var template charstring v_found_pattern; // Used in regex to verify that 'v_psid' was not found before
// Check in AA certificate
if (not(ispresent(v_aa_certificate[0].toBeSigned.certIssuePermissions))) {
log("*** " & testcasename() & ": FAIL: PsidGroupPermissions required in AA certificate ***");
f_selfOrClientSyncAndVerdictTestBody(c_tbDone, e_error);
} else {
for (v_counter := 0; v_counter < lengthof(v_aa_certificate[0].toBeSigned.certIssuePermissions); v_counter := v_counter + 1) {
if (match(v_aa_certificate[0].toBeSigned.certIssuePermissions[v_counter], mw_psidGroupPermissions(mw_subjectPermissions_explicit)) == false){
break;
}
for (v_counter1 := 0; v_counter1 < lengthof(v_aa_certificate[0].toBeSigned.certIssuePermissions[v_counter].subjectPermissions.explicit); v_counter1 := v_counter1 + 1) {
v_psid := int2str(v_aa_certificate[0].toBeSigned.certIssuePermissions[v_counter].subjectPermissions.explicit[v_counter1].psid);
v_found_pattern := pattern "*({v_psid})*";
if (regexp(v_psid_found_aa, v_found_pattern, 0) == v_psid) {
break; // v_psid exist at least 2 times, uniqueness is not verified
}
v_psid_found_aa := v_psid_found_aa & v_psid & ";";
} // End of 'for' statement
if (v_counter < lengthof(v_aa_certificate[0].toBeSigned.certIssuePermissions[v_counter].subjectPermissions.explicit)) {
break;
}
} // End of 'for' statement
if (v_counter == lengthof(v_aa_certificate[0].toBeSigned.certIssuePermissions)) {
/*var charstring v_psid_found_at := ";"; // Used to build the list of the Psid already processed
for (v_counter := 0; v_counter < lengthof(v_signerIdentifier.certificate[0].toBeSigned.appPermissions); v_counter := v_counter + 1) {
v_psid := int2str(v_signerIdentifier.certificate[0].toBeSigned.appPermissions[v_counter].psid);
v_found_pattern := pattern "*({v_psid})*";
if (regexp(v_psid_found_at, v_found_pattern, 0) == v_psid) {
log("*** " & testcasename() & ": FAIL: AT certificate contains duplicated Psid ***");
break; // v_psid exist at least 2 times, uniqueness is not verified
} else if (regexp(v_psid_found_aa, v_found_pattern, 0) == v_psid) {
log("*** " & testcasename() & ": FAIL: AT certificate contains a Psid not contained in AA certificate ***");
break;
}
v_psid_found_at := v_psid_found_at & v_psid & ";";
} // End of 'for' statement
if (v_counter == lengthof(v_signerIdentifier.certificate[0].toBeSigned.appPermissions)) {